Solved Virus removal problem; Bloodhound.SONAR.1?

Hi Wst
OK, I'm going to ask noahdfear to come kill this for you.

I don't know what I'm missing, but if anyone can clean you up, he can.

Thanks
Geri

 

Sounds great, I appreciate your efforts!

 

Hi Wst
OK, Dave will be here as soon as he can.

In the mean time, You have a flash Drive infection, so lets clear that up.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

If you have any Flash drives (USB thumb drives) plug them in before doing this.

• Double-click Flash_Disinfector.exe to run it.
  Follow any prompts that may appear.
  Your desktop will vanish for a while, and then reappear. This is normal.
  Wait until the program has finished scanning, then please exit the program.

Empty this folder:

C:\WINDOWS\temp

Thanks
Geri

 

Sounds good. And did what you said, thanks!

 

Hi Wst

I'd like to use a well known tool that is widely used on XP systems (ComboFix) but has not had a lot of testing done in Vista, so therefore is not generally recommended for public use on Vista, and certainly not without guidance by someone familiar enough with it to recover from any problems that might arise. I have worked with it on several Vista machines with success. I can say with certainty that the tool is Vista compatible, and that it can clean the infection from your machine. If you are willing to proceed with it, I would first ask if you have backups of personal data, and if not, are you willing to risk losing it?

We can also proceed with manual removal, which may take longer and will require you to disable UAC. Do you know how to disable UAC?

 

Hey noahdfear. I don't mind either way. I can backup my personal data, however, do I run the risk of infecting my external hard drive? That would be my only concern. I also don't mind the manual removal, however, whatever is easier for you is fine with me. Yes, I know how to disable UAC.

 

I don't feel there is any threat of infecting the external drive if it's just personal data you're backing up. Lets run the tool, when you're ready.

Download ComboFix by sUBs from here, saving the file to your desktop.

It's best to physically disconnect your internet at this point (until the tool completes) and disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Right click combofix.exe and select 'Run as Administrator' then follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Hey, originally I got a message that said "Free implementation of REG.EXE has stopped working" and it said to close the program.... however, apparently it worked anyway. Here is the log.txt and a new HTJ:

ComboFix 07-12-20.1 - 619 2007-12-19 22:53:30.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.374 [GMT -7:00]
Running from: C:\Users\619\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-18 21:51 . 2007-12-18 21:51 <DIR> d-------- C:\Users\619\DoctorWeb
2007-12-18 18:57 . 2007-12-18 18:57 <DIR> d-------- C:\Deckard
2007-12-16 12:00 . 2007-12-16 12:00 45,056 --a------ C:\Windows\System32\Indt2.sys
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2007-12-15 11:27 . 2007-12-15 11:27 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-15 11:27 . 2007-12-15 11:27 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-15 11:27 . 2007-12-15 11:27 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-15 11:27 . 2007-12-15 11:27 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-15 11:25 . 2007-12-15 11:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-15 11:25 . 2007-12-15 11:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-15 11:25 . 2007-12-15 11:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-15 11:25 . 2007-12-15 11:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-13 12:21 . 2007-12-13 12:21 <DIR> d-------- C:\31ec84cbc60ea74306ec
2007-12-13 12:20 . 2007-12-13 12:20 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 12:20 . 2007-12-13 12:20 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 12:18 . 2007-12-13 12:18 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-13 12:11 . 2007-12-13 12:11 32,768 --a------ C:\Windows\System32\routing.exe
2007-12-11 15:57 . 2007-12-11 15:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-08 23:39 . 2007-12-13 12:10 249,856 --a------ C:\Windows\System32\ndt2.sys
2007-12-08 23:39 . 2007-12-08 23:39 40 --a------ C:\Windows\System32\drmgs.sys
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf
2007-11-24 18:42 . 2007-12-08 23:34 <DIR> d-------- C:\Users\619\AppData\Roaming\BitTorrent
2007-11-24 18:41 . 2007-11-24 18:41 <DIR> d-------- C:\Program Files\BitTorrent
2007-11-22 21:31 . 2007-11-22 21:31 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-11-22 21:31 . 2007-11-22 21:31 <DIR> d-------- C:\ProgramData\FLEXnet
2007-11-20 07:16 . 2007-11-20 07:16 1,244,672 --a------ C:\Windows\System32\mcmde.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 05:28 12,931 ----a-w C:\Users\619\AppData\Roaming\nvModes.dat
2007-12-19 18:35 --------- d-----w C:\Users\619\AppData\Roaming\SnapTeam
2007-12-19 01:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 18:28 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-15 18:26 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-15 18:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-15 18:26 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 01:51 --------- d-----w C:\ProgramData\Symantec
2007-12-05 18:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 18:35 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-05 18:35 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-05 18:35 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-05 18:35 --------- d-----w C:\Program Files\Symantec
2007-11-16 16:35 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-14 17:50 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 17:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 17:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 17:49 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 17:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 17:49 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 17:49 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 17:49 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 17:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 17:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 17:49 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 17:49 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 17:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 17:49 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 17:49 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 17:47 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 17:47 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 17:47 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 17:47 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 17:47 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 17:47 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 17:47 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 17:47 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-14 17:47 --------- d-----w C:\Program Files\Windows Mail
2007-11-08 01:04 --------- d-----w C:\ProgramData\Apple Computer
2007-11-08 01:04 --------- d-----w C:\Program Files\iTunes
2007-11-08 01:04 --------- d-----w C:\Program Files\iPod
2007-11-08 01:01 --------- d-----w C:\Program Files\QuickTime
2007-11-04 22:16 --------- d-----w C:\ProgramData\ALM
2007-11-02 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 03:56 --------- d-----w C:\Program Files\Macromedia
2007-11-02 03:56 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-11-02 03:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-02 03:52 --------- d-----w C:\Users\619\AppData\Roaming\yahoo!
2007-11-02 03:52 --------- d-----w C:\ProgramData\yahoo!
2007-10-31 02:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys
2007-10-31 02:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2007-10-31 02:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2007-10-31 02:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2007-10-31 02:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2007-10-31 02:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2007-10-31 02:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2007-10-31 02:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2007-10-29 03:46 --------- d-----w C:\Program Files\AIM6
2007-10-29 03:45 --------- d-----w C:\Program Files\Viewpoint
2007-10-29 03:44 --------- d-----w C:\ProgramData\Viewpoint
2007-10-29 03:43 --------- d-----w C:\ProgramData\AOL Downloads
2007-10-23 04:33 --------- d-----w C:\ProgramData\Macrovision
2007-10-11 14:08 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-11 14:08 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-11 14:08 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-11 14:08 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 14:05 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 14:05 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-11 14:05 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-08-29 12:48 174 --sha-w C:\Program Files\desktop.ini
2007-04-29 23:41 0 ----a-w C:\Users\619\AppData\Roaming\wklnhst.dat
2007-05-05 07:07 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-05 07:07 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-05 07:07 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35]
"Aim6 "=" " []
"Steam "= "C:\Program Files\Valve\Steam\\Steam.exe" [2007-10-31 14:34]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-29 16:27]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 23:02]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck "= "c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 06:18]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 15:33]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"HP Health Check Scheduler "= "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 10:50]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-09 12:30]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Lexmark 2200 Series "= "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" []
"NvSvc "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"UnlockerAssistant "= "C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 10:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "%WINDIR%\SMINST\launcher.exe" []

C:\Users\619\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-04-09 12:09:11]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 02:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 02:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 05:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 02:49]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 02:49]
R0 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 02:50]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 02:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 02:50]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 02:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 01:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070628.003\IDSvix86.sys [2007-05-30 14:53]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 01:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 02:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 01:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 01:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-08-28 21:03]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs []
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork []
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork []
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService []
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs []
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs []
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs []
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 01:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 01:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs []
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork []
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService []
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService []
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService []
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 02:04]
R2 perfmons;perfmons Service;C:\Windows\system32\perfs.exe [2006-11-02 02:46]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs []
R2 Routing;Routing Service;C:\Windows\system32\routing.exe [2007-12-13 12:11]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-07-11 22:27]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 01:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup []
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs []
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 01:31]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-08-28 21:03]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs []
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService []
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 02:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 02:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 01:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-07-11 22:30]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 01:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-15 11:25]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 05:34]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 00:40]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 01:44]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-15 11:25]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-15 11:25]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-07-11 22:30]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 01:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalService []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 01:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 01:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 01:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs []
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 05:36]
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 00:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 01:32]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs []
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService []
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs []
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 02:51]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService []
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork []
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService []
S3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sys [2006-11-02 05:34]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs []
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC []
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 01:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalService []
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService []
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService []
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 02:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 02:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 02:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 02:50]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 01:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService []
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc []
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc []
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService []
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs []
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService []
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted []
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 02:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 02:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 02:49]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 02:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 02:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 01:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 01:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 01:24]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 01:55]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 01:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 02:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 02:50]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 02:51]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 02:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 01:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 02:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 02:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 02:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 02:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalService []
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 02:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 02:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 02:49]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 02:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 02:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 00:36]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 02:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 02:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 02:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 02:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 02:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 02:50]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 01:55]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 01:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 02:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 01:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 02:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e402f4c-5be4-11dc-9926-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43116ed0-61f6-11dc-abab-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfba6f5-088d-11dc-8bf3-0016d3984102}]
\shell\AutoRun\command - F:\DarksUSB.exe
\shell\explore\Command - F:\DarksUSB.exe
\shell\open\Command - F:\DarksUSB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfba707-088d-11dc-8bf3-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c09dad67-03c3-11dc-9432-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 03:00:10 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - 619.job "
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2007-12-20 05:55:25 C:\Windows\Tasks\User_Feed_Synchronization-{FC4F7B37-C8B1-4C40-A901-D4038626FB82}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 22:56:26
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 22:57:05
.
2007-12-19 14:57:26 --- E O F ---

 

=====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:34 PM, on 12/19/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10539 bytes

 

We may end up doing this manually after all. Lets see what happens. Turn UAC off until after ComboFix has run, then make sure to re-enable it. Again, shut down realtime protections as well.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Windows\System32\Indt2.sys
C:\Windows\System32\ndt2.sys
C:\Windows\System32\drmgs.sys
Driver::
perfmons
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfba6f5-088d-11dc-8bf3-0016d3984102}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please let me know if you see that same reg.exe message again.

 

Thanks, I tried it again. I got the same prompt, and again after clicking Close Program, it continued and gave me the disclaimer and option choices. Guess it still didn't work though.

 

So did you choose to continue, and did ComboFix run? Please see if there is a new C:\ComboFix.txt file. You will know if it's new by going to the bottom of the log and looking at the line above EOF. It will be similar to below.

C:\ComboFix2.txt ... 12/20/2007 03:50 PM
.
--- E O F ---


If it's as above, please post it's contents.

Is there a C:\ComboFix folder present? If so, please right click the swreg.cfexe file and select properties. Click the version tab and let me know what version it is.

 

Sorry no folder.

Here's a new log though:

ComboFix 07-12-20.1 - 619 2007-12-20 19:56:13.3 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.375 [GMT -7:00]
Running from: C:\Users\619\Desktop\ComboFix.exe
Command switches used :: C:\Users\619\Desktop\CFScript.txt

FILE
C:\Windows\System32\drmgs.sys
C:\Windows\System32\Indt2.sys
C:\Windows\System32\ndt2.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\drmgs.sys
C:\Windows\System32\Indt2.sys
C:\Windows\System32\ndt2.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\perfmons


((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 00:37 . 2007-12-20 10:09 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-20 00:37 . 2007-12-20 00:37 1,409 --a------ C:\Windows\QTFont.for
2007-12-18 21:51 . 2007-12-18 21:51 <DIR> d-------- C:\Users\619\DoctorWeb
2007-12-18 18:57 . 2007-12-18 18:57 <DIR> d-------- C:\Deckard
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2007-12-15 11:27 . 2007-12-15 11:27 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-15 11:27 . 2007-12-15 11:27 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-15 11:27 . 2007-12-15 11:27 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-15 11:27 . 2007-12-15 11:27 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-15 11:25 . 2007-12-15 11:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-15 11:25 . 2007-12-15 11:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-15 11:25 . 2007-12-15 11:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-15 11:25 . 2007-12-15 11:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-13 12:21 . 2007-12-13 12:21 <DIR> d-------- C:\31ec84cbc60ea74306ec
2007-12-13 12:20 . 2007-12-13 12:20 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 12:20 . 2007-12-13 12:20 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 12:18 . 2007-12-13 12:18 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-13 12:11 . 2007-12-13 12:11 32,768 --a------ C:\Windows\System32\routing.exe
2007-12-11 15:57 . 2007-12-11 15:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf
2007-11-24 18:42 . 2007-12-08 23:34 <DIR> d-------- C:\Users\619\AppData\Roaming\BitTorrent
2007-11-24 18:41 . 2007-11-24 18:41 <DIR> d-------- C:\Program Files\BitTorrent
2007-11-22 21:31 . 2007-11-22 21:31 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-11-22 21:31 . 2007-11-22 21:31 <DIR> d-------- C:\ProgramData\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 02:51 12,931 ----a-w C:\Users\619\AppData\Roaming\nvModes.dat
2007-12-19 18:35 --------- d-----w C:\Users\619\AppData\Roaming\SnapTeam
2007-12-19 01:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 18:28 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-15 18:26 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-15 18:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-15 18:26 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 01:51 --------- d-----w C:\ProgramData\Symantec
2007-12-05 18:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 18:35 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-05 18:35 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-05 18:35 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-05 18:35 --------- d-----w C:\Program Files\Symantec
2007-11-20 14:16 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-16 16:35 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-14 17:50 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 17:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 17:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 17:49 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 17:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 17:49 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 17:49 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 17:49 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 17:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 17:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 17:49 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 17:49 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 17:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 17:49 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 17:49 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 17:47 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 17:47 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 17:47 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 17:47 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 17:47 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 17:47 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 17:47 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 17:47 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-14 17:47 --------- d-----w C:\Program Files\Windows Mail
2007-11-08 01:04 --------- d-----w C:\ProgramData\Apple Computer
2007-11-08 01:04 --------- d-----w C:\Program Files\iTunes
2007-11-08 01:04 --------- d-----w C:\Program Files\iPod
2007-11-08 01:01 --------- d-----w C:\Program Files\QuickTime
2007-11-04 22:16 --------- d-----w C:\ProgramData\ALM
2007-11-02 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 03:56 --------- d-----w C:\Program Files\Macromedia
2007-11-02 03:56 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-11-02 03:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-02 03:52 --------- d-----w C:\Users\619\AppData\Roaming\yahoo!
2007-11-02 03:52 --------- d-----w C:\ProgramData\yahoo!
2007-10-31 02:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys
2007-10-31 02:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2007-10-31 02:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2007-10-31 02:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2007-10-31 02:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2007-10-31 02:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2007-10-31 02:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2007-10-31 02:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2007-10-29 03:46 --------- d-----w C:\Program Files\AIM6
2007-10-29 03:45 --------- d-----w C:\Program Files\Viewpoint
2007-10-29 03:44 --------- d-----w C:\ProgramData\Viewpoint
2007-10-29 03:43 --------- d-----w C:\ProgramData\AOL Downloads
2007-10-23 04:33 --------- d-----w C:\ProgramData\Macrovision
2007-10-11 14:08 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-11 14:08 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-11 14:08 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-11 14:08 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 14:05 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 14:05 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-11 14:05 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-08-29 12:48 174 --sha-w C:\Program Files\desktop.ini
2007-04-29 23:41 0 ----a-w C:\Users\619\AppData\Roaming\wklnhst.dat
2007-05-05 07:07 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-05 07:07 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-05 07:07 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-19_22.56.35.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-20 05:49:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-12-21 03:00:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-03-13 17:57:10 163,328 ----a-w C:\Windows\ERDNT\subs\ERDNT.EXE
- 2007-12-20 05:51:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-21 03:01:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-12-20 05:51:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-21 03:01:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-12-20 05:56:00 950,272 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-21 00:44:23 950,272 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-19 15:21:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007121920071220\index.dat
+ 2007-12-20 06:01:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007121920071220\index.dat
+ 2007-12-20 08:23:41 1,310,720 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ANLFLQ3\D208_320X240conair[1].dat
- 2007-12-20 05:56:00 540,672 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 00:44:23 540,672 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 05:56:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-21 00:44:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-20 05:53:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-12-21 02:54:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-12-20 05:56:14 104,868 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-12-20 17:54:41 104,868 ----a-w C:\Windows\System32\perfc009.dat
- 2007-12-20 05:56:14 621,552 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-12-20 17:54:41 621,552 ----a-w C:\Windows\System32\perfh009.dat
- 2007-12-20 05:51:42 14,622 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2160530960-446676545-4245964045-1000_UserData.bin
+ 2007-12-20 17:13:36 14,646 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2160530960-446676545-4245964045-1000_UserData.bin
- 2007-12-20 05:51:41 64,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-20 17:13:36 64,582 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-12-20 05:51:40 47,844 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-20 17:13:34 48,080 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35]
"Aim6 "=" " []
"Steam "= "C:\Program Files\Valve\Steam\\Steam.exe" [2007-10-31 14:34]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-29 16:27]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 23:02]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck "= "c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 06:18]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 15:33]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"HP Health Check Scheduler "= "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 10:50]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-09 12:30]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Lexmark 2200 Series "= "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" []
"NvSvc "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"UnlockerAssistant "= "C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 10:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "%WINDIR%\SMINST\launcher.exe" []

C:\Users\619\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-04-09 12:09:11]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 02:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 02:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 05:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 02:49]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 02:49]
R0 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 02:50]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 02:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 02:50]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 02:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 01:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070628.003\IDSvix86.sys [2007-05-30 14:53]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 01:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 02:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 01:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 01:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-08-28 21:03]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs []
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork []
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork []
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService []
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs []
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs []
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 01:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 01:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs []
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork []
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService []
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService []
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService []
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 02:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs []
R2 Routing;Routing Service;C:\Windows\system32\routing.exe [2007-12-13 12:11]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-07-11 22:27]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 01:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup []
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs []
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 01:31]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-08-28 21:03]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs []
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService []
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 02:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 02:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 01:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-07-11 22:30]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 01:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-15 11:25]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 05:34]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 00:40]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 01:44]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-15 11:25]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-15 11:25]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-07-11 22:30]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 01:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
S2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 01:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 01:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 01:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs []
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 05:36]
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 00:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 01:32]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs []
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService []
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs []
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 02:51]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService []
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork []
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService []
S3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sys [2006-11-02 05:34]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs []
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC []
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 01:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalService []
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService []
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService []
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 02:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 02:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 02:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 02:50]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 01:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService []
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc []
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc []
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService []
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs []
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalService []
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService []
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted []
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 02:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 02:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 02:49]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 02:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 02:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 01:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 01:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 01:24]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 01:55]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 01:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 02:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 02:50]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 02:51]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 02:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 01:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 02:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 02:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 02:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 02:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalService []
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 02:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 02:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 02:49]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 02:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 02:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 00:36]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 02:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 02:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 02:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 02:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 02:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 02:50]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 01:55]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 01:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 02:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 01:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 02:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e402f4c-5be4-11dc-9926-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43116ed0-61f6-11dc-abab-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfba707-088d-11dc-8bf3-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c09dad67-03c3-11dc-9432-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 03:00:10 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - 619.job "
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2007-12-21 02:55:09 C:\Windows\Tasks\User_Feed_Synchronization-{FC4F7B37-C8B1-4C40-A901-D4038626FB82}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 20:02:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.EXE [6.00.6000.16549]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2007-12-20 20:03:35 - machine was rebooted [619]
C:\ComboFix2.txt ... 2007-12-19 22:57
.
2007-12-19 14:57:26 --- E O F ---

 

Run this under the same conditions as before. If ComboFix stops at the disclaimer, leave it sit for a minute. Navigate to the C:\ComboFix folder and check the version of swreg.cfexe for me, then close out of everything and allow it to continue.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Windows\System32\routing.exe
Driver::
Routing

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Don't forget to re-enable UAC when done! Let me know if the sounds have stopped and how the computer is running. Also let me know if the Security Center is running.

 

Hey, sorry can you map out these steps for this go-around one more time?

Run this under the same conditions as before. If ComboFix stops at the disclaimer, leave it sit for a minute. Navigate to the C:\ComboFix folder and check the version of swreg.cfexe for me, then close out of everything and allow it to continue.

I think I follow you but just want to make sure I do it right. I'm confused as to whether I'm dragging that file or just running as admin, etc. Sorry about that. Thanks for your patience.

 

No problem By under the same conditions, I meant to first disable UAC and applicable realtime protections. You will then drag-n-drop CFScript.txt

 

Hey I tried out what you said.

There was no version tab under properties, just General Security and Details.

Also when the log was supposed to appear, it said it could not be found and asked if I would like to create a new file. I clicked Yes and it was blank. However, the log was where it said it would be @ ComboFix.txt. Here is the log:

ComboFix 07-12-20.1 - 619 2007-12-20 22:17:18.4 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.432 [GMT -7:00]
Running from: C:\Users\619\Desktop\ComboFix.exe
Command switches used :: C:\Users\619\Desktop\CFScript.txt

FILE
C:\Windows\System32\routing.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\routing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\Routing


((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 00:37 . 2007-12-20 22:07 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-20 00:37 . 2007-12-20 00:37 1,409 --a------ C:\Windows\QTFont.for
2007-12-18 21:51 . 2007-12-18 21:51 <DIR> d-------- C:\Users\619\DoctorWeb
2007-12-18 18:57 . 2007-12-18 18:57 <DIR> d-------- C:\Deckard
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2007-12-15 12:44 . 2007-12-15 12:44 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2007-12-15 11:27 . 2007-12-15 11:27 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-15 11:27 . 2007-12-15 11:27 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-15 11:27 . 2007-12-15 11:27 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-15 11:27 . 2007-12-15 11:27 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-15 11:25 . 2007-12-15 11:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-15 11:25 . 2007-12-15 11:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-15 11:25 . 2007-12-15 11:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-15 11:25 . 2007-12-15 11:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-13 12:21 . 2007-12-13 12:21 <DIR> d-------- C:\31ec84cbc60ea74306ec
2007-12-13 12:20 . 2007-12-13 12:20 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 12:20 . 2007-12-13 12:20 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 12:18 . 2007-12-13 12:18 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-11 15:57 . 2007-12-11 15:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf
2007-11-24 18:42 . 2007-12-08 23:34 <DIR> d-------- C:\Users\619\AppData\Roaming\BitTorrent
2007-11-24 18:41 . 2007-11-24 18:41 <DIR> d-------- C:\Program Files\BitTorrent
2007-11-22 21:31 . 2007-11-22 21:31 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-11-22 21:31 . 2007-11-22 21:31 <DIR> d-------- C:\ProgramData\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 05:07 12,931 ----a-w C:\Users\619\AppData\Roaming\nvModes.dat
2007-12-19 18:35 --------- d-----w C:\Users\619\AppData\Roaming\SnapTeam
2007-12-19 01:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 18:28 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-15 18:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-11 01:51 --------- d-----w C:\ProgramData\Symantec
2007-12-05 18:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 18:35 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-05 18:35 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-05 18:35 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-05 18:35 --------- d-----w C:\Program Files\Symantec
2007-11-16 16:35 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-14 17:49 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 17:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 17:49 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 17:49 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 17:49 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 17:49 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 17:47 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 17:47 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 17:47 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 17:47 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 17:47 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 17:47 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-14 17:47 --------- d-----w C:\Program Files\Windows Mail
2007-11-08 01:04 --------- d-----w C:\ProgramData\Apple Computer
2007-11-08 01:04 --------- d-----w C:\Program Files\iTunes
2007-11-08 01:04 --------- d-----w C:\Program Files\iPod
2007-11-08 01:01 --------- d-----w C:\Program Files\QuickTime
2007-11-04 22:16 --------- d-----w C:\ProgramData\ALM
2007-11-02 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 03:56 --------- d-----w C:\Program Files\Macromedia
2007-11-02 03:56 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-11-02 03:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-02 03:52 --------- d-----w C:\Users\619\AppData\Roaming\yahoo!
2007-11-02 03:52 --------- d-----w C:\ProgramData\yahoo!
2007-10-31 02:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys
2007-10-31 02:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2007-10-31 02:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2007-10-31 02:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2007-10-31 02:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2007-10-31 02:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2007-10-31 02:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2007-10-31 02:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2007-10-29 03:46 --------- d-----w C:\Program Files\AIM6
2007-10-29 03:45 --------- d-----w C:\Program Files\Viewpoint
2007-10-29 03:44 --------- d-----w C:\ProgramData\Viewpoint
2007-10-29 03:43 --------- d-----w C:\ProgramData\AOL Downloads
2007-10-23 04:33 --------- d-----w C:\ProgramData\Macrovision
2007-08-29 12:48 174 --sha-w C:\Program Files\desktop.ini
2007-04-29 23:41 0 ----a-w C:\Users\619\AppData\Roaming\wklnhst.dat
2007-05-05 07:07 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-05 07:07 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-05 07:07 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-19_22.56.35.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-20 05:49:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-12-21 05:22:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-03-13 17:57:10 163,328 ----a-w C:\Windows\ERDNT\subs\ERDNT.EXE
- 2007-12-20 05:51:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-21 05:22:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-12-20 05:51:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-21 05:22:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-12-20 05:56:00 950,272 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-21 05:11:49 950,272 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-19 15:21:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007121920071220\index.dat
+ 2007-12-20 06:01:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007121920071220\index.dat
+ 2007-12-20 08:23:41 1,310,720 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ANLFLQ3\D208_320X240conair[1].dat
- 2007-12-20 05:56:00 540,672 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 05:11:49 540,672 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 05:56:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-21 05:11:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-20 05:53:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-12-21 02:54:45 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-12-20 05:56:14 104,868 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-12-21 05:11:06 104,868 ----a-w C:\Windows\System32\perfc009.dat
- 2007-12-20 05:56:14 621,552 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-12-21 05:11:06 621,552 ----a-w C:\Windows\System32\perfh009.dat
- 2007-12-20 05:51:42 14,622 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2160530960-446676545-4245964045-1000_UserData.bin
+ 2007-12-21 05:08:39 14,948 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2160530960-446676545-4245964045-1000_UserData.bin
- 2007-12-20 05:51:41 64,416 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-21 05:08:38 64,606 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-12-20 05:51:40 47,844 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-21 05:08:36 48,096 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35]
"Aim6 "=" " []
"Steam "= "C:\Program Files\Valve\Steam\\Steam.exe" [2007-10-31 14:34]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-29 16:27]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 23:02]
"ccApp "= "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck "= "c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 06:18]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 15:33]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"HP Health Check Scheduler "= "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 10:50]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-09 12:30]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Lexmark 2200 Series "= "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" []
"NvSvc "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter "= "RUNDLL32.exe" [2006-11-02 02:45 C:\Windows\System32\rundll32.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"UnlockerAssistant "= "C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 10:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "%WINDIR%\SMINST\launcher.exe" []

C:\Users\619\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-04-09 12:09:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 02:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 02:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 05:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 02:49]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 02:49]
R0 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 02:50]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 02:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 02:50]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 02:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 01:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070628.003\IDSvix86.sys [2007-05-30 14:53]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 01:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 02:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 01:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 01:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-08-28 21:03]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe -k netsvcs []
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork []
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork []
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe -k LocalService []
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe -k netsvcs []
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe -k netsvcs []
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 01:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 01:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe -k netsvcs []
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork []
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService []
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService []
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe -k LocalService []
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 02:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe -k netsvcs []
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-07-11 22:27]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 01:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup []
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 01:31]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-08-28 21:03]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs []
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe -k LocalService []
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 02:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 02:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 01:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-07-11 22:30]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 01:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-15 11:25]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 05:34]
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 00:40]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 01:44]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-15 11:25]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-15 11:25]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-07-11 22:30]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 01:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted []
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe -k LocalService []
S2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService []
S3 Appinfo;Application Information;C:\Windows\system32\svchost.exe -k netsvcs []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 01:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 01:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 01:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe -k netsvcs []
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 05:36]
S3 dot3svc;Wired AutoConfig;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 00:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 01:32]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs []
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted []
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService []
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe -k netsvcs []
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 02:51]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService []
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork []
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted []
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe -k LocalService []
S3 QWAVEdrv;QWAVE driver;C:\Windows\system32\drivers\qwavedrv.sys [2006-11-02 05:34]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe -k netsvcs []
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe -k SDRSVC []
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe -k netsvcs []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 01:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe -k LocalService []
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalService []
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe -k LocalService []
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 02:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 02:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 02:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 02:50]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 01:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalService []
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe -k wcssvc []
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k wdisvc []
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe -k NetworkService []
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs []
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService []
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted []
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 02:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 02:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2006-11-02 02:49]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 02:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 02:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 01:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 01:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 01:24]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 01:55]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 01:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 02:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 02:50]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 02:51]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 02:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 01:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 02:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 02:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 02:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 02:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe -k LocalService []
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 02:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 02:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2006-11-02 02:49]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 02:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 02:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 00:36]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 02:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 02:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 02:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 02:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 02:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 02:50]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 01:55]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 01:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 02:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 01:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 02:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e402f4c-5be4-11dc-9926-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43116ed0-61f6-11dc-abab-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfba707-088d-11dc-8bf3-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c09dad67-03c3-11dc-9432-0016d3984102}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 03:00:10 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - 619.job "
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2007-12-21 05:25:08 C:\Windows\Tasks\User_Feed_Synchronization-{FC4F7B37-C8B1-4C40-A901-D4038626FB82}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 22:23:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.EXE [6.00.6000.16549]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2007-12-20 22:25:42 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-20 20:03
C:\ComboFix3.txt ... 2007-12-19 22:57
.
2007-12-19 14:57:26 --- E O F ---

=====

Do you think this worked?

 

The services have been removed, and so have the files .... so yes, it worked. Please zip up the C:\qoobox folder and upload it to my submission channel. Leave a link back to this topic.

You did re-enable UAC? How's your computer performing? Is the Security Center running? Have the random sounds from nowhere stopped? Any other issues?

 

I re-enabled UAC and everything else I could. Computer is performing fine however the Security Center is not running and it will not let me turn it back on. I even tried after another restart. Any ideas? I'll go ahead and do what you requested, but I'm assuming something went wrong so I'll wait to see what you say.

 

I suspected as much with the Security Center. First need to once again disable UAC. Then, open the Services Console (Start>Run and type services.msc then hit enter) and double click on the Security Center service entry to open it's properties. Verify the Service name on the General tab is wscsvc. Select the Logon tab. Select the box under Log on as: 'This account'. Enter the following bolded line (you can copy and paste it)

NT Authority\LocalService

Press tab key twice so that the Password field is selected (highlighted) then press backspace once to create an empty password.
Press tab key again to select the Confirm Password field and again press backspace to create an empty password.
Click Apply.

You may be prompted that the LocalService account has been given permission ...... click OK and OK out of the properties dialog. Close the Services console and reboot. Check to see that the Security Center service starts and re-enable UAC.