ndt2.sys and andt.sys [Malware Problem] (HJT Log included)

iakona724 · 2008/02/18

I keep getting these error messages:

This one usually pops up when I start my computer and occasionally through out the day as I use it.

This one is kind of sporadic and I don't see it as often as the ndt2.sys

I've read that these are rootkits associated with malware
None of my antivirus/antispyware/malware/etc. programs have picked it up.

Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:03 PM, on 2/18/2008
Platform: Windows Vista SP1, v.744 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17128)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\Users\Administrator\AppData\Local\HumanizedEnso\Enso.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Texter\texter.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Program Files\McAfee\MQC\QcConsol.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.askredir.com/search/cfg_...A97B6DF&url=http://www.ask.com/&l=dis&o=13010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/search/cfg_...url=http://www.ask.com/web&q=%s&l=dis&o=13010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HumanizedEnso] C:\Users\Administrator\AppData\Local\HumanizedEnso\Enso.exe --disable-monologue-boxes
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85B1C10-D622-46A5-8DAC-11CA2968884A}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

--
End of file - 14280 bytes

noahdfear · 2008/02/20

Welcome to WindowsBBS iakona724

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

iakona724 · 2008/02/21

Thanks!

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-21 06:33:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
17: 2008-02-21 04:33:19 UTC - RP550 - Install AnyDVD
16: 2008-02-21 04:29:50 UTC - RP548 - Remove AnyDVD
15: 2008-02-21 04:15:34 UTC - RP546 - Install AnyDVD
14: 2008-02-20 10:46:53 UTC - RP544 - Windows Update
13: 2008-02-19 16:50:24 UTC - RP543 - Scheduled Checkpoint

-- First Restore Point --
1: 2008-02-13 23:53:31 UTC - RP527 - Remove AnyDVD

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:44 AM, on 2/21/2008
Platform: Windows Vista SP1, v.744 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17128)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
C:\Program Files\Texter\texter.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Users\Administrator\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.askredir.com/search/cfg_...A97B6DF&url=http://www.ask.com/&l=dis&o=13010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/search/cfg_...url=http://www.ask.com/web&q=%s&l=dis&o=13010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85B1C10-D622-46A5-8DAC-11CA2968884A}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

--
End of file - 14283 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe ",7
.js - jsfile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ElRawDisk - \??\c:\windows\system32\drivers\elrawdsk.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo BrantÃ©n); filedisk (based on original work by Bo BrantÃ©n)>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 ip_fw (ipfw kernel-mode driver) - c:\windows\system32\drivers\ip_fw.sys <Not Verified; WIPFW Project.; WIPFW Firewall>

S3 DualCoreCenter - \??\c:\program files\msi\dualcorecenter\ntglm7x.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ipfw (ipfw_helper) - c:\program files\wipfw\bin\ipfw.exe
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
R2 Routing (Routing Service) - c:\windows\system32\routing.exe

S2 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-21 06:35:00 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{27922E0A-56BD-44D1-A632-96F5C5CE59D8}.job
2008-02-18 14:02:25 350 --a------ C:\Windows\Tasks\McDefragTask.job
2008-02-08 17:16:38 392 --a------ C:\Windows\Tasks\1-Click Maintenance.job
2008-02-07 11:00:38 358 --a------ C:\Windows\Tasks\McQcTask.job

-- Files created between 2008-01-21 and 2008-02-21 -----------------------------

2008-02-19 20:30:21 0 d-------- C:\Program Files\WordFlashReader
2008-02-18 22:27:21 0 dr-h----- C:\MSOCache
2008-02-17 01:17:13 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-02-17 01:17:02 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo BrantÃ©n); filedisk (based on original work by Bo BrantÃ©n)>
2008-02-17 01:16:47 24064 --a------ C:\Windows\system32\smrgdf.exe
2008-02-17 01:16:47 32768 --a------ C:\Windows\system32\iolobtdfg.exe <IOLOBT~1.EXE>
2008-02-17 00:46:33 0 d-------- C:\Windows\system32\system32
2008-02-17 00:46:13 0 d-------- C:\Program Files\hpHosts
2008-02-17 00:16:15 0 d-------- C:\Program Files\Trend Micro
2008-02-17 00:16:12 0 d-------- C:\Program Files\SpywareBlaster
2008-02-17 00:11:17 691545 --a------ C:\Windows\unins000.exe
2008-02-17 00:11:17 3455 --a------ C:\Windows\unins000.dat
2008-02-16 10:21:46 265728 --a------ C:\Windows\system32\andt.sys
2008-02-13 18:34:35 0 d-------- C:\ConverterOutput
2008-02-13 18:30:57 348160 --a------ C:\Windows\system32\cdga.dll <Not Verified; ; Cucusoft Audio Transparent Filter>
2008-02-13 18:30:57 14909 --a------ C:\Windows\system32\A_reg.reg
2008-02-13 18:30:56 364544 --a------ C:\Windows\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>
2008-02-13 18:30:55 0 d-------- C:\Program Files\Cucusoft
2008-02-13 18:28:14 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-11 05:50:17 31744 --a------ C:\Windows\system32\routing.exe
2008-02-10 09:15:54 0 d-------- C:\Program Files\Azureus
2008-02-07 19:06:30 28672 --a------ C:\Windows\system32\regclass.dll <Not Verified; 6XGate Systems, Inc.; Registry Access Classes>
2008-02-01 15:48:52 0 d-------- C:\Program Files\MKVtoolnix
2008-01-31 05:51:52 45056 --a------ C:\Windows\system32\Indt2.sys <Not Verified; a; Microsoft Internet Explor>
2008-01-28 16:16:27 0 d-------- C:\Program Files\iLyrics
2008-01-27 20:13:01 0 d-------- C:\Program Files\Subliminal Mind
2008-01-21 15:57:47 0 d-------- C:\Program Files\DVD Decrypter

-- Find3M Report ---------------------------------------------------------------

2008-02-20 23:55:19 12 --a------ C:\Windows\bthservsdp.dat
2008-02-20 23:15:57 0 d-------- C:\Program Files\SlySoft
2008-02-18 15:11:55 0 d-------- C:\Program Files\MagicISO
2008-02-18 06:34:18 0 d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Azureus
2008-02-17 01:16:41 0 d-------- C:\Program Files\iolo
2008-02-17 01:14:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-17 00:58:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 00:52:34 0 d-------- C:\Program Files\Opera
2008-02-16 09:49:41 0 d-------- C:\Program Files\McAfee
2008-02-08 19:21:59 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-03 23:54:50 0 d-------- C:\Program Files\WinSCP
2008-02-01 23:16:39 0 d-------- C:\Program Files\JetAudio
2008-01-29 23:40:42 0 d-------- C:\Program Files\Bonjour
2008-01-29 23:35:08 0 d-------- C:\Program Files\Sony
2008-01-29 23:29:26 0 d-------- C:\Program Files\Yahoo!
2008-01-16 06:16:45 174 --ahs---- C:\Program Files\desktop.ini
2008-01-16 06:09:16 0 d-------- C:\Program Files\Windows Sidebar
2008-01-16 06:09:16 0 d-------- C:\Program Files\Windows Calendar
2008-01-16 06:09:15 0 d-------- C:\Program Files\Movie Maker
2008-01-16 06:09:13 0 d-------- C:\Program Files\Windows Mail
2008-01-16 06:09:10 0 d-------- C:\Program Files\Windows Journal
2008-01-16 06:09:09 0 d-------- C:\Program Files\Windows Photo Gallery
2008-01-16 06:09:00 0 d-------- C:\Program Files\Windows Defender
2008-01-15 23:48:35 0 d-------- C:\Program Files\iTunes
2008-01-15 23:48:24 0 d-------- C:\Program Files\iPod
2008-01-15 23:18:58 0 d-------- C:\Program Files\QuickTime <QUICKT~1>
2008-01-13 23:54:33 0 d-------- C:\Program Files\Sibelius Software
2007-12-27 16:56:26 0 d-------- C:\Program Files\TrackMania Nations ESWC
2007-12-27 13:10:33 0 d-------- C:\Program Files\Red Kawa
2007-12-26 01:48:58 0 d-------- C:\Program Files\Common Files
2007-12-26 01:48:58 0 d-------- C:\Program Files\Common Files\Oberon Media
2007-12-26 01:48:57 0 d-------- C:\Program Files\Oberon Media
2007-12-25 19:42:58 0 d-------- C:\Program Files\Common Files\Logishrd
2007-12-25 19:42:39 0 d-------- C:\Program Files\Common Files\Logitech
2007-12-25 10:16:19 0 d-------- C:\Program Files\Logitech
2007-12-24 09:45:57 253440 --a------ C:\Windows\system32\ndt2.sys
2007-12-24 01:27:11 0 d-------- C:\Program Files\Xilisoft
2007-12-24 00:54:10 0 d-------- C:\Program Files\Handbrake
2007-12-23 13:10:22 0 d-------- C:\Program Files\palmOne
2007-12-23 00:37:27 0 d-------- C:\Program Files\Common Files\Nero
2007-12-22 01:20:44 0 d-------- C:\Program Files\PrinterAnywhere
2007-12-22 01:15:51 0 d-------- C:\Program Files\Google
2007-12-22 01:08:14 0 d-------- C:\Program Files\Torrent Episode Downloader
2007-12-22 01:06:28 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2007-12-22 01:06:09 0 d-------- C:\Program Files\MediaCell Video Converter
2007-12-22 01:02:47 0 d-------- C:\Program Files\ElephantDrive
2007-12-22 01:00:42 0 d-------- C:\Program Files\AppSnap
2007-12-22 01:00:21 0 d-------- C:\Program Files\Aire Freshener 2.0
2007-12-22 00:39:24 0 d-------- C:\Program Files\MaxiVista MirrorPro Server
2007-12-19 06:13:22 947 --a------ C:\Windows\mozver.dat
2007-12-12 15:40:52 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-12 15:40:52 36864 --a------ C:\Windows\system32\SPReview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@ "=" " []
"MBkLogOnHook "= "C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 10:22 AM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 04:48 PM]
"WinSys2 "= "C:\Windows\system32\startup.exe" [06/01/2006 12:21 PM]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [01/02/2008 02:36 AM]
"RtHDVCpl "= "RtHDVCpl.exe" [12/05/2007 11:31 AM C:\Windows\RtHDVCpl.exe]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"itype "= "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 04:08 PM]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/05/2007 02:52 PM]
"DellNSCST "= "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" [05/17/2005 06:00 PM]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [09/21/2007 03:10 AM C:\Windows\KHALMNPR.Exe]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/25/2007 11:03 PM]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [10/04/2007 05:14 PM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"iolo Startup "= "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [02/11/2008 05:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/02/2008 02:31 AM]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/02/2008 02:32 AM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [01/02/2008 02:31 AM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SMRequiresRestart "=

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Texter.lnk - C:\Program Files\Texter\texter.exe [11/6/2007 6:20:14 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/25/2007 7:42:29 PM]
WFPUser.lnk - C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe [6/13/2006 4:43:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"NoDispCPL "=0 (0x0)
"NoDispBackgroundPage "=0 (0x0)
"NoDispSettingsPage "=0 (0x0)
"NoDispScrSavPage "=0 (0x0)
"DisableRegistryTools "=0 (0x0)
"EnableUIADesktopToggle "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction "=2 (0x2)
"DontDisplayLogonHoursWarnings "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "=0 (0x0)
"NoPropertiesMyComputer "=0 (0x0)
"NoViewContextMenu "=0 (0x0)
"NoFileAssociate "=0 (0x0)
"NoFind "=0 (0x0)
"NoRun "=0 (0x0)
"NoClose "=0 (0x0)
"StartMenuLogoff "=0 (0x0)
"NoSMHelp "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory "=0 (0x0)
"ClearRecentDocsOnExit "=0 (0x0)
"HideClock "=0 (0x0)
"NoTrayItemsDisplay "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 12/25/2007 10:59 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"JMB36X IDE Setup "=C:\Windows\RaidTool\xInsIDE.exe
"McAfee Backup "=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
"NvSvc "=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon "=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter "=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\autorun.exe
setup\command- K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8ecd7a6-ad55-11dc-9d3b-00508d9fceb9}]
AutoRun\command- E:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0181c2d-41f1-11dc-9c4f-00508d9fceb9}]
AutoRun\command- E:\CD_Start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost
127.0.0.1 005.free-counter.co.uk
127.0.0.1 006.free-counter.co.uk
127.0.0.1 007.free-counter.co.uk
127.0.0.1 007guard.com
127.0.0.1 008.free-counter.co.uk
127.0.0.1 00fun.com
127.0.0.1 00hq.com
127.0.0.1 00inkjets.com
127.0.0.1 00pro.com

53056 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-21 06:42:35 ------------

noahdfear · 2008/02/23

Download ComboFix by sUBs from here, saving the file to your desktop.

It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Right click combofix.exe and select 'Run as Administrator', then follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

iakona724 · 2008/02/23

For some reason I keep getting the error message:

Access Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks.
Click to expand...

Could this be because I'm using a registry edit that actually gives me a higher authority level than an administrator?

noahdfear · 2008/02/23

You did right click ComboFix.exe and select 'Run as Administrator'?

Could you elaborate on the reg tweak?

iakona724 · 2008/02/23

It's actually not a registry edit... Here's the link: http://www.howtogeek.com/howto/wind...idden-administrator-account-on-windows-vista/

I'm pretty sure that's what I did. Also, to even run Combofix.exe, I had to run it in Windows XP SP2 compatibility mode. Then when it goes through everything the access denied message pops up occasionally in the cmd window. Finally when it gets to the part where it says it will restart the computer, all it does is shutdown windows.exe, and my computer is left with just my background showing and I have to manually reboot. When I load windows back up an log in, Combofix.exe resumes, but it quickly comes to the Access Denied message in the cmd window and doesn't continue after that. Also, my regular startup programs load. Even when I close all of them down, it still doesn't work. I don't know if it actually did anything, but here's my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19, on 2008-02-23
Platform: Windows Vista SP1, v.744 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17128)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Texter\texter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.askredir.com/search/cfg_...A97B6DF&url=http://www.ask.com/&l=dis&o=13010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/search/cfg_...url=http://www.ask.com/web&q=%s&l=dis&o=13010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe "
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85B1C10-D622-46A5-8DAC-11CA2968884A}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\WIPFW\bin\ipfw.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 14255 bytes

noahdfear · 2008/02/23

Please see if there is a log named ComboFix.txt in C: and post it if present. Also, if the folder C:\Qoobox is present, see if there is a file named ComboFix-quarantined-files.txt and post it as well.

BTW, did you read this on the page you linked to?

Note: You really shouldn't use this account for anything other than troubleshooting. In fact, you probably shouldn't use it at all.
Click to expand...

Do you understand the reason behind that warning? Your computer is infected with things it shouldn't be and normally wouldn't be because of the elevated privledges, or better put, the lack of restricted privledges. Add P2P file sharing apps like uTorrent into the mix and you've also provided an avenue for infection.

Did you check the link I provided for disabling realtime protections, and did you disable both McAfee and Spybot's TeaTimer prior to running ComboFix? I see now that you also have AVG installed and active. You should not have 2 active antivirus apps. Recommend you uninstall 1 of them.

iakona724 · 2008/02/23

I didn't realize the hazards of doing this...my friend had recommended it to me and I just did it without actually reading through the whole process. It's the only accound on my computer at the moment, so I guess I'll have to create a new [regular] admin accoutn and try to transfer all of my stuff over...I understand the risks with P2P clients and I've been fairly careful to only download from private communities. I installed lots and lots of different type of anti-virus/anti-spyware, etc. because of recommendations of many people in an attempt to cleanse my computer. I did fin ComboFix.txtm but I was unable to find ComboFix-quarantined-files.txt

Here's ComboFix.txt:
ComboFix 08-02-23 - Administrator 2008-02-23 2:07:18.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1115 [GMT -5:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
---- Previous Run -------
.
C:\Program Files\internet explorer\svchost.exe
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MFEHIDK01

-------\LEGACY_MFEHIDK01

-------\LEGACY_MFEHIDK01

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 13:55 . 2008-02-22 13:55 193 --a------ C:\Windows\System32\'
2008-02-22 13:52 . 2004-06-26 13:22 6,016 --a------ C:\Windows\System32\drivers\vnccom.SYS
2008-02-22 13:49 . 2008-02-22 14:17 <DIR> d-------- C:\Program Files\UltraVNC
2008-02-22 13:49 . 2005-06-10 22:02 12,800 --a------ C:\Windows\System32\vncdrv.dll
2008-02-22 13:49 . 2004-06-26 13:21 5,760 --a------ C:\Windows\System32\vnchelp.dll
2008-02-22 13:49 . 2004-06-26 13:22 4,736 --a------ C:\Windows\System32\drivers\vncdrv.sys
2008-02-21 22:03 . 2008-02-22 15:39 <DIR> d-------- C:\Program Files\TightVNC
2008-02-21 06:33 . 2008-02-21 06:33 <DIR> d-------- C:\Deckard
2008-02-19 20:30 . 2008-02-19 23:25 <DIR> d-------- C:\Program Files\WordFlashReader
2008-02-18 22:27 . 2008-02-18 22:27 <DIR> dr-h----- C:\MSOCache
2008-02-17 01:17 . 2007-09-20 13:12 12,800 --a------ C:\Windows\System32\elrawdsk.sys
2008-02-17 01:17 . 2006-07-24 17:51 9,341 --a------ C:\Windows\System32\drivers\filedisk.sys
2008-02-17 01:16 . 2008-02-13 16:06 437,096 --a------ C:\Windows\System32\Incinerator.dll
2008-02-17 01:16 . 2008-02-05 17:18 32,768 --a------ C:\Windows\System32\iolobtdfg.exe
2008-02-17 01:16 . 2008-02-05 17:18 24,064 --a------ C:\Windows\System32\smrgdf.exe
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-02-17 00:46 . 2008-02-17 00:46 <DIR> d-------- C:\Windows\System32\system32\drivers
2008-02-17 00:46 . 2008-02-17 00:46 <DIR> d-------- C:\Windows\System32\system32
2008-02-17 00:46 . 2008-02-17 00:46 <DIR> d-------- C:\Program Files\hpHosts
2008-02-17 00:16 . 2008-02-17 00:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 00:16 . 2008-02-17 00:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-17 00:11 . 2008-02-17 00:10 691,545 --a------ C:\Windows\unins000.exe
2008-02-17 00:11 . 2008-02-17 00:11 3,455 --a------ C:\Windows\unins000.dat
2008-02-16 10:21 . 2008-02-18 12:01 265,728 --a------ C:\Windows\System32\andt.sys
2008-02-13 18:34 . 2008-02-13 18:34 <DIR> d-------- C:\ConverterOutput
2008-02-13 18:30 . 2008-02-13 18:30 <DIR> d-------- C:\Program Files\Cucusoft
2008-02-13 18:30 . 2004-01-16 15:50 516,096 --a------ C:\Windows\System32\CLVSDS.ax
2008-02-13 18:30 . 2008-02-03 21:26 364,544 --a------ C:\Windows\System32\cdg.dll
2008-02-13 18:30 . 2006-09-27 17:46 348,160 --a------ C:\Windows\System32\cdga.dll
2008-02-13 18:30 . 2006-07-08 04:07 114,688 --a------ C:\Windows\System32\PropListCtrl.ocx
2008-02-13 18:30 . 2006-07-17 21:42 14,909 --a------ C:\Windows\System32\A_reg.reg

noahdfear · 2008/02/23

Click Start>Run and type cmd then hit enter to open a command window. Type or paste the following bolded line into the window and hit enter, after first disabling realtime protections.

C:\Users\Administrator\Desktop\ComboFix.exe

Let me know if CF runs through to completion and post the new Combofix.txt log.

iakona724 · 2008/02/23

For some reason ComboFix.exe never seems to work properly, I kept getting that Access Denied message, but the process continued anyway. When it said it would restart, it just shutdown windows.exe and hung there for ~12 minutes, so I decided to run windows.exe by using the run command from the Windows Task Manager. Then from there I did a restart. Once my computer restarted, I logged in and ComboFix.exe started up again and finished the process. It took ~5 minutes and then log.txt popped up. It looks exactly the same as the ComboFix.txt file, but here's the ComboFix.txt report:

ComboFix 08-02-23.2 - Administrator 2008-02-23 13:50:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.927 [GMT -5:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
---- Previous Run -------
.
C:\Program Files\internet explorer\svchost.exe
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MFEHIDK01

-------\LEGACY_MFEHIDK01

-------\LEGACY_MFEHIDK01

-------\LEGACY_MFEHIDK01

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 13:55 . 2008-02-22 13:55 193 --a------ C:\Windows\System32\'
2008-02-22 13:52 . 2004-06-26 13:22 6,016 --a------ C:\Windows\System32\drivers\vnccom.SYS
2008-02-22 13:49 . 2008-02-22 14:17 <DIR> d-------- C:\Program Files\UltraVNC
2008-02-22 13:49 . 2005-06-10 22:02 12,800 --a------ C:\Windows\System32\vncdrv.dll
2008-02-22 13:49 . 2004-06-26 13:21 5,760 --a------ C:\Windows\System32\vnchelp.dll
2008-02-22 13:49 . 2004-06-26 13:22 4,736 --a------ C:\Windows\System32\drivers\vncdrv.sys
2008-02-21 22:03 . 2008-02-22 15:39 <DIR> d-------- C:\Program Files\TightVNC
2008-02-21 06:33 . 2008-02-21 06:33 <DIR> d-------- C:\Deckard
2008-02-19 20:30 . 2008-02-19 23:25 <DIR> d-------- C:\Program Files\WordFlashReader
2008-02-18 22:27 . 2008-02-18 22:27 <DIR> dr-h----- C:\MSOCache
2008-02-17 01:17 . 2007-09-20 13:12 12,800 --a------ C:\Windows\System32\elrawdsk.sys
2008-02-17 01:17 . 2006-07-24 17:51 9,341 --a------ C:\Windows\System32\drivers\filedisk.sys
2008-02-17 01:16 . 2008-02-13 16:06 437,096 --a------ C:\Windows\System32\Incinerator.dll
2008-02-17 01:16 . 2008-02-05 17:18 32,768 --a------ C:\Windows\System32\iolobtdfg.exe
2008-02-17 01:16 . 2008-02-05 17:18 24,064 --a------ C:\Windows\System32\smrgdf.exe
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-02-17 01:07 . 2008-02-17 01:07 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-02-17 00:46 . 2008-02-17 00:46 <DIR> d-------- C:\Windows\System32\system32\drivers
2008-02-17 00:46 . 2008-02-17 00:46 <DIR> d-------- C:\Windows\System32\system32
2008-02-17 00:46 . 2008-02-17 00:46 <DIR> d-------- C:\Program Files\hpHosts
2008-02-17 00:16 . 2008-02-17 00:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 00:16 . 2008-02-17 00:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-17 00:11 . 2008-02-17 00:10 691,545 --a------ C:\Windows\unins000.exe
2008-02-17 00:11 . 2008-02-17 00:11 3,455 --a------ C:\Windows\unins000.dat
2008-02-16 10:21 . 2008-02-18 12:01 265,728 --a------ C:\Windows\System32\andt.sys
2008-02-13 18:34 . 2008-02-13 18:34 <DIR> d-------- C:\ConverterOutput
2008-02-13 18:30 . 2008-02-13 18:30 <DIR> d-------- C:\Program Files\Cucusoft
2008-02-13 18:30 . 2004-01-16 15:50 516,096 --a------ C:\Windows\System32\CLVSDS.ax
2008-02-13 18:30 . 2008-02-03 21:26 364,544 --a------ C:\Windows\System32\cdg.dll
2008-02-13 18:30 . 2006-09-27 17:46 348,160 --a------ C:\Windows\System32\cdga.dll
2008-02-13 18:30 . 2006-07-08 04:07 114,688 --a------ C:\Windows\System32\PropListCtrl.ocx
2008-02-13 18:30 . 2006-07-17 21:42 14,909 --a------ C:\Windows\System32\A_reg.reg
2008-02-13 18:28 . 2008-02-23 12:00 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-11 05:50 . 2008-02-11 05:50 31,744 --a------ C:\Windows\System32\routing.exe
2008-02-10 09:16 . 2008-02-10 09:16 <DIR> d-------- C:\Users\All Users\Azureus
2008-02-10 09:16 . 2008-02-10 09:16 <DIR> d-------- C:\PROGRA~2\Azureus
2008-02-10 09:16 . 2008-02-18 06:34 <DIR> d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Azureus
2008-02-10 09:15 . 2008-02-10 09:15 <DIR> d-------- C:\Users\ReleaseEngineer.MACROVISION\Temp
2008-02-10 09:15 . 2008-02-10 09:17 <DIR> d-------- C:\Program Files\Azureus
2008-02-07 19:06 . 2005-01-18 21:15 28,672 --a------ C:\Windows\System32\regclass.dll
2008-02-05 14:06 . 2008-02-05 14:06 97,216 --a------ C:\Windows\System32\drivers\AnyDVD.sys
2008-02-01 15:48 . 2008-02-18 00:37 <DIR> d-------- C:\Program Files\MKVtoolnix
2008-01-31 05:51 . 2008-01-31 05:51 45,056 --a------ C:\Windows\System32\Indt2.sys
2008-01-29 23:26 . 2008-01-29 23:26 329 --a------ C:\Windows\wininit.ini
2008-01-28 16:16 . 2008-01-28 16:16 <DIR> d-------- C:\Program Files\iLyrics
2008-01-27 20:13 . 2008-01-27 20:13 <DIR> d-------- C:\Program Files\Subliminal Mind
2008-01-25 08:46 . 2008-01-25 08:46 106,496 --a------ C:\Windows\System32\drivers\Rtlh86.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 18:35 --------- d-----w C:\PROGRA~2\WFP
2008-02-21 04:15 --------- d-----w C:\Program Files\SlySoft
2008-02-18 20:11 --------- d-----w C:\Program Files\MagicISO
2008-02-18 05:41 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-02-17 06:16 --------- d-----w C:\Program Files\iolo
2008-02-17 06:16 --------- d-----w C:\PROGRA~2\iolo
2008-02-17 06:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-17 05:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 05:52 --------- d-----w C:\Program Files\Opera
2008-02-17 05:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-16 14:49 --------- d-----w C:\Program Files\McAfee
2008-02-09 16:37 --------- d-----w C:\PROGRA~2\NVIDIA
2008-02-09 00:21 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-04 04:54 --------- d-----w C:\Program Files\WinSCP
2008-02-02 04:16 --------- d-----w C:\Program Files\JetAudio
2008-01-30 04:40 --------- d-----w C:\Program Files\Bonjour
2008-01-30 04:35 --------- d-----w C:\Program Files\Sony
2008-01-30 04:29 --------- d-----w C:\Program Files\Yahoo!
2008-01-30 04:28 --------- d-----w C:\PROGRA~2\Lavasoft
2008-01-30 04:27 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-21 20:58 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-16 11:16 174 --sha-w C:\Program Files\desktop.ini
2008-01-16 11:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-16 11:09 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-01-16 11:09 --------- d-----w C:\Program Files\Windows Mail
2008-01-16 11:09 --------- d-----w C:\Program Files\Windows Journal
2008-01-16 11:09 --------- d-----w C:\Program Files\Windows Defender
2008-01-16 11:09 --------- d-----w C:\Program Files\Windows Calendar
2008-01-16 10:38 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-01-16 10:38 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-01-16 04:48 --------- d-----w C:\Program Files\iTunes
2008-01-16 04:48 --------- d-----w C:\Program Files\iPod
2008-01-16 04:18 --------- d-----w C:\Program Files\QuickTime
2008-01-14 21:58 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-01-14 04:54 --------- d-----w C:\Program Files\Sibelius Software
2008-01-02 07:42 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-02 07:42 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-02 07:41 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-02 07:41 58,936 ----a-w C:\Windows\system32\drivers\fileinfo.sys
2008-01-02 07:41 57,400 ----a-w C:\Windows\system32\drivers\mountmgr.sys
2008-01-02 07:41 55,864 ----a-w C:\Windows\system32\drivers\partmgr.sys
2008-01-02 07:41 55,352 ----a-w C:\Windows\system32\drivers\disk.sys
2008-01-02 07:41 54,328 ----a-w C:\Windows\system32\drivers\termdd.sys
2008-01-02 07:41 52,792 ----a-w C:\Windows\system32\drivers\volmgr.sys
2008-01-02 07:41 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-02 07:41 49,720 ----a-w C:\Windows\system32\drivers\mup.sys
2008-01-02 07:41 100,920 ----a-w C:\Windows\system32\drivers\FWPKCLNT.SYS
2008-01-02 07:39 891,448 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-02 07:38 192,056 ----a-w C:\Windows\system32\drivers\fltMgr.sys
2008-01-02 07:38 181,304 ----a-w C:\Windows\system32\drivers\msiscsi.sys
2008-01-02 07:38 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-02 07:38 163,384 ----a-w C:\Windows\system32\drivers\msrpc.sys
2008-01-02 07:38 151,096 ----a-w C:\Windows\system32\drivers\pci.sys
2008-01-02 07:38 142,904 ----a-w C:\Windows\system32\drivers\scsiport.sys
2008-01-02 07:38 142,904 ----a-w C:\Windows\system32\drivers\ecache.sys
2008-01-02 07:38 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-02 07:38 127,544 ----a-w C:\Windows\system32\drivers\Classpnp.sys
2008-01-02 07:38 123,960 ----a-w C:\Windows\system32\drivers\Storport.sys
2008-01-02 07:38 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-02 07:37 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-02 07:37 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-02 07:37 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-02 07:36 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-02 07:36 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-02 07:35 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-02 07:35 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-02 07:33 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-02 07:32 978,432 ----a-w C:\Windows\System32\drmv2clt.dll
2008-01-02 07:31 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-02 07:30 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-02 07:30 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-02 07:29 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-02 07:29 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-02 07:28 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-02 07:27 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-02 07:27 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-02 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-02 07:01 93,696 ----a-w C:\Windows\system32\drivers\bridge.sys
2008-01-02 06:58 130,048 ----a-w C:\Windows\system32\drivers\drmk.sys
2008-01-02 06:33 18,944 ----a-w C:\Windows\system32\drivers\usbprint.sys
2008-01-02 06:32 35,328 ----a-w C:\Windows\system32\drivers\usbscan.sys
2008-01-02 06:26 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-02 06:25 39,936 ----a-w C:\Windows\system32\drivers\WpdUsb.sys
2008-01-02 06:23 181,248 ----a-w C:\Windows\system32\drivers\rdpwd.sys
2008-01-02 06:23 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-02 06:22 6,144 ----a-w C:\Windows\system32\drivers\RDPENCDD.sys
2008-01-02 06:22 6,144 ----a-w C:\Windows\system32\drivers\RDPCDD.sys
2008-01-02 06:22 29,184 ----a-w C:\Windows\system32\drivers\tdtcp.sys
2008-01-02 06:22 23,040 ----a-w C:\Windows\system32\drivers\tssecsrv.sys
2008-01-02 06:22 17,408 ----a-w C:\Windows\system32\drivers\tdpipe.sys
2008-01-02 06:22 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-02 06:19 8,192 ----a-w C:\Windows\system32\drivers\rootmdm.sys
2008-01-02 06:19 76,288 ----a-w C:\Windows\system32\drivers\rasl2tp.sys
2008-01-02 06:19 69,120 ----a-w C:\Windows\system32\drivers\rassstp.sys
2008-01-02 06:19 62,976 ----a-w C:\Windows\system32\drivers\raspptp.sys
2008-01-02 06:19 62,464 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-02 06:19 41,472 ----a-w C:\Windows\system32\drivers\raspppoe.sys
2008-01-02 06:19 31,744 ----a-w C:\Windows\system32\drivers\modem.sys
2008-01-02 06:19 273,920 ----a-w C:\Windows\system32\drivers\afd.sys
2008-01-02 06:19 20,992 ----a-w C:\Windows\system32\drivers\tdi.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-02 02:31 1233920]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-02 02:32 202240]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-02 02:31 125952]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook "= "C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 10:22 20480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232]
"WinSys2 "= "C:\Windows\system32\startup.exe" [2006-06-01 12:21 53248]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-02 02:36 1008184]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-12-05 11:31 4710400 C:\Windows\RtHDVCpl.exe]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"itype "= "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08 813912]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 14:52 849280]
"DellNSCST "= "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" [2005-05-17 18:00 278528]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 23:03 579072]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-10-04 17:14 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-10-04 17:14 8497696]
"iolo Startup "= "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [2008-02-11 17:35 302448]
"WinVNC "= "C:\Program Files\TightVNC\WinVNC.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 22:58 219136]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Texter.lnk - C:\Program Files\Texter\texter.exe [2007-11-06 18:20:14 377303]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 19:42:29 784912]
WFPUser.lnk - C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe [2006-06-13 16:43:38 76336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction "= 2 (0x2)
"DontDisplayLogonHoursWarnings "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 0 (0x0)
"NoFileAssociate "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-25 22:59 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"JMB36X IDE Setup "=C:\Windows\RaidTool\xInsIDE.exe
"McAfee Backup "=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
"NvSvc "=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"NvCplDaemon "=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter "=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe "= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0F056905-0F80-4F08-839B-DABCC2529AAE}C:\program files\utorrent\utorrent.exe "= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"UDP Query User{5A6085AF-7145-4925-ABBF-D4CAA20348E7}C:\program files\utorrent\utorrent.exe "= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"TCP Query User{66CA39FE-725B-4D72-B8E7-CBB70C6EFB7F}C:\program files\america's army\system\armyops.exe "= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps|Desc=ArmyOps
"UDP Query User{FDF937C3-5473-492A-8C55-2FA053A788A4}C:\program files\america's army\system\armyops.exe "= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps|Desc=ArmyOps
"{9F5E08B9-5852-47F0-87D5-E7E5F50C7487} "= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent
"{3F7DFCC8-B0DC-44EA-8737-5A8CE33D9D3C} "= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{19F696E3-B29E-4E9D-93ED-9F747CEF5E1B} "= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2D14288D-49D2-4153-910C-AF2607BA909D} "= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{E84909BE-9D6F-47BD-8EE6-5DC6CD6D0623} "= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{C8C24935-6B80-46CC-A7B8-B8DB0EBE08F2} "= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{7A757E15-107D-4566-8957-E9F18E723078} "= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{11AEAAC2-B15E-4EA9-B45A-E6178E862A5C} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B9B55B3D-D0F1-4A83-90B9-29B903CD6715} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{52344182-7F1D-4C3B-B01B-324EB8848E6E} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CE55F2C-E366-4DBC-BC7B-5A5433ADB3E2} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D7FB1EE2-2359-485C-92D9-E6FF443BC922} "= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{804C707B-FDE2-424C-8BCD-7B1E9CFAB95C} "= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2C87F6AC-1044-46E7-9AC9-478F4104B744} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7BD20CA1-92B5-4AEB-82F6-48E7B6444781} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{70CE5266-E27B-4E5A-8ECD-C0EA39814DED} "= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{309A50B1-3053-46C6-91F3-3ABC98D94FB3} "= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{6C5B28AE-571A-46F0-890A-0A725A46B4A7} "= UDP:17537:BitComet 17537 TCP
"{950FA415-26AF-43CF-A911-C44571262223} "= TCP:17537:BitComet 17537 UDP
"{17F0857E-E17C-4B21-B867-6D93585A40B8} "= Disabled:UDP:C:\Program Files\Joost\xulrunner\tvprunner.exe:tvprunner
"{76B96216-485D-4AE4-AB76-6EFD8978B9BF} "= Disabled:TCP:C:\Program Files\Joost\xulrunner\tvprunner.exe:tvprunner
"{48A7B564-68F3-4BCF-A9A0-1D21BB45B347} "= UDP:3703:Adobe Version Cue CS3 Server
"{90DC03FF-72E0-4ACB-AE25-50A06F1BF57D} "= UDP:3704:Adobe Version Cue CS3 Server
"{53927297-3C84-4A3E-AC70-7E513692F870} "= UDP:50900:Adobe Version Cue CS3 Server
"{14A4D37B-8E51-4314-A40C-17EC9FFBB0E6} "= UDP:50901:Adobe Version Cue CS3 Server
"{0336301B-34B4-4152-941B-ED9D7CD684AC} "= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{EF36ACBB-18F1-4A1C-AF4A-5A590C246C40} "= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{77319296-C066-409C-A188-CF475D45D0CD} "= UDP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{5E8556B9-6ABF-40CB-99ED-2C80D0EC2381} "= TCP:C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:Media Manager for PSP 2.5
"{E5B70D9D-B905-4A88-9F9E-A1905D79F385} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6679447F-EF26-4B55-BF46-72637C5AF774} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{66B07EAD-64C3-4D88-B500-A14CD97F2F2F} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6CEFCE1F-A672-4A61-A170-A611A68B4C4B} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe "= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 13:12]
R1 UGURU;UGURU;C:\Windows\system32\drivers\uGuru.sys [2006-10-01 15:10]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-08-15 19:08]
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-11-22 14:02]
R2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
R3 ip_fw;ipfw kernel-mode driver;C:\Windows\system32\DRIVERS\ip_fw.sys [2007-02-13 12:29]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 08:46]
R3 vncdrv;vncdrv;C:\Windows\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-08-19 17:50]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-08-19 17:50]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-19 17:50]
S3 DualCoreCenter;DualCoreCenter;C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2007-01-22 12:58]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-07-20 05:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\autorun.exe
\shell\setup\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8ecd7a6-ad55-11dc-9d3b-00508d9fceb9}]
\shell\AutoRun\command - E:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0181c2d-41f1-11dc-9c4f-00508d9fceb9}]
\shell\AutoRun\command - E:\CD_Start.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 14:13:32
Windows 6.0.6001 Service Pack 1, v.744 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 14:19:27
ComboFix-quarantined-files.txt 2008-02-23 19:19:23
.
2008-02-22 05:59:40 --- E O F ---

*****I found the ComboFix-quarantined-files.txt this time*********
Here it is:
2008-01-25 13:54 25088 --a------ C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\svchost.exe.vir
2008-02-23 13:56 1064 --a------ C:\Qoobox\Quarantine\catchme.log
2008-02-23 13:56 880 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_MFEHIDK01.reg.dat

noahdfear · 2008/02/23

You've mentioned windows.exe several times now. Did you mean explorer.exe, or are you definitely referring to windows.exe?

Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

iakona724 · 2008/02/23

Wow, that was the first program that actually picked stuff up. Where do you find all these nifty little programs?? I've never heard of any of them, yet they work so well!

MBAM log:
Malwarebytes' Anti-Malware 1.05
Database version: 400

Scan type: Quick Scan
Objects scanned: 28445
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
c:\program files\WIPFW\bin\ipfw.exe (Rogue.VsSpy) -> Unloaded process successfully.
C:\Windows\System32\routing.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Windows\System32\perfs.exe (Trojan.Downloader) -> Failed to unload process.
C:\Windows\System32\Indt2.sys (Rootkit.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ipfw (Rogue.VsSpy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ipfw (Rogue.VsSpy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipfw (Rogue.VsSpy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\WIPFW\bin\ipfw.exe (Rogue.VsSpy) -> Quarantined and deleted successfully.
C:\Windows\System32\ipfw.exe (Rogue.VsSpy) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\ip_fw.sys (Rogue.VsSpy) -> Quarantined and deleted successfully.
C:\Windows\System32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\perfs.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\Indt2.sys (Rootkit.Agent) -> Delete on reboot.

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:47 AM, on 2/24/2008
Platform: Windows Vista SP1, v.744 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17128)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Texter\texter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.askredir.com/search/cfg_...A97B6DF&url=http://www.ask.com/&l=dis&o=13010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/search/cfg_...url=http://www.ask.com/web&q=%s&l=dis&o=13010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe "
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85B1C10-D622-46A5-8DAC-11CA2968884A}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 13828 bytes

noahdfear · 2008/02/24

Where do you find all these nifty little programs??
Click to expand...

Being involved in malware removal, we learn of these tools before there is much public awareness.

Scan again with HijackThis and place a check next to the followig entries, close all other windows then click Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.askredir.com/search/cfg_r...&l=dis&o=13010 << this is OK to leave if you set Ask.com as your start page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/search/cfg_r...&l=dis&o=13010 << this is OK to leave if you set Ask.com as your search provider
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe

Now, check for the file C:\Windows\system32\startup.exe and delete it if present.

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now create a new HijackThis log and post it here.

iakona724 · 2008/02/24

I made all the changes in HJT and I deleted the startup.exe, but for some reason in ATF Cleaner, prefetch was gray and had "(disabled)" next to it. I tried re-rerunning as administrator and it still didn't allow me to select it...

Here's a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:19 AM, on 2/24/2008
Platform: Windows Vista SP1, v.744 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17128)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Texter\texter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe "
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.54.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85B1C10-D622-46A5-8DAC-11CA2968884A}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 12947 bytes

noahdfear · 2008/02/24

Prefetch was my bad ..... I forgot to edit that out from my XP instructions.

Log looks good. Now, I again recommend you uninstall 1 of the antivirus programs. They can and likely will conflict with each other at some point, which could result in any of several scenarios, which may include but is not limited to, system performance degradation, false positive virus detections, antivirus program failure to function.

You also need to update your Java. Using Add/Remove Programs in the Control Panel, remove all Java and/or JRE installations. Reboot when done. Then, go to Sun and download then install the Java Runtime Environment (JRE) 6 Update 4.

Delete ComboFix.exe, the C:\ComboFix folder if present, the C:\Qoobox folder if present, and the C:\Deckard folder.

Now lets see if Kaspersky is Vista compatible yet. Please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here and let me know how your computer is behaving.

iakona724 · 2008/02/24

It's fairly late (2AM) and I should be getting to bed, I'll let it scan overnight and post a log in the morning. Thanks for the help!

What would you recommend to use as anti-virus/anti-malware/etc. protection? I'm willing to spend up to $80 on software...

noahdfear · 2008/02/24

eTrust still gets my vote.

iakona724 · 2008/02/24

Wow, really? I've never actually heard of it, you'd recommend that over Norton and Kaspersky? Do you use that for everything? (Ex: I could then delete ad-aware, spybot, mcafee, system mechanic, spyware blaster, HJT, and AVG?)

P.S. I didn't realize I had all of that security software on my computer...

iakona724 · 2008/02/24

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 24, 2008 10:25:02 AM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1, v.744 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/02/2008
Kaspersky Anti-Virus database records: 577703
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 307914
Number of viruses found: 5
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 03:17:08

Infected Object Name / Virus Name / Last Action
C:\Program Files\Nero\Nero8\Nero BackItUp\BIUA45E.txt Object is locked skipped
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{4F6F8108-61F9-4DFE-8DFE-106B18F29255}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{78C693F6-A5B9-4C49-8244-80F55219ADD7}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFRA82D.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f675560427b99dade0253d1469825cf_29bbb211-037e-4581-b46c-370a80e4d785 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_29bbb211-037e-4581-b46c-370a80e4d785 Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf767F.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf7680.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Administrator\AppData\Local\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Users\Administrator\AppData\Local\AOL OCP\AIM\Storage\data\blengrow\localStorage\common.cls Object is locked skipped
C:\Users\Administrator\AppData\Local\AOL OCP\AIM\Storage\data\iakona724\localStorage\common.cls Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022420080225\index.dat Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{c737d2b9-b050-11dc-af03-00508d9fceb9}.TM.blf Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{c737d2b9-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{c737d2b9-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Administrator\AppData\Local\Temp\~DFB0A6.tmp Object is locked skipped
C:\Users\Administrator\AppData\LocalLow\Google\Google Gears for Internet Explorer\localserver.db Object is locked skipped
C:\Users\Administrator\AppData\Roaming\acccore\nss\cert8.db Object is locked skipped
C:\Users\Administrator\AppData\Roaming\acccore\nss\key3.db Object is locked skipped
C:\Users\Administrator\AppData\Roaming\iolo\SystemAnalyzer.log Object is locked skipped
C:\Users\Administrator\AppData\Roaming\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Administrator\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Administrator\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Users\Administrator\NTUSER.DAT Object is locked skipped
C:\Users\Administrator\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Administrator\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Administrator\NTUSER.DAT{c737d2b7-b050-11dc-af03-00508d9fceb9}.TM.blf Object is locked skipped
C:\Users\Administrator\NTUSER.DAT{c737d2b7-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Administrator\NTUSER.DAT{c737d2b7-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\SDEB81FB5.tmp Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{c80c4a9e-4ac5-11dc-ba37-00508d9fceb9}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{c80c4a9e-4ac5-11dc-ba37-00508d9fceb9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{c80c4a9e-4ac5-11dc-ba37-00508d9fceb9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{c737d2b5-b050-11dc-af03-00508d9fceb9}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{c737d2b5-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{c737d2b5-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{c737d2b3-b050-11dc-af03-00508d9fceb9}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{c737d2b3-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{c737d2b3-b050-11dc-af03-00508d9fceb9}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\andt.sys Infected: Trojan-Downloader.Win32.Delf.eux skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{512faed7-dd94-11dc-ac3e-806e6f6e6963}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{512faed7-dd94-11dc-ac3e-806e6f6e6963}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{512faed7-dd94-11dc-ac3e-806e6f6e6963}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{512faed7-dd94-11dc-ac3e-806e6f6e6963}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\msspa.exe Infected: Trojan-Downloader.Win32.Delf.czg skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fb_1284.lck Object is locked skipped
C:\Windows\Temp\fb_276.lck Object is locked skipped
C:\Windows\Temp\mcafee_69WGyglDJo5rn5Y Object is locked skipped
C:\Windows\Temp\mcmsc_7xPnaqKgSU9emmJ Object is locked skipped
C:\Windows\Temp\mcmsc_cESm2ObR6dYQivP Object is locked skipped
C:\Windows\Temp\mcmsc_cJhG6ZZ47sYjgJ7 Object is locked skipped
C:\Windows\Temp\mcmsc_iXoXbGQbwXMF6kj Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

P.S. I have a bootleg copy of Nero 8

Log in or Sign up

ndt2.sys and andt.sys [Malware Problem] (HJT Log included)

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

iakona724 Inactive Thread Starter

Share This Page

Log in or Sign up

ndt2.sys and andt.sys [Malware Problem] (HJT Log included)

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

noahdfear Inactive

iakona724 Inactive Thread Starter

iakona724 Inactive Thread Starter

Share This Page

Useful Searches