Solved IE keeps popping up

[Resolved] IE keeps popping up

I let someone use my computer they installed Cain and able. I think so first IE kept popping up then. My firefox stopes working on websites thats had to log in to. When ie pops up it displays some spyware remover website but when I let ICT load all the way my desktop disapears.... Idk what to do as I let time go on it gets worse I tried restoring to a past time but it just comes back. I dont have any spybot or adaware because I only have ie an it won't let me download anthing... Please help

 

Welcome to WindowsBBS hrjr12

Please read this topic, install the latest version of Hijackthis, run a scan and save the log (you can close it for now). Then, download and run Deckard's System Scanner and post BOTH the main.txt and extra.txt logs. You may be required to put them in separate posts due to character count limitations.

Let me know if you're unable to get those downloads.

 

BBS Logs

Thanks for speedy reply soory for mines...
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-08 11:09:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
68: 2008-06-08 15:52:32 UTC - RP429 - Deckard's System Scanner Restore Point
67: 2008-06-05 04:48:31 UTC - RP428 - Installed Ad-Aware
66: 2008-06-05 03:19:43 UTC - RP427 - Restore Operation
65: 2008-06-04 07:59:38 UTC - RP426 - System Checkpoint
64: 2008-06-03 00:49:28 UTC - RP425 - Restore Operation


-- First Restore Point --
1: 2008-05-28 22:58:52 UTC - RP362 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:12 AM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\administrator.REGENT\Local Settings\Temporary Internet Files\Content.IE5\G2XHFF75\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1stregentmtg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: targetedbanner browser optimizer - {1f4cedb9-2995-5fb4-d673-2cc6c697716d} - C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll
O2 - BHO: {8dbc27fc-7a76-0e49-7ae4-edb0424888a4} - {4a888424-0bde-4ea7-94e0-67a7cf72cbd8} - C:\WINDOWS\system32\gdlucmxt.dll
O2 - BHO: (no name) - {64FB3AE0-3693-466D-8AC1-64B665586AE1} - C:\WINDOWS\system32\awtsTNhI.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\rqRJbBrq.dll
O3 - Toolbar: CommuniKateVirtualPBX Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [{53-31-14-40-DW}] c:\windows\system32\jnwnw64o.exe DWramFF
O4 - HKLM\..\Run: [{720e77cd-b75c-9c86-ac87-243712b52bfd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntokdm.exe DWramFF
O4 - HKLM\..\Run: [a89531ef] rundll32.exe "C:\WINDOWS\system32\rxbpweiq.dll ",b
O4 - HKLM\..\Run: [BMaba60273] Rundll32.exe "C:\WINDOWS\system32\muyhcnpj.dll ",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntokdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64o.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O4 - Global Startup: Wireless Sync Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKateVirtualPBX Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKateVirtualPBX Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1stregentmtg.com
O15 - Trusted Zone: http://*.hp.com (HKLM)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://71.239.208.66:100/RemoteWeb.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://71.239.208.66:100/VideoViewer.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www22.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = regent.local
O17 - HKLM\Software\..\Telephony: DomainName = regent.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = regent.local
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: rqRJbBrq - C:\WINDOWS\SYSTEM32\rqRJbBrq.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 16684 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 dmloadd - c:\windows\system32\drivers\dmloadd.sys
R1 RCFOX (SonicWALL IPsec Driver) - c:\windows\system32\drivers\rcfox.sys <Not Verified; SonicWALL, Inc.; RCFOX IPSec Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>
S3 TnIDriver - c:\documents and settings\kareem broughton\local settings\temp\tni19.tmp


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R3 RampartSvc (SonicWall VPN Client Service) - c:\program files\sonicwall\sonicwall global vpn client\rampartsvc.exe <Not Verified; SonicWALL, Inc.; RampartSvc Module>

S2 Abel - c:\program files\cain\abel.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-08 10:58:50 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-31 16:17:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 10:51:01 0 d-------- C:\Program Files\Trend Micro
2008-06-04 23:48:57 0 d-------- C:\Program Files\Lavasoft
2008-06-04 23:48:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 23:47:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 23:17:41 0 d-------- C:\Documents and Settings\administrator.REGENT\Contacts
2008-06-04 23:17:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-04 23:17:08 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSN6
2008-06-04 23:15:22 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-06-04 23:12:00 0 d-------- C:\Program Files\Microsoft Picture It! 9
2008-06-04 23:10:08 0 d-------- C:\Program Files\Design Science
2008-06-04 22:34:17 2560 --a------ C:\WINDOWS\system32\kepxseyi.exe
2008-06-04 22:31:18 97280 --a------ C:\WINDOWS\system32\rxbpweiq.dll
2008-06-04 22:29:06 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSNInstaller
2008-06-04 22:16:36 0 d-------- C:\WINDOWS\system32\Cache
2008-06-04 22:12:28 0 d-------- C:\WINDOWS\Cain
2008-06-04 22:10:26 0 d-------- C:\WINDOWS\system32\rev3
2008-06-04 20:58:29 114688 --a------ C:\WINDOWS\system32\gdlucmxt.dll
2008-06-04 20:52:34 2560 --a------ C:\WINDOWS\system32\tbgoepnt.exe
2008-06-04 19:16:28 103424 --a------ C:\WINDOWS\system32\muyhcnpj.dll
2008-06-03 19:27:47 114688 --a------ C:\WINDOWS\system32\sarnytat.dll
2008-06-03 19:24:48 2560 --a------ C:\WINDOWS\system32\ggmftaqt.exe
2008-06-03 19:15:48 103424 --a------ C:\WINDOWS\system32\esveephc.dll
2008-06-02 19:58:38 0 d-------- C:\Inetpub
2008-06-02 19:15:50 2560 --a------ C:\WINDOWS\system32\eyxdfkcy.exe
2008-06-02 19:15:42 89088 --a------ C:\WINDOWS\system32\oprqmoce.dll
2008-06-02 19:14:04 114688 --a------ C:\WINDOWS\system32\brdqeenf.dll
2008-06-02 19:13:31 103424 --a------ C:\WINDOWS\system32\enwehwcd.dll
2008-06-02 18:17:20 69632 --a------ C:\WINDOWS\system32\pmnoLbcD.dll
2008-06-01 21:08:42 861546 --ahs---- C:\WINDOWS\system32\iSuENqru.ini2
2008-05-30 00:13:39 668 --ahs---- C:\WINDOWS\system32\hjRYGfii.ini2
2008-05-30 00:04:57 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-29 23:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 21:42:19 0 d-------- C:\WINDOWS\pss
2008-05-29 21:41:30 0 d-------- C:\Program Files\SpywareGuard
2008-05-28 18:00:36 3145728 --a------ C:\Documents and Settings\administrator.REGENT\ntuser.dat
2008-05-28 18:00:27 253952 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-05-28 17:58:38 743745 --ahs---- C:\WINDOWS\system32\IhNTstwa.ini2
2008-05-28 17:58:29 275456 --a------ C:\WINDOWS\system32\awtsTNhI.dll
2008-05-28 17:57:29 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-28 17:55:56 28160 --a------ C:\WINDOWS\system32\khfFYRkK.dll
2008-05-28 17:54:44 401972 --a------ C:\WINDOWS\system32\g15.exe
2008-05-28 17:54:23 0 --a------ C:\WINDOWS\system32\jnwnw64o.exe
2008-05-28 17:50:19 0 --a------ C:\WINDOWS\system32\ncntokdm.exe
2008-05-28 17:50:11 37376 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-05-28 17:50:08 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-28 17:49:32 49156 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-05-28 17:49:28 86144 --a------ C:\WINDOWS\system32\drivers\dmloadd.sys
2008-05-28 17:49:26 0 d-------- C:\WINDOWS\system32\pb2
2008-05-28 17:49:25 0 d-------- C:\WINDOWS\system32\bTMP
2008-05-28 17:49:25 0 d-------- C:\WINDOWS\system32\1026c
2008-05-28 17:49:24 0 d-------- C:\WINDOWS\system32\acom1
2008-05-28 17:48:59 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-28 17:48:47 28160 --a------ C:\WINDOWS\system32\rqRJbBrq.dll
2008-05-26 17:39:39 0 d-------- C:\WINDOWS\system32\New Folder
2008-05-26 17:23:24 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 11:03:06 365056 --a------ C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll
2008-05-22 20:54:04 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-05-22 20:54:04 0 d-------- C:\Program Files\VstPlugins
2008-05-22 20:51:25 0 d-------- C:\Program Files\Image-Line
2008-05-22 17:37:18 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire
2008-05-22 17:36:16 0 d-------- C:\Program Files\LimeWire
2008-05-10 23:55:34 0 dr-h----- C:\MSOCache
2008-05-09 15:09:08 0 d-------- C:\Documents and Settings\Kareem Broughton\Application Data\Macromedia
2008-05-09 14:33:36 0 d-------- C:\Documents and Settings\Kareem Broughton\Application Data\Mozilla
2008-05-08 09:46:43 0 d-------- C:\Documents and Settings\Kareem Broughton\Application Data\CyberLink


-- Find3M Report ---------------------------------------------------------------

2008-06-08 11:02:12 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\OpenOffice.org2
2008-06-08 10:59:04 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-04 23:47:33 0 d-------- C:\Program Files\Common Files
2008-06-04 22:00:57 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-26 09:05:25 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Apple Computer
2008-05-08 07:06:56 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Azureus
2008-05-07 22:01:56 0 d-------- C:\Program Files\Apple Software Update
2008-05-07 18:43:11 0 d-------- C:\Program Files\Java
2008-05-04 23:26:55 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Help
2008-05-04 12:08:45 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\CyberLink
2008-05-03 08:18:15 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Hewlett-Packard
2008-05-03 08:17:15 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-03 08:17:08 0 d-------- C:\Program Files\Hp
2008-05-03 08:16:19 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-28 20:24:58 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-25 18:51:52 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-23 20:48:49 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Move Networks
2008-04-22 18:26:24 106496 --a------ C:\WINDOWS\system32\HPSTDSoap.dll <Not Verified; Hewlett-Packard Company; HP Device Communication Services>
2008-04-22 18:02:58 290816 --a------ C:\WINDOWS\system32\WINHTTP5.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-22 18:02:58 946960 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-22 18:02:58 163840 --a------ C:\WINDOWS\system32\hppatusg01.dll <Not Verified; ; utXmlData Dynamic Link Library>
2008-04-22 18:02:02 126976 --a------ C:\WINDOWS\system32\HPDevEnm.dll <Not Verified; ; Discover Dynamic Link Library>
2008-04-18 01:50:36 0 d-------- C:\Program Files\iTunes
2008-04-18 01:50:22 0 d-------- C:\Program Files\iPod
2008-04-18 01:46:33 0 d-------- C:\Program Files\Bonjour
2008-04-18 01:46:02 0 d-------- C:\Program Files\QuickTime
2008-04-18 01:39:27 0 d-------- C:\Program Files\Common Files\Apple
2008-04-17 05:57:02 2528 -----n--- C:\Documents and Settings\administrator.REGENT\Application Data\$_hpcst$.hpc
2008-04-16 19:19:35 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Adobe
2008-04-16 18:17:41 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Macromedia
2008-04-16 18:15:37 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\SonicWALL
2008-04-16 18:14:54 0 d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Mozilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f4cedb9-2995-5fb4-d673-2cc6c697716d}]
05/26/2008 11:03 AM 365056 --a------ C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4a888424-0bde-4ea7-94e0-67a7cf72cbd8}]
06/04/2008 08:58 PM 114688 --a------ C:\WINDOWS\system32\gdlucmxt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64FB3AE0-3693-466D-8AC1-64B665586AE1}]
05/28/2008 05:58 PM 275456 --a------ C:\WINDOWS\system32\awtsTNhI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B76CF1F4-ECDC-4CA1-89F8-32403496528E}]
05/28/2008 05:48 PM 28160 --a------ C:\WINDOWS\system32\rqRJbBrq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [10/07/2005 07:13 AM]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 04:35 PM]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 04:32 PM]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 04:36 PM]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 09:04 AM]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/25/2006 02:26 AM]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/07/2006 01:02 PM]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/17/2006 06:34 AM]
"FaxMonitor "= "C:\Program Files\IPFax\FaxMonitor.exe" [01/21/2002 02:45 PM]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 08:30 PM]
"Acrobat Assistant 8.0 "= "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"@ "=" " []
"j2 4.2 "= "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [07/14/2006 03:03 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"KnexStarter "= "C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [04/22/2008 06:26 PM]
"RunTasktray "= "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [04/22/2008 04:33 PM]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Host Process "= "C:\WINDOWS\Fonts\svchost.exe" [01/10/2007 12:15 PM]
"{53-31-14-40-DW} "= "c:\windows\system32\jnwnw64o.exe" [05/28/2008 05:54 PM]
"{720e77cd-b75c-9c86-ac87-243712b52bfd} "= "C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll" [05/26/2008 11:03 AM]
"runner1 "= "C:\WINDOWS\mrofinu1188.exe" []
"ExploreUpdSched "= "C:\WINDOWS\system32\ncntokdm.exe" [05/28/2008 05:50 PM]
"a89531ef "= "C:\WINDOWS\system32\rxbpweiq.dll" [06/04/2008 10:31 PM]
"BMaba60273 "= "C:\WINDOWS\system32\muyhcnpj.dll" [06/04/2008 07:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 01:54 PM]

C:\Documents and Settings\administrator.REGENT\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\ncntokdm.exe [5/28/2008 5:50:19 PM]
DW_Start.lnk - C:\WINDOWS\system32\jnwnw64o.exe [5/28/2008 5:54:23 PM]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/25/2006 2:21:37 AM]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [6/1/2007 3:14:01 PM]
SonicWALL Global VPN Client.lnk - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [5/11/2007 4:03:47 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B76CF1F4-ECDC-4CA1-89F8-32403496528E} "= C:\WINDOWS\system32\rqRJbBrq.dll [05/28/2008 05:48 PM 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJbBrq]
rqRJbBrq.dll 05/28/2008 05:48 PM 28160 C:\WINDOWS\system32\rqRJbBrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\awtsTNhI

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4123597581-4081181443-497301530-1134\Scripts\Logon\0\0]
"Script "=logon.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-08 11:14:54 ------------

 

Extra TXt.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 503.37 MiB / 182.38 MiB
Pagefile Memory (total/avail): 1228.14 MiB / 737.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.75 MiB

C: is Fixed (NTFS) - 37.21 GiB total, 10.93 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9408114A - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Symantec AntiVirus Corporate Edition v10.1.0.394 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "= "C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\WINDOWS\\system32\\jamesbond.exe "= "C:\\WINDOWS\\system32\\jamesbond.exe:*isabled:jamesbond "
"C:\\WINDOWS\\system32\\wnuserv.exe "= "C:\\WINDOWS\\system32\\wnuserv.exe:*isabled:wnuserv "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "= "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe "= "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\WINDOWS\\system32\\jamesbond.exe "= "C:\\WINDOWS\\system32\\jamesbond.exe:*:Enabled:Casino Royale "
" "= ":*:Enabled:Windows System Service "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "= "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "= "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe "= "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "= "C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\administrator.REGENT\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ4X8K91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\administrator.REGENT
LOGONSERVER=\\CHICAGO1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\MSN\MSNCoreFiles;C:\Program Files\Corel\Corel SVG Viewer\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.REG\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.REG\LOCALS~1\Temp
USERDNSDOMAIN=REGENT.LOCAL
USERDOMAIN=REGENT
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\administrator.REGENT
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kareem Broughton (admin)
Administrator (admin)
hrashid (admin)
administrator.REGENT (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Calyx LoanBridge 5.3 --> MsiExec.exe /X{CAA73495-D542-4BD2-B2F2-886C316868C7}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini "
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini "
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini "
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini "
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini "
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini "
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini "
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon MP600 User Registration --> C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini "
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini "
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini "
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini "
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini "
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Core Communication Components --> MsiExec.exe /I{A1E98303-102A-46FB-A2D0-3838C3F64DF2}
Corel SVG Viewer --> MsiExec.exe /X{E32D1370-414D-45CC-950A-7320BA6022C5}
Curitel PC Card Software --> C:\Program Files\Verizon Wireless\PC5740\PWI_Uninstall.exe
Deewoo Network Manager removal --> C:\WINDOWS\system32\ncntokdm.exe -UPop
Dell Printer Software Uninstall --> C:\Program Files\Dell\Install\Uninstall.exe
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Device Data Communication Components --> MsiExec.exe /I{C0A8F64F-36C8-489F-B813-90D60B541D1E}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Canon\Easy-WebPrint\Uninst.isu "
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll-uninst.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Events Communication Components --> MsiExec.exe /I{020CF65F-700F-4E55-AFB7-97024584A2B3}
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Google --> MsiExec.exe /I{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll "
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
HP Easy Printer Care --> "C:\Program Files\Hewlett-Packard\Install Engines\HP Easy Printer Care\engine.exe" /x
HP Easy Printer Care --> MsiExec.exe /I{49782B2F-49AE-423D-85D6-4EE7019CEA13}
HP Printer Settings Tools --> MsiExec.exe /I{41915A51-6F92-4F0E-87C4-8178785B96CC}
HP Printer Usage Report --> MsiExec.exe /I{ECB904FE-CB4D-40A4-A884-E278410F0CE1}
HP Proactive Services --> MsiExec.exe /X{7527CD9F-894E-47B3-9AFB-3E680E007051}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
IPFax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7060FA4-DCD7-11D3-85BB-0050DA6DA088}\setup.exe"
IPFax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAC19E84-F3D2-4437-A104-8DB80E36973C}\setup.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
j2 Messenger 4.2 --> C:\Program Files\j2 Messenger 4.2\Uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Operating System Communication Components --> MsiExec.exe /I{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}
PIMSync --> MsiExec.exe /I{C30836F7-6BE3-4734-98A5-CE9B9F41B8A1}
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
SAMSUNG CDMA Modem Driver Set --> C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe
ScrewDrivers Client v4 --> C:\PROGRA~1\triCerat\SIMPLI~1\SCREWD~1\UNWISE.EXE C:\PROGRA~1\triCerat\SIMPLI~1\SCREWD~1\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SonicWALL Global VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe" -l0x9 -FromCPL
Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
Toolbar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD463A0-4127-4D76-B429-30E711B948B2}\setup.exe"
ucietb --> MsiExec.exe /I{14B8E594-40F1-45AF-975F-33301144C6D1}
URL Assistant --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll "
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Wireless Sync Client --> MsiExec.exe /X{5F20B339-A3E0-4DD5-8DF7-D5AB47894643}


-- Application Event Log -------------------------------------------------------

Event Record #/Type9198 / Success
Event Submitted/Written: 06/08/2008 11:05:12 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type9193 / Error
Event Submitted/Written: 06/08/2008 10:57:50 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type9192 / Error
Event Submitted/Written: 06/08/2008 10:57:33 AM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script pushprinterconnections.exe. The system cannot find the file specified.
.

Event Record #/Type9191 / Error
Event Submitted/Written: 06/08/2008 10:57:11 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type9189 / Error
Event Submitted/Written: 06/08/2008 10:56:01 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23469 / Warning
Event Submitted/Written: 06/08/2008 11:13:30 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%REGENT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REGENT27 can't undo changes that you allow.

For more information please see the following:
%REGENT275

Scan ID: {A2B561C1-86D6-48F0-9E2A-E67DAA60FA13}

User: REGENT\Administrator

Name: %REGENT271

ID: %REGENT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %REGENT276

Alert Type: %REGENT278

Detection Type: 1.1.1593.02

Event Record #/Type23468 / Warning
Event Submitted/Written: 06/08/2008 11:13:30 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%REGENT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REGENT27 can't undo changes that you allow.

For more information please see the following:
%REGENT275

Scan ID: {05666D53-00A4-4BBD-851E-D0D425C6A853}

User: REGENT\Administrator

Name: %REGENT271

ID: %REGENT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %REGENT276

Alert Type: %REGENT278

Detection Type: 1.1.1593.02

Event Record #/Type23467 / Warning
Event Submitted/Written: 06/08/2008 11:13:30 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%REGENT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REGENT27 can't undo changes that you allow.

For more information please see the following:
%REGENT275

Scan ID: {732E3BA2-1800-4F3E-A772-59E3FDF00BE9}

User: REGENT\Administrator

Name: %REGENT271

ID: %REGENT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %REGENT276

Alert Type: %REGENT278

Detection Type: 1.1.1593.02

Event Record #/Type23466 / Warning
Event Submitted/Written: 06/08/2008 11:13:27 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%REGENT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REGENT27 can't undo changes that you allow.

For more information please see the following:
%REGENT275

Scan ID: {6B347277-B040-4F46-9E7A-9537ED84EF9C}

User: REGENT\Administrator

Name: %REGENT271

ID: %REGENT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %REGENT276

Alert Type: %REGENT278

Detection Type: 1.1.1593.02

Event Record #/Type23465 / Warning
Event Submitted/Written: 06/08/2008 11:13:27 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%REGENT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REGENT27 can't undo changes that you allow.

For more information please see the following:
%REGENT275

Scan ID: {505B56C8-8BE0-449E-ADAD-7B3B7BE6DB76}

User: REGENT\Administrator

Name: %REGENT271

ID: %REGENT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %REGENT276

Alert Type: %REGENT278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-08 11:14:54 ------------

 

You've got quite a number of infections present, more than just the installation of Cain and Able would have caused. I would venture to say your problems are more due to the presence of P2P software. P2P - I see you have P2P software ([color= "Red"]Limewire[/color]) installed on your machine. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


Now, lets get to cleaning up that mess. Do the following in the order given.

First, you ran Deckards without saving it first. Please download it again, and this time select Save, then direct it to your desktop. dss.exe must be on your desktop to do the following.

Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

• Click Start>Run and paste the command in, then hit enter.
• An interface of Deckards file association fix will open.
• Click Scan.
• Check the box next to the following entry, then click Fix.
  • .reg
• Exit when complete.

Next, download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Finally, download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Maleware post

I tried to delete Limewire off of my computer it says its gone on the Add and remove <do you think Azure is ok >... Heres the Log

Malwarebytes' Anti-Malware 1.17
Database version: 846

9:23:23 PM 6/10/2008
mbam-log-6-10-2008 (21-23-23).txt

Scan type: Quick Scan
Objects scanned: 66718
Time elapsed: 54 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f4cedb9-2995-5fb4-d673-2cc6c697716d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f4cedb9-2995-5fb4-d673-2cc6c697716d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a89531ef (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{720e77cd-b75c-9c86-ac87-243712b52bfd} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kdkadmua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aumdakdk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oprqmoce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ecomqrpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\dmloadd.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\Kareem Broughton\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kareem Broughton\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{bc7136fa-ed77-e2a1-04f2-3d1287da19d0}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncntokdm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\administrator.REGENT\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kareem Broughton\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\administrator.REGENT\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

 

Combo Fix

ComboFix 08-06-10.1 - Administrator 2008-06-10 21:38:41.1 - NTFSx86
Running from: C:\Documents and Settings\administrator.REGENT\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BMaba60273.xml
C:\WINDOWS\Fonts\'
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcmpyyye.ini
C:\WINDOWS\system32\brdqeenf.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\g15.exe
C:\WINDOWS\system32\gdlucmxt.dll
C:\WINDOWS\system32\hjRYGfii.ini2
C:\WINDOWS\system32\IhNTstwa.ini
C:\WINDOWS\system32\IhNTstwa.ini2
C:\WINDOWS\system32\iSuENqru.ini2
C:\WINDOWS\system32\jfrekksm.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\qiewpbxr.ini
C:\WINDOWS\system32\sarnytat.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 20:27 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:21 . 2008-06-10 19:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 15:21 . 2008-06-10 19:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 15:21 . 2008-06-08 16:38 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\AVGTOOLBAR
2008-06-08 15:21 . 2008-06-08 15:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 15:21 . 2008-06-08 15:21 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Program Files\AVG
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-08 13:31 . 2008-06-08 13:31 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Uniblue
2008-06-08 10:51 . 2008-06-08 10:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 10:49 . 2008-06-08 10:49 <DIR> d-------- C:\Deckard
2008-06-04 23:48 . 2008-06-04 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 23:48 . 2008-06-04 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 23:47 . 2008-06-04 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Contacts
2008-06-04 23:17 . 2008-06-09 20:42 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSN6
2008-06-04 23:15 . 2008-06-04 23:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-06-04 23:12 . 2008-06-04 23:13 <DIR> d-------- C:\Program Files\Microsoft Picture It! 9
2008-06-04 23:10 . 2008-06-04 23:10 <DIR> d-------- C:\Program Files\Design Science
2008-06-04 22:29 . 2008-06-04 23:15 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSNInstaller
2008-06-04 22:12 . 2008-06-04 22:12 <DIR> d-------- C:\WINDOWS\Cain
2008-06-04 22:10 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\rev3
2008-06-03 19:22 . 2008-06-03 19:22 74 --ahs---- C:\WINDOWS\system32\jfrekksm.tmp
2008-06-02 20:00 . 2001-08-17 22:36 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2008-06-02 20:00 . 2001-07-21 14:23 21,791 --a------ C:\WINDOWS\system32\smtpctrs.ini
2008-06-02 20:00 . 2001-08-17 22:36 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2008-06-02 20:00 . 2001-07-21 14:23 8,002 --a------ C:\WINDOWS\system32\smtpctrs.h
2008-06-02 20:00 . 2001-08-17 22:36 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2008-06-02 20:00 . 2001-07-21 14:23 1,037 --a------ C:\WINDOWS\system32\ntfsdrct.ini
2008-06-02 20:00 . 2001-07-21 14:23 773 --a------ C:\WINDOWS\system32\ntfsdrct.h
2008-06-02 19:58 . 2008-06-04 21:59 <DIR> d-------- C:\Inetpub
2008-05-30 00:04 . 2008-05-30 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-29 23:34 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 23:34 . 2008-06-04 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 21:41 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-29 21:27 . 2005-05-26 18:22 10,752 --a------ C:\WINDOWS\hh.exe
2008-05-28 17:54 . 2008-05-28 17:54 0 --a------ C:\WINDOWS\system32\jnwnw64o.exe
2008-05-28 17:49 . 2008-05-28 17:49 <DIR> d-------- C:\WINDOWS\system32\pb2
2008-05-28 17:49 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\bTMP
2008-05-28 17:49 . 2008-05-28 17:49 <DIR> d-------- C:\WINDOWS\system32\acom1
2008-05-28 17:49 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\1026c
2008-05-28 17:48 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-05-26 17:39 . 2008-05-26 17:39 <DIR> d-------- C:\WINDOWS\system32\New Folder
2008-05-26 17:23 . 2008-06-04 22:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-22 20:54 . 2008-06-04 22:01 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-22 20:54 . 2005-04-12 10:21 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-05-22 20:53 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-05-22 20:51 . 2008-05-28 18:14 <DIR> d-------- C:\Program Files\Image-Line
2008-05-22 17:37 . 2008-06-08 11:28 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire
2008-05-22 17:36 . 2006-05-26 12:23 <DIR> d-------- C:\Program Files\LimeWire
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 02:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-10 01:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-10 01:07 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\OpenOffice.org2
2008-06-05 03:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-26 14:05 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Apple Computer
2008-05-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-08 14:46 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\CyberLink
2008-05-08 12:06 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Azureus
2008-05-08 03:01 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 23:43 --------- d-----w C:\Program Files\Java
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\SonicWALL
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\Hewlett-Packard
2008-05-04 17:08 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\CyberLink
2008-05-03 13:18 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Hewlett-Packard
2008-05-03 13:17 --------- d-----w C:\Program Files\Hp
2008-05-03 13:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-03 13:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 01:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-24 01:48 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Move Networks
2008-04-22 23:26 106,496 ----a-w C:\WINDOWS\system32\HPSTDSoap.dll
2008-04-22 23:02 946,960 ----a-w C:\WINDOWS\system32\msjava.dll
2008-04-22 23:02 290,816 ----a-w C:\WINDOWS\system32\WINHTTP5.DLL
2008-04-22 23:02 163,840 ----a-w C:\WINDOWS\system32\hppatusg01.dll
2008-04-22 23:02 126,976 ----a-w C:\WINDOWS\system32\HPDevEnm.dll
2008-04-18 06:50 --------- d-----w C:\Program Files\iTunes
2008-04-18 06:50 --------- d-----w C:\Program Files\iPod
2008-04-18 06:46 --------- d-----w C:\Program Files\QuickTime
2008-04-18 06:46 --------- d-----w C:\Program Files\Bonjour
2008-04-18 06:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-18 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-16 23:15 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\SonicWALL
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28ea9426-8cf4-43b7-9778-9e550818abb2}]
C:\WINDOWS\system32\ybmqbfhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6B7D31-00AD-49A8-8B40-93DD72C88BD8}]
C:\WINDOWS\system32\awtsTNhI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 16:35 94208]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 16:32 77824]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 16:36 114688]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" [ ]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-25 02:26 169472]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656]
"FaxMonitor "= "C:\Program Files\IPFax\FaxMonitor.exe" [2002-01-21 14:45 61440]
"CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"Acrobat Assistant 8.0 "= "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"j2 4.2 "= "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:03 107008]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"KnexStarter "= "C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 18:26 73728]
"RunTasktray "= "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2008-04-22 16:33 69120]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"{53-31-14-40-DW} "= "c:\windows\system32\jnwnw64o.exe" [2008-05-28 17:54 0]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 15:21 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-25 02:21:37 24576]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2007-06-01 15:14:01 612352]
SonicWALL Global VPN Client.lnk - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2007-05-11 16:03:47 917601]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJbBrq]
rqRJbBrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4123597581-4081181443-497301530-1134\Scripts\Logon\0\0]
"Script "=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"<NO NAME> "= :Windows System Service
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe "=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-08 15:21]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 15:21]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-07-27 11:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 15:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 15:21]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S1 dmloadd;dmloadd;C:\WINDOWS\system32\drivers\dmloadd.sys []
S2 Abel;Abel;C:\Program Files\Cain\Abel.exe []
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 09:59]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 10:00]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 10:00]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 10:01]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 10:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 21:17:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 02:53:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job "
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 21:55:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
.
**************************************************************************
.
Completion time: 2008-06-10 22:11:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 03:09:53

Pre-Run: 11,654,172,672 bytes free
Post-Run: 12,675,354,624 bytes free

282 --- E O F --- 2008-05-24 13:03:36

 

Sorry for the wait. Delete the copy of ComboFix.exe you have and download a fresh copy, then run it again as described above. Post the resulting log here please.

 

Combo again

ComboFix 08-06-12.2 - Administrator 2008-06-13 18:15:48.2 - NTFSx86
Running from: C:\Documents and Settings\administrator.REGENT\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jnwnw64o.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-10 22:41 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:41 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 20:27 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:21 . 2008-06-10 19:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 15:21 . 2008-06-13 18:05 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 15:21 . 2008-06-08 16:38 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\AVGTOOLBAR
2008-06-08 15:21 . 2008-06-08 15:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 15:21 . 2008-06-08 15:21 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Program Files\AVG
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-08 13:31 . 2008-06-08 13:31 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Uniblue
2008-06-08 10:51 . 2008-06-08 10:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 10:49 . 2008-06-08 10:49 <DIR> d-------- C:\Deckard
2008-06-04 23:48 . 2008-06-04 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 23:48 . 2008-06-04 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 23:47 . 2008-06-04 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Contacts
2008-06-04 23:17 . 2008-06-11 21:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSN6
2008-06-04 23:15 . 2008-06-04 23:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-06-04 23:12 . 2008-06-04 23:13 <DIR> d-------- C:\Program Files\Microsoft Picture It! 9
2008-06-04 23:10 . 2008-06-04 23:10 <DIR> d-------- C:\Program Files\Design Science
2008-06-04 22:29 . 2008-06-04 23:15 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSNInstaller
2008-06-04 22:12 . 2008-06-04 22:12 <DIR> d-------- C:\WINDOWS\Cain
2008-06-04 22:10 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\rev3
2008-06-03 19:22 . 2008-06-03 19:22 74 --ahs---- C:\WINDOWS\system32\jfrekksm.tmp
2008-06-02 20:00 . 2001-08-17 22:36 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2008-06-02 20:00 . 2001-07-21 14:23 21,791 --a------ C:\WINDOWS\system32\smtpctrs.ini
2008-06-02 20:00 . 2001-08-17 22:36 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2008-06-02 20:00 . 2001-07-21 14:23 8,002 --a------ C:\WINDOWS\system32\smtpctrs.h
2008-06-02 20:00 . 2001-08-17 22:36 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2008-06-02 20:00 . 2001-07-21 14:23 1,037 --a------ C:\WINDOWS\system32\ntfsdrct.ini
2008-06-02 20:00 . 2001-07-21 14:23 773 --a------ C:\WINDOWS\system32\ntfsdrct.h
2008-06-02 19:58 . 2008-06-04 21:59 <DIR> d-------- C:\Inetpub
2008-05-30 00:04 . 2008-05-30 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-29 23:34 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 23:34 . 2008-06-04 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 21:41 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-29 21:27 . 2005-05-26 18:22 10,752 --a------ C:\WINDOWS\hh.exe
2008-05-28 17:49 . 2008-05-28 17:49 <DIR> d-------- C:\WINDOWS\system32\pb2
2008-05-28 17:49 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\bTMP
2008-05-28 17:49 . 2008-05-28 17:49 <DIR> d-------- C:\WINDOWS\system32\acom1
2008-05-28 17:49 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\1026c
2008-05-28 17:48 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-05-26 17:39 . 2008-05-26 17:39 <DIR> d-------- C:\WINDOWS\system32\New Folder
2008-05-26 17:23 . 2008-06-04 22:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-22 20:54 . 2008-06-04 22:01 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-22 20:54 . 2005-04-12 10:21 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-05-22 20:53 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-05-22 20:51 . 2008-05-28 18:14 <DIR> d-------- C:\Program Files\Image-Line
2008-05-22 17:37 . 2008-06-08 11:28 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire
2008-05-22 17:36 . 2006-05-26 12:23 <DIR> d-------- C:\Program Files\LimeWire
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 11:44 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-10 01:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-10 01:07 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\OpenOffice.org2
2008-06-05 03:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-26 14:05 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Apple Computer
2008-05-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-08 14:46 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\CyberLink
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 12:06 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Azureus
2008-05-08 03:01 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 23:43 --------- d-----w C:\Program Files\Java
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\SonicWALL
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\Hewlett-Packard
2008-05-04 17:08 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\CyberLink
2008-05-03 13:18 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Hewlett-Packard
2008-05-03 13:17 --------- d-----w C:\Program Files\Hp
2008-05-03 13:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-03 13:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 01:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-24 01:48 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Move Networks
2008-04-22 23:26 106,496 ----a-w C:\WINDOWS\system32\HPSTDSoap.dll
2008-04-22 23:02 946,960 ----a-w C:\WINDOWS\system32\msjava.dll
2008-04-22 23:02 290,816 ----a-w C:\WINDOWS\system32\WINHTTP5.DLL
2008-04-22 23:02 163,840 ----a-w C:\WINDOWS\system32\hppatusg01.dll
2008-04-22 23:02 126,976 ----a-w C:\WINDOWS\system32\HPDevEnm.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-18 06:50 --------- d-----w C:\Program Files\iTunes
2008-04-18 06:50 --------- d-----w C:\Program Files\iPod
2008-04-18 06:46 --------- d-----w C:\Program Files\QuickTime
2008-04-18 06:46 --------- d-----w C:\Program Files\Bonjour
2008-04-18 06:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-18 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-16 23:15 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\SonicWALL
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_22.07.19.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-20 10:17:52 33,280 ----a-w C:\WINDOWS\$hf_mig$\KB926247\SP2QFE\snmp.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926247\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926247\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926247\update\updspapi.dll
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-06-26 08:38:58 363,520 ----a-w C:\WINDOWS\$hf_mig$\KB939373\SP2QFE\w3svc.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939373\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939373\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939373\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939373\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939373\update\updspapi.dll
+ 2008-01-10 18:36:11 369,664 ----a-w C:\WINDOWS\$hf_mig$\KB942830\SP2QFE\asp51.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942830\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942830\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942830\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942830\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942830\update\updspapi.dll
+ 2008-01-10 05:09:31 257,024 ----a-w C:\WINDOWS\$hf_mig$\KB942831\SP2QFE\infocomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942831\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942831\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942831\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942831\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942831\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-11 02:50:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 11:40:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 23:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-05-14 08:03:19 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-12 01:13:47 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-14 08:03:18 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-12 01:13:46 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-14 08:03:19 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-12 01:13:47 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-14 08:03:19 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-12 01:13:48 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-14 08:03:19 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-12 01:13:49 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-14 08:03:19 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-12 01:13:50 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-05-14 08:03:19 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-12 01:13:50 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-14 08:03:18 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-12 01:13:46 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-14 08:03:18 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-12 01:13:46 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-01-10 18:44:47 369,664 ------w C:\WINDOWS\system32\dllcache\asp51.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-01-10 05:20:21 257,024 ------w C:\WINDOWS\system32\dllcache\infocomm.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-11-20 08:42:45 33,280 ------w C:\WINDOWS\system32\dllcache\snmp.exe
- 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-06-26 08:27:40 363,520 ------w C:\WINDOWS\system32\dllcache\w3svc.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2004-08-04 11:00:00 369,664 ----a-w C:\WINDOWS\system32\inetsrv\asp.dll
+ 2008-01-10 18:44:47 369,664 ----a-w C:\WINDOWS\system32\inetsrv\asp.dll
- 2004-08-04 11:00:00 257,024 ----a-w C:\WINDOWS\system32\inetsrv\infocomm.dll
+ 2008-01-10 05:20:21 257,024 ----a-w C:\WINDOWS\system32\inetsrv\infocomm.dll
- 2004-08-04 11:00:00 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll
+ 2007-06-26 08:27:40 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 11:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 11:00:00 32,768 ----a-w C:\WINDOWS\system32\snmp.exe
+ 2006-11-20 08:42:45 33,280 ----a-w C:\WINDOWS\system32\snmp.exe
- 2006-09-25 22:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28ea9426-8cf4-43b7-9778-9e550818abb2}]
C:\WINDOWS\system32\ybmqbfhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6B7D31-00AD-49A8-8B40-93DD72C88BD8}]
C:\WINDOWS\system32\awtsTNhI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 16:35 94208]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 16:32 77824]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 16:36 114688]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" [ ]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-25 02:26 169472]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656]
"FaxMonitor "= "C:\Program Files\IPFax\FaxMonitor.exe" [2002-01-21 14:45 61440]
"CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"Acrobat Assistant 8.0 "= "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"j2 4.2 "= "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:03 107008]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"KnexStarter "= "C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 18:26 73728]
"RunTasktray "= "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2008-04-22 16:33 69120]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 15:21 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-25 02:21:37 24576]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2007-06-01 15:14:01 612352]
SonicWALL Global VPN Client.lnk - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2007-05-11 16:03:47 917601]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJbBrq]
rqRJbBrq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4123597581-4081181443-497301530-1134\Scripts\Logon\0\0]
"Script "=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"<NO NAME> "= :Windows System Service
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe "=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-08 15:21]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 15:21]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-07-27 11:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 15:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 15:21]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S1 dmloadd;dmloadd;C:\WINDOWS\system32\drivers\dmloadd.sys []
S2 Abel;Abel;C:\Program Files\Cain\Abel.exe []
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 09:59]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 10:00]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 10:00]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 10:01]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 10:01]

 

combo cont.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 21:17:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-12 11:43:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job "
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 18:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 18:27:09
ComboFix-quarantined-files.txt 2008-06-13 23:27:00
ComboFix2.txt 2008-06-11 03:11:18

Pre-Run: 12,071,944,192 bytes free
Post-Run: 12,094,521,344 bytes free

451 --- E O F --- 2008-06-12 01:21:31

 

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\jfrekksm.tmp
Folder::
C:\WINDOWS\system32\pb2
C:\WINDOWS\system32\bTMP
C:\WINDOWS\system32\acom1
C:\WINDOWS\system32\1026c
C:\WINDOWS\system32\vntiho18
DirLook::
C:\WINDOWS\system32\rev3
C:\WINDOWS\system32\New Folder
C:\WINDOWS\system32\NtmsData
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28ea9426-8cf4-43b7-9778-9e550818abb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6B7D31-00AD-49A8-8B40-93DD72C88BD8}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJbBrq]
Driver::
dmloadd
Abel

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

new Combo log

ComboFix 08-06-16.5 - Administrator 2008-06-18 7:19:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.158 [GMT -5:00]
Running from: C:\Documents and Settings\administrator.REGENT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\administrator.REGENT\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\jfrekksm.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\1026c
C:\WINDOWS\system32\acom1
C:\WINDOWS\system32\bTMP
C:\WINDOWS\system32\jfrekksm.tmp
C:\WINDOWS\system32\pb2
C:\WINDOWS\system32\pb2\drcom172.exe
C:\WINDOWS\system32\vntiho18

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABEL
-------\Legacy_DMLOADD
-------\Service_Abel
-------\Service_dmloadd


((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-15 10:19 . 2008-06-15 10:19 <DIR> d-------- C:\Program Files\7-Zip
2008-06-15 10:17 . 2008-06-15 10:17 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\spredator_update
2008-06-15 09:49 . 2008-06-15 09:49 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Talkback
2008-06-15 09:48 . 2008-06-15 10:16 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-15 09:48 . 2008-06-15 09:48 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Thunderbird
2008-06-15 09:11 . 2008-06-15 09:11 <DIR> d-------- C:\Program Files\Sexual Predators Toolbar
2008-06-14 13:37 . 2008-06-14 13:46 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-13 20:56 . 2008-06-13 20:57 <DIR> d-------- C:\Program Files\Azureus
2008-06-10 22:41 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:41 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 20:27 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:21 . 2008-06-10 19:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 15:21 . 2008-06-18 04:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 15:21 . 2008-06-08 16:38 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\AVGTOOLBAR
2008-06-08 15:21 . 2008-06-08 15:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 15:21 . 2008-06-08 15:21 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Program Files\AVG
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-08 13:31 . 2008-06-08 13:31 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Uniblue
2008-06-08 10:51 . 2008-06-08 10:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 10:49 . 2008-06-08 10:49 <DIR> d-------- C:\Deckard
2008-06-04 23:48 . 2008-06-04 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 23:48 . 2008-06-04 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 23:47 . 2008-06-04 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Contacts
2008-06-04 23:17 . 2008-06-11 21:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSN6
2008-06-04 23:15 . 2008-06-04 23:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-06-04 23:12 . 2008-06-04 23:13 <DIR> d-------- C:\Program Files\Microsoft Picture It! 9
2008-06-04 23:10 . 2008-06-04 23:10 <DIR> d-------- C:\Program Files\Design Science
2008-06-04 22:29 . 2008-06-04 23:15 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSNInstaller
2008-06-04 22:12 . 2008-06-04 22:12 <DIR> d-------- C:\WINDOWS\Cain
2008-06-04 22:10 . 2008-06-09 21:43 <DIR> d-------- C:\WINDOWS\system32\rev3
2008-06-02 20:00 . 2001-08-17 22:36 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2008-06-02 20:00 . 2001-07-21 14:23 21,791 --a------ C:\WINDOWS\system32\smtpctrs.ini
2008-06-02 20:00 . 2001-08-17 22:36 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2008-06-02 20:00 . 2001-07-21 14:23 8,002 --a------ C:\WINDOWS\system32\smtpctrs.h
2008-06-02 20:00 . 2001-08-17 22:36 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2008-06-02 20:00 . 2001-07-21 14:23 1,037 --a------ C:\WINDOWS\system32\ntfsdrct.ini
2008-06-02 20:00 . 2001-07-21 14:23 773 --a------ C:\WINDOWS\system32\ntfsdrct.h
2008-06-02 19:58 . 2008-06-04 21:59 <DIR> d-------- C:\Inetpub
2008-05-30 00:04 . 2008-05-30 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-29 23:34 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 23:34 . 2008-06-04 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 21:41 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-29 21:27 . 2005-05-26 18:22 10,752 --a------ C:\WINDOWS\hh.exe
2008-05-26 17:39 . 2008-05-26 17:39 <DIR> d-------- C:\WINDOWS\system32\New Folder
2008-05-26 17:23 . 2008-06-04 22:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-22 20:54 . 2008-06-15 10:45 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-22 20:54 . 2005-04-12 10:21 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-05-22 20:53 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-05-22 20:51 . 2008-06-15 10:45 <DIR> d-------- C:\Program Files\Image-Line
2008-05-22 17:37 . 2008-06-08 11:28 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire
2008-05-22 17:36 . 2006-05-26 12:23 <DIR> d-------- C:\Program Files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 12:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-14 12:03 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Azureus
2008-06-10 01:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-10 01:07 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\OpenOffice.org2
2008-06-05 03:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-26 14:05 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Apple Computer
2008-05-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-08 14:46 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\CyberLink
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 03:01 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 23:43 --------- d-----w C:\Program Files\Java
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\SonicWALL
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\Hewlett-Packard
2008-05-04 17:08 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\CyberLink
2008-05-03 13:18 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Hewlett-Packard
2008-05-03 13:17 --------- d-----w C:\Program Files\Hp
2008-05-03 13:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-03 13:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 01:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-24 01:48 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Move Networks
2008-04-18 06:50 --------- d-----w C:\Program Files\iTunes
2008-04-18 06:50 --------- d-----w C:\Program Files\iPod
2008-04-18 06:46 --------- d-----w C:\Program Files\QuickTime
2008-04-18 06:46 --------- d-----w C:\Program Files\Bonjour
2008-04-18 06:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-18 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\New Folder ----


---- Directory of C:\WINDOWS\system32\NtmsData ----

2008-06-04 21:52 82760 --a------ C:\WINDOWS\system32\NtmsData\NTMSIDX
2008-06-04 21:52 110592 --a------ C:\WINDOWS\system32\NtmsData\NTMSDATA.BAK
2008-06-04 21:52 110592 --a------ C:\WINDOWS\system32\NtmsData\NTMSDATA
2008-05-26 17:23 816 --a------ C:\WINDOWS\system32\NtmsData\NTMSREG

---- Directory of C:\WINDOWS\system32\rev3 ----



((((((((((((((((((((((((((((( snapshot_2008-06-13_18.26.34.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:40:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 12:27:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 14:11:20 2,238 ----a-r C:\WINDOWS\Installer\{89206BF8-BF95-47EC-A3DD-B571BA937C75}\ARPPRODUCTICON.exe
+ 2008-03-20 00:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-20 00:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-20 00:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 23:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-20 00:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 23:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-20 00:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-20 00:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-20 00:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-20 00:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-20 00:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 1999-06-25 15:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-03-15 04:31:26 57,344 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2008-03-15 04:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 04:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2008-03-15 04:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 04:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
+ 2008-03-15 04:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 04:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 04:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 04:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 16:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2008-03-15 04:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129398FD-A57D-4513-AD9E-D11D280A8FE9}]
2007-03-25 16:52 282697 --a------ C:\Program Files\Sexual Predators Toolbar\Toolbar\vsns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C46CED39-05C9-40C3-88D1-E07AB8128EFD} "= "C:\Program Files\Sexual Predators Toolbar\Toolbar\SPredator.dll" [2007-03-28 17:45 372736]

[HKEY_CLASSES_ROOT\clsid\{c46ced39-05c9-40c3-88d1-e07ab8128efd}]
[HKEY_CLASSES_ROOT\SPredator.ToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{A5217315-F157-48D7-B7E0-2A04C05E3A4D}]
[HKEY_CLASSES_ROOT\SPredator.ToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 16:35 94208]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 16:32 77824]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 16:36 114688]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" [ ]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-25 02:26 169472]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656]
"FaxMonitor "= "C:\Program Files\IPFax\FaxMonitor.exe" [2002-01-21 14:45 61440]
"CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"Acrobat Assistant 8.0 "= "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"j2 4.2 "= "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:03 107008]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"KnexStarter "= "C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 18:26 73728]
"RunTasktray "= "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2008-04-22 16:33 69120]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 15:21 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-25 02:21:37 24576]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2007-06-01 15:14:01 612352]
SonicWALL Global VPN Client.lnk - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2007-05-11 16:03:47 917601]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4123597581-4081181443-497301530-1134\Scripts\Logon\0\0]
"Script "=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"<NO NAME> "= :Windows System Service
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe "=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"C:\\Program Files\\Azureus\\Azureus.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-08 15:21]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 15:21]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-07-27 11:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 15:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 15:21]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 09:59]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 10:00]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 10:00]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 10:01]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 10:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 21:17:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 12:31:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job "
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 07:49:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-18 8:00:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 12:59:52
ComboFix2.txt 2008-06-13 23:27:11
ComboFix3.txt 2008-06-11 03:11:18

Pre-Run: 11,362,320,384 bytes free
Post-Run: 11,611,451,392 bytes free

309 --- E O F --- 2008-06-18 09:57:44

 

I've got some errands. I'll look over this log later tonight and post further instructions.

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Folder::
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire
C:\Program Files\LimeWire
C:\WINDOWS\Cain
C:\WINDOWS\system32\rev3
C:\WINDOWS\system32\New Folder

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

Combo Post

ComboFix 08-06-16.5 - Administrator 2008-06-19 7:17:53.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -5:00]
Running from: C:\Documents and Settings\administrator.REGENT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\administrator.REGENT\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\filters.props
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\installation.props
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\library.dat
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\limewire.props
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\mojito.props
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\questions.props
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\responses.cache
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\spam.dat
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\tables.props
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme.lwtp
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\question.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\version.txt
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\administrator.REGENT\Application Data\LimeWire\ttroot.cache
C:\Program Files\LimeWire
C:\Program Files\LimeWire\Incomplete\downloads.bak
C:\Program Files\LimeWire\Incomplete\downloads.dat
C:\WINDOWS\Cain
C:\WINDOWS\Cain\Abel.dll
C:\WINDOWS\Cain\Abel.exe
C:\WINDOWS\Cain\Driver\WinPcap_4_0_2.exe
C:\WINDOWS\Cain\UNINSTAL.EXE
C:\WINDOWS\system32\New Folder
C:\WINDOWS\system32\rev3

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-15 10:19 . 2008-06-15 10:19 <DIR> d-------- C:\Program Files\7-Zip
2008-06-15 10:17 . 2008-06-15 10:17 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\spredator_update
2008-06-15 09:49 . 2008-06-15 09:49 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Talkback
2008-06-15 09:48 . 2008-06-15 10:16 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-06-15 09:48 . 2008-06-15 09:48 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Thunderbird
2008-06-15 09:11 . 2008-06-15 09:11 <DIR> d-------- C:\Program Files\Sexual Predators Toolbar
2008-06-14 13:37 . 2008-06-14 13:46 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-13 20:56 . 2008-06-13 20:57 <DIR> d-------- C:\Program Files\Azureus
2008-06-10 22:41 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:41 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 20:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Malwarebytes
2008-06-10 20:27 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 20:27 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 16:21 . 2008-06-19 07:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 15:21 . 2008-06-18 20:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 15:21 . 2008-06-08 16:38 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\AVGTOOLBAR
2008-06-08 15:21 . 2008-06-08 15:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 15:21 . 2008-06-08 15:21 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-08 15:21 . 2008-06-08 15:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Program Files\AVG
2008-06-08 15:20 . 2008-06-08 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-08 13:31 . 2008-06-08 13:31 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\Uniblue
2008-06-08 10:51 . 2008-06-08 10:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 10:49 . 2008-06-08 10:49 <DIR> d-------- C:\Deckard
2008-06-04 23:48 . 2008-06-04 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 23:48 . 2008-06-04 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 23:47 . 2008-06-04 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-04 23:17 . 2008-06-04 23:17 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Contacts
2008-06-04 23:17 . 2008-06-11 21:27 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSN6
2008-06-04 23:15 . 2008-06-04 23:15 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-06-04 23:12 . 2008-06-04 23:13 <DIR> d-------- C:\Program Files\Microsoft Picture It! 9
2008-06-04 23:10 . 2008-06-04 23:10 <DIR> d-------- C:\Program Files\Design Science
2008-06-04 22:29 . 2008-06-04 23:15 <DIR> d-------- C:\Documents and Settings\administrator.REGENT\Application Data\MSNInstaller
2008-06-02 20:00 . 2001-08-17 22:36 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2008-06-02 20:00 . 2001-07-21 14:23 21,791 --a------ C:\WINDOWS\system32\smtpctrs.ini
2008-06-02 20:00 . 2001-08-17 22:36 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2008-06-02 20:00 . 2001-07-21 14:23 8,002 --a------ C:\WINDOWS\system32\smtpctrs.h
2008-06-02 20:00 . 2001-08-17 22:36 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2008-06-02 20:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2008-06-02 20:00 . 2001-07-21 14:23 1,037 --a------ C:\WINDOWS\system32\ntfsdrct.ini
2008-06-02 20:00 . 2001-07-21 14:23 773 --a------ C:\WINDOWS\system32\ntfsdrct.h
2008-06-02 19:58 . 2008-06-04 21:59 <DIR> d-------- C:\Inetpub
2008-05-30 00:04 . 2008-05-30 00:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-29 23:34 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 23:34 . 2008-06-04 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 21:41 . 2008-06-04 22:06 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-29 21:27 . 2005-05-26 18:22 10,752 --a------ C:\WINDOWS\hh.exe
2008-05-26 17:23 . 2008-06-04 22:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-22 20:54 . 2008-06-15 10:45 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-22 20:54 . 2005-04-12 10:21 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-05-22 20:53 . 2002-07-07 17:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-05-22 20:51 . 2008-06-15 10:45 <DIR> d-------- C:\Program Files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 12:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-14 12:03 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Azureus
2008-06-10 01:19 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-10 01:07 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\OpenOffice.org2
2008-06-05 03:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-26 14:05 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Apple Computer
2008-05-21 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 14:46 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\CyberLink
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 03:01 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 23:43 --------- d-----w C:\Program Files\Java
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\SonicWALL
2008-05-05 02:01 --------- d-----w C:\Documents and Settings\Kareem Broughton\Application Data\Hewlett-Packard
2008-05-04 17:08 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\CyberLink
2008-05-03 13:18 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Hewlett-Packard
2008-05-03 13:17 --------- d-----w C:\Program Files\Hp
2008-05-03 13:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-03 13:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 01:24 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-24 01:48 --------- d-----w C:\Documents and Settings\administrator.REGENT\Application Data\Move Networks
2008-04-22 23:26 106,496 ----a-w C:\WINDOWS\system32\HPSTDSoap.dll
2008-04-22 23:02 946,960 ----a-w C:\WINDOWS\system32\msjava.dll
2008-04-22 23:02 290,816 ----a-w C:\WINDOWS\system32\WINHTTP5.DLL
2008-04-22 23:02 163,840 ----a-w C:\WINDOWS\system32\hppatusg01.dll
2008-04-22 23:02 126,976 ----a-w C:\WINDOWS\system32\HPDevEnm.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129398FD-A57D-4513-AD9E-D11D280A8FE9}]
2007-03-25 16:52 282697 --a------ C:\Program Files\Sexual Predators Toolbar\Toolbar\vsns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C46CED39-05C9-40C3-88D1-E07AB8128EFD} "= "C:\Program Files\Sexual Predators Toolbar\Toolbar\SPredator.dll" [2007-03-28 17:45 372736]

[HKEY_CLASSES_ROOT\clsid\{c46ced39-05c9-40c3-88d1-e07ab8128efd}]
[HKEY_CLASSES_ROOT\SPredator.ToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{A5217315-F157-48D7-B7E0-2A04C05E3A4D}]
[HKEY_CLASSES_ROOT\SPredator.ToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2005-10-07 07:13 176128]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 16:35 94208]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 16:32 77824]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 16:36 114688]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" [ ]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04 53248]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-25 02:26 169472]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 13:02 53408]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 06:34 124656]
"FaxMonitor "= "C:\Program Files\IPFax\FaxMonitor.exe" [2002-01-21 14:45 61440]
"CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"Acrobat Assistant 8.0 "= "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"j2 4.2 "= "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:03 107008]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"KnexStarter "= "C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 18:26 73728]
"RunTasktray "= "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2008-04-22 16:33 69120]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 15:21 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-25 02:21:37 24576]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2007-06-01 15:14:01 612352]
SonicWALL Global VPN Client.lnk - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2007-05-11 16:03:47 917601]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script "=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4123597581-4081181443-497301530-1134\Scripts\Logon\0\0]
"Script "=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"<NO NAME> "= :Windows System Service
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe "=
"C:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"C:\\Program Files\\Azureus\\Azureus.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-08 15:21]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 15:21]
R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2004-07-27 11:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 15:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 15:21]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 09:59]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 10:00]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 10:00]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 10:01]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 10:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 21:17:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 07:13:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job "
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 07:23:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 7:25:54
ComboFix-quarantined-files.txt 2008-06-19 12:25:45
ComboFix2.txt 2008-06-18 13:00:19
ComboFix3.txt 2008-06-13 23:27:11
ComboFix4.txt 2008-06-11 03:11:18

Pre-Run: 11,586,973,696 bytes free
Post-Run: 11,571,720,192 bytes free

281 --- E O F --- 2008-06-18 09:57:44

 

How's the computer performing now? Still having issues?

 

Thank you

Its performing Great better then before i caught the virus.
Thank you

 

That's great! Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot



Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Post the Kaspersky log and one more fresh HijackThis log.

 

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 22, 2008 00:02:43
Records in database: 880072
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 73619
Threat name: 5
Infected objects: 33
Suspicious objects: 0
Duration of the scan: 03:31:07


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00000.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00001.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00002.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00003.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00004.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00005.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00006.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00007.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00008.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00009.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000A.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000B.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000C.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000D.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000E.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0000F.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00010.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00011.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00012.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00013.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00014.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00015.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00016.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00017.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00018.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00019\4CDE8D03.VBN Infected: Trojan.Win16.UnaBomber 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17040000.VBN Infected: not-a-virusSWTool.Win32.Cain.10b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17040001.VBN Infected: not-a-virusSWTool.Win32.Cain.10b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17040002.VBN Infected: not-a-virusSWTool.Win32.LPR 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17040003.VBN Infected: Trojan-PSW.Win32.Misos 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1704000B.VBN Infected: Trojan.Win16.UnaBomber 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1704000C.VBN Infected: Trojan.Win16.UnaBomber 1
C:\WINDOWS\ca_setup.exe Infected: not-a-virusSWTool.Win32.Cain.284 1

The selected area was scanned.

 

Micro HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46, on 2008-06-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\administrator.REGENT\Desktop\Firefox Setup 3.0.exe
C:\DOCUME~1\ADMINI~1.REG\LOCALS~1\Temp\7zS2C5.tmp\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SexualPredatorBHO Class - {129398FD-A57D-4513-AD9E-D11D280A8FE9} - C:\Program Files\Sexual Predators Toolbar\Toolbar\vsns.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: CommuniKateVirtualPBX Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Sexual Predator Toolbar - {C46CED39-05C9-40C3-88D1-E07AB8128EFD} - C:\Program Files\Sexual Predators Toolbar\Toolbar\SPredator.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O4 - Global Startup: Wireless Sync Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKateVirtualPBX Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKateVirtualPBX Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1stregentmtg.com
O15 - Trusted Zone: http://*.hp.com (HKLM)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.0.cab
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://71.239.208.66:100/RemoteWeb.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://71.239.208.66:100/VideoViewer.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www22.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = regent.local
O17 - HKLM\Software\..\Telephony: DomainName = regent.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = regent.local
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 15511 bytes