Solved Shouldn't have let the kid borrow the box

scorekeeper · 2010/06/09

[Resolved] Shouldn't have let the kid borrow the box

I don’t really know what the heck is going on. I let my son use my desktop for a couple of months, and now when it starts I get a windows message that the computer is infected, and this thing’s a pig.

It’s a Windows 2000 system. I don’t know if this will help, but it’s a logfile from Hijackthis. Any help will be appreciated.

Thanx

/////////////////////////////////////////////////////////////////////////////////

Logfile of HijackThis v1.99.1
Scan saved at 10:08:58 AM, on 6/9/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\Mixer.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [iuxirgcy] C:\Documents and Settings\Administrator\Local Settings\Application Data\mvtrmppda\idrcmqitssd.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [iuxirgcy] C:\Documents and Settings\Administrator\Local Settings\Application Data\mvtrmppda\idrcmqitssd.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O4 - Global Startup: WLAN Cardbus.lnk = C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201320796428
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\InterBase\Bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\InterBase\Bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PeteC · 2010/06/09

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

HJT logs are not sufficient or required unless specifically requesated by the Malware Analyst - your version of HJT is well out of date too, BTW.

scorekeeper · 2010/06/09

"PeteC said: ↑

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

HJT logs are not sufficient or required unless specifically requesated by the Malware Analyst - your version of HJT is well out of date too, BTW.
Click to expand...

I apologize. When I last used this forum, running DDS wasn’t required. Iâ€™m sorry.

///////////////////////////////////////////////////////////////////////////////

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: 6/9/2010 12:18:26 AM (13 hours ago)

Motherboard: | | SiS-645-961B
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2405/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 24 GiB total, 11.082 GiB free.
D: is FIXED (NTFS) - 33 GiB total, 22.488 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 8 GiB total, 3.456 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_A40810FD&REV_90\3&61AAA01&0&18
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_A40810FD&REV_90\3&61AAA01&0&18
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1103&DEV_0004&SUBSYS_00011103&REV_05\3&61AAA01&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1103&DEV_0004&SUBSYS_00011103&REV_05\3&61AAA01&0&78
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABE
ABE Setup
ABE Tutorial
Ad-Aware
Adobe Acrobat 4.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 5.5
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
Adobe SVG Viewer 3.0
AVG Anti-Spyware 7.5
CC_ccProxyExt
ccCommon
ccPxyCore
CodeStuff Starter
Confidence Online(tm) for Web Applications
Connection Keep Alive
FinePrint pdfFactory
FTP Explorer
Google Earth
Google Toolbar for Internet Explorer
HiJackThis
HijackThis 1.99.1
ieSupportManager
InstallShield Express Visual FoxPro Limited Edition
Interbase
Internet Explorer Q903235
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 20
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lizard Safeguard - PDF Viewer 2.5.122
Logitech iTouch Software
Logitech MouseWare 9.71
Logitech Resource Center
Microsoft .NET Framework 2.0
Microsoft DirectX Transform optional components
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Visual FoxPro 6.0
Microsoft Visual FoxPro 7.0 Professional - English
Microsoft Windows Journal Viewer
Microsoft XML Parser
Mozilla Firefox (3.6.3)
MSDN Library - July 2001
MSDN Library - Visual Studio 6.0a
MSRedist
Musicmatch® Jukebox
NETGEAR WG111 Software
Norton AntiSpam
Norton AntiVirus 2006
Norton Cleanup
Norton GoBack 4.1
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006 Basic Edition
Norton SystemWorks 2006 Basic Edition (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
NTI CD-Maker 2000 Plus
OmniFormat
PCI Audio Applications
PCI Audio Driver
Pdf995
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0 (KB975560)
Security Update for DirectX 9.0 (KB976138)
Security Update for DirectX 9.0b (KB961373)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft .NET Framework 2.0 (KB947746)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB975025)
Security Update for Windows Media Player (KB977816)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 6.4 (KB974112)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 (KB973540)
SPBBC
SymNet
Update Rollup 1 for Windows 2000 SP4
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual FoxPro 7.0 Baseline - English
Visual FoxPro 7.0 Professional - English
WebFldrs
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB887797
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB922760
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925486
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931768
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933566
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937143
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB939653
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB942615
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB944533
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB951748-V2
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB955759
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958215
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB958869
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960714
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB963027
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969059
Windows 2000 Hotfix - KB969897
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB969947
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971468
Windows 2000 Hotfix - KB971486
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB972270
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973525
Windows 2000 Hotfix - KB973869
Windows 2000 Hotfix - KB973904
Windows 2000 Hotfix - KB974318
Windows 2000 Hotfix - KB974392
Windows 2000 Hotfix - KB974455
Windows 2000 Hotfix - KB974571
Windows 2000 Hotfix - KB976325
Windows 2000 Hotfix - KB976749
Windows 2000 Hotfix - KB977165
Windows 2000 Hotfix - KB977914
Windows 2000 Hotfix - KB978037
Windows 2000 Hotfix - KB978207
Windows 2000 Hotfix - KB978251
Windows 2000 Hotfix - KB978262
Windows 2000 Hotfix - KB978542
Windows 2000 Hotfix - KB978601
Windows 2000 Hotfix - KB978706
Windows 2000 Hotfix - KB979309
Windows 2000 Hotfix - KB979683
Windows 2000 Hotfix - KB980182
Windows 2000 Hotfix - KB980232
Windows 2000 Hotfix - KB981350
Windows 2000 Hotfix (SP5) Q818043
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinPatrol
WinPatrol 2007 Restore/Remove First
WinZip
WLAN Cardbus
WordPerfect Office 2002 Professional
Yahoo! Toolbar

==== End Of File ===========================

///////////////////////////////////////////////////////////////////

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 13:33:38.63 on Wed 06/09/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.171 [GMT -7:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\Mixer.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [iuxirgcy] c:\documents and settings\administrator\local settings\application data\mvtrmppda\idrcmqitssd.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe "
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [pdfFactory Dispatcher v1] c:\winnt\system32\spool\drivers\w32x86\2\fppdis1.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe "
mRun: [SymTray - Norton SystemWorks] c:\program files\common files\symantec shared\Symtray.exe SetReg
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [iuxirgcy] c:\documents and settings\administrator\local settings\application data\mvtrmppda\idrcmqitssd.exe
mRunOnce: [SymTray - Norton SystemWorks] c:\program files\common files\symantec shared\Symtrdr.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wlanca~1.lnk - c:\program files\802.11 wireless lan\wlan cardbus\RtlWake.exe
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201320796428
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.3178935185
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\q4k9xxk3.default\
FF - prefs.js: browser.startup.homepage - hxxps://mailguard.calweb.com/login.php?lang=en|http://asmiforum.proboards.com/inde....php?f=2|http://www.whitehouse.gov/feed/blog/
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2009-4-27 64160]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\winnt\system32\drivers\AvgAsCln.sys [2007-2-19 3968]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-12-19 54968]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2007-11-4 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2007-11-4 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2007-11-4 169576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2007-11-4 139888]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~2\NPROTECT.EXE [2005-11-3 95832]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-11-4 1247600]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-6 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090706.016\NAVENG.Sys [2009-7-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090706.016\NavEx15.Sys [2009-7-6 876144]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [1999-12-7 24784]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-12-19 337592]
R3 SiS300;SiS300;c:\winnt\system32\drivers\sis300p.sys [2002-12-27 52272]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2002-12-26 602128]
S3 rtl8180;WLAN Cardbus/PCI Adapter;c:\winnt\system32\drivers\rtl8180.sys [2003-9-25 155152]
S3 s3legacy;s3legacy;c:\winnt\system32\drivers\s3legacy.sys [2002-12-23 65456]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-12-19 198416]

=============== Created Last 30 ================

2010-06-09 20:33:41 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_420.dat
2010-06-09 19:14:42 0 d-----w- c:\program files\Trend Micro
2010-06-08 14:13:34 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_298.dat
2010-06-07 14:01:07 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_294.dat
2010-05-15 21:33:47 54156 ---ha-w- c:\winnt\QTFont.qfn
2010-05-15 21:33:47 1409 ----a-w- c:\winnt\QTFont.for
2010-05-14 21:14:25 411368 ----a-w- c:\winnt\system32\deployJava1.dll

==================== Find3M ====================

2010-06-03 23:23:12 8896 ----a-w- c:\winnt\hh.dat
2010-03-15 16:28:02 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_408.dat
2010-03-12 09:14:24 401408 ----a-w- c:\winnt\system32\vbscript.dll
2002-12-23 22:46:32 271 ---h--w- c:\program files\desktop.ini
2002-12-23 22:46:32 21952 ---h--w- c:\program files\folder.htt
2001-11-23 04:08:20 712704 ----a-w- c:\winnt\inf\other\audio3d.dll
1999-12-07 12:00:00 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 13:34:11.46 ===============

broni · 2010/06/09

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

scorekeeper · 2010/06/09

Here's the log.

Will restart and finish the instructions.

************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

6/9/2010 6:59:41 PM
mbam-log-2010-06-09 (18-59-41).txt

Scan type: Quick scan
Objects scanned: 97080
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iuxirgcy (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iuxirgcy (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwarePro (Rogue.AdwarePro) -> Quarantined and deleted successfully.

Files Infected:
C:\install_flash_player.45171.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AdwarePro\SchedulePlan.txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\mvtrmppda\idrcmqitssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\WINNT\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

scorekeeper · 2010/06/09

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 19:27:24
Windows 5.0.2195 Service Pack 4
Running: 4yejfu2z.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwdyqkob.sys

---- System - GMER 1.0.15 ----

SSDT 81CA0208 ZwAlertResumeThread
SSDT 81C9FDE8 ZwAlertThread
SSDT 81CB4A48 ZwAllocateVirtualMemory
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwClose [0xBFE67A40]
SSDT 81CD8D68 ZwConnectPort
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xBBAA9020]
SSDT 81CB34E8 ZwCreateMutant
SSDT 81CB3648 ZwCreateThread
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xBBAA92A0]
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xBBAA9800]
SSDT 81CB4BA8 ZwFreeVirtualMemory
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwFsControlFile [0xBFE67AD0]
SSDT 81CB42A8 ZwImpersonateAnonymousToken
SSDT 81CB5B08 ZwImpersonateThread
SSDT 81CB4D88 ZwMapViewOfSection
SSDT 81CB40E8 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xEBA298AC]
SSDT 81C9F4E8 ZwOpenProcessToken
SSDT 81CB5268 ZwOpenThreadToken
SSDT 81CB8008 ZwQueryValueKey
SSDT 81CC5868 ZwResumeThread
SSDT 81C9FEA8 ZwSetContextThread
SSDT 81CB4F48 ZwSetInformationProcess
SSDT 81CB6608 ZwSetInformationThread
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xBBAA9A50]
SSDT 81C9FBA8 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xEBA29812]
SSDT 81C9FB28 ZwTerminateThread
SSDT 81C9F788 ZwUnmapViewOfSection
SSDT 81CB4C68 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? fmtc.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [4AD84AE3] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [4AD84C9A] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1028] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk1\DR1 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

broni · 2010/06/09

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

scorekeeper · 2010/06/10

Have combofix.

I think I got all the protection, but how do I tell?

broni · 2010/06/10

Say again?

scorekeeper · 2010/06/10

"broni said: ↑

Say again?
Click to expand...

Sorry, wasn’t sure how to make sure any malware software, etc was turned off.

When I ran it, I got a few error messages. One was CregC.dat couldn’t be accessed and there was an error accessing the registry. Another one was that creg,dat ciuldn’t be accessed.

I see that there is no recovery console installed, but it didn’t say anything about it when it was running. Hope I didn’t bung things up.

/////////////////////////////////////////////////////////////////////////////////////////////////
ComboFix 10-06-09.04 - Administrator 06/10/2010 11:23:47.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.164 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\dumphive.exe
c:\winnt\system32\kernel.dll
c:\winnt\system32\Process.exe
c:\winnt\system32\SrchSTS.exe
c:\winnt\system32\tmp.reg
c:\winnt\Web\default.htt
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 14:26 . 2010-06-10 14:26 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_290.dat
2010-06-10 00:33 . 2010-06-10 00:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-10 00:33 . 2010-04-29 22:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-06-10 00:33 . 2010-06-10 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 00:33 . 2010-04-29 22:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-06-10 00:33 . 2010-06-10 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 19:14 . 2010-06-09 19:14 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 19:14 . 2010-06-09 19:14 -------- d-----w- c:\program files\Trend Micro
2010-06-08 14:13 . 2010-06-08 14:13 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_298.dat
2010-06-05 18:23 . 2010-06-10 01:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\mvtrmppda
2010-05-26 17:34 . 2010-05-26 17:34 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35aee0ac-n\msvcp71.dll
2010-05-26 17:34 . 2010-05-26 17:34 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35aee0ac-n\jmc.dll
2010-05-26 17:34 . 2010-05-26 17:34 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35aee0ac-n\msvcr71.dll
2010-05-26 17:34 . 2010-05-26 17:34 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40f8df77-n\decora-sse.dll
2010-05-26 17:34 . 2010-05-26 17:34 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40f8df77-n\decora-d3d.dll
2010-05-14 21:14 . 2010-05-14 21:14 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1745013d-n\msvcp71.dll
2010-05-14 21:14 . 2010-05-14 21:14 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1745013d-n\jmc.dll
2010-05-14 21:14 . 2010-05-14 21:14 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1745013d-n\msvcr71.dll
2010-05-14 21:14 . 2010-05-14 21:14 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e8d7382-n\decora-sse.dll
2010-05-14 21:14 . 2010-05-14 21:14 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e8d7382-n\decora-d3d.dll
2010-05-14 21:14 . 2010-04-13 00:29 411368 ----a-w- c:\winnt\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 18:21 . 2010-06-10 18:21 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_420.dat
2010-06-10 00:33 . 2002-12-26 08:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-07 19:06 . 2003-01-01 21:50 -------- d-----w- c:\program files\Norton SystemWorks
2010-06-05 19:23 . 2007-04-07 19:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-03 23:23 . 2006-12-26 01:14 8896 ----a-w- c:\winnt\hh.dat
2010-05-17 19:00 . 2003-01-01 22:12 80440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 21:14 . 2006-12-12 18:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-14 21:13 . 2006-12-12 18:47 -------- d-----w- c:\program files\Java
2010-03-27 23:08 . 2010-03-27 23:08 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-27 23:07 . 2010-03-27 23:07 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-27 23:01 . 2010-03-27 23:01 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-15 16:28 . 2010-03-15 16:28 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_408.dat
2002-12-23 22:46 . 2002-12-23 22:46 21952 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2003-06-19 19:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2003-06-19 19:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\atapi.sys

[-] 2003-06-19 19:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2003-06-19 19:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\asyncmac.sys

[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\beep.sys
[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\beep.sys

[-] 2003-06-19 20:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\kbdclass.sys
[-] 2003-06-19 20:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2003-06-19 19:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys

[-] 2003-06-19 19:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2003-06-19 19:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ndis.sys

[-] 2005-05-10 09:20 . 7DC1F0F9BF87CA5CEE9A46C9A63DC1D3 . 513424 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ntfs.sys
[-] 2005-05-10 09:20 . 7DC1F0F9BF87CA5CEE9A46C9A63DC1D3 . 513424 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB820888$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2003-06-04 23:11 . 04E06B3B098087D2D0DBAA56280DCAB2 . 514320 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys

[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\null.sys
[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\null.sys

[-] 2005-04-08 11:54 . B4F3ECAAEBC715EDBEA44A28FDEDA851 . 71440 . . [ERROR: 0x0] . . c:\winnt\system32\browser.dll
[-] 2005-04-08 11:54 . B4F3ECAAEBC715EDBEA44A28FDEDA851 . 71440 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\browser.dll
[-] 2004-03-24 02:17 . 1B19559C80946E1FABF21859DB42CD54 . 69904 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\browser.dll

[-] 2004-12-19 22:30 . F19D0A319AB4BF5496F08807CB9B8651 . 33552 . . [ERROR: 0x0] . . c:\winnt\system32\LSASS.EXE
[-] 2004-12-19 22:30 . F19D0A319AB4BF5496F08807CB9B8651 . 33552 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\lsass.exe
[-] 2004-02-25 23:59 . 0C13D582EDAF90CBEA454A1AC535B913 . 33552 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lsass.exe

[-] 2005-08-16 08:35 . 600104D606AB3E9B9AB36076E6261A05 . 100112 . . [ERROR: 0x0] . . c:\winnt\system32\netman.dll
[-] 2005-08-16 08:35 . 600104D606AB3E9B9AB36076E6261A05 . 100112 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\netman.dll
[-] 2003-06-19 19:05 . 648A07AB73E49EF547A48D240CD36125 . 95504 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB905414$\netman.dll
[-] 2003-06-19 19:05 . 648A07AB73E49EF547A48D240CD36125 . 95504 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\netman.dll

[-] 2004-10-05 17:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\qmgr.dll
[-] 2004-10-05 17:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-10-05 17:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\qmgr.dll
[-] 2003-06-19 19:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB842773$\qmgr.dll
[-] 2003-06-19 19:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\qmgr.dll

[-] 2005-09-05 08:18 . 037EBCF93DF5F0C31CCD2FF7E31E3BA5 . 212240 . . [ERROR: 0x0] . . c:\winnt\system32\rpcss.dll
[-] 2005-09-05 08:18 . 037EBCF93DF5F0C31CCD2FF7E31E3BA5 . 212240 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2005-04-08 11:54 . 391AFA6F7FE9AA667B2C54DFAE2D0FBD . 273680 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 01:27 . 10789155522BE499A232AD2773AC1DF0 . 212240 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll
[-] 2004-03-11 21:29 . 4A72D5DD3AAD4B967ABE12D2A3044B98 . 211728 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB873333$\rpcss.dll
[-] 2003-08-23 21:48 . EBF7D8A02D8A32926B19EA4C6AD4FE0E . 192272 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB828741$\rpcss.dll
[-] 2003-07-05 17:15 . F2096A09599496237540E3B5B571A9E0 . 188688 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB824146$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB823980$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\rpcss.dll

[-] 2005-04-08 11:51 . B861B4E6E9637EB76A40C10C552E0229 . 92944 . . [ERROR: 0x0] . . c:\winnt\system32\SERVICES.EXE
[-] 2005-04-08 11:51 . B861B4E6E9637EB76A40C10C552E0229 . 92944 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\services.exe

[-] 2005-07-12 04:59 . FACFB75ECC070103619FA044E0B210D3 . 47376 . . [ERROR: 0x0] . . c:\winnt\system32\spoolsv.exe
[-] 2005-07-12 04:59 . FACFB75ECC070103619FA044E0B210D3 . 47376 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\spoolsv.exe
[-] 2003-06-19 19:05 . 987DAF317B917CFC973DE8364D62A76C . 45328 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB896423$\spoolsv.exe
[-] 2003-06-19 19:05 . 987DAF317B917CFC973DE8364D62A76C . 45328 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\spoolsv.exe

[-] 2005-04-08 11:51 . BB1DAF6A5737652646D52665251A0265 . 186640 . . [ERROR: 0x0] . . c:\winnt\system32\WINLOGON.EXE
[-] 2005-04-08 11:51 . BB1DAF6A5737652646D52665251A0265 . 186640 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\WINLOGON.EXE
[-] 2004-08-24 22:59 . 5922E8055EB439A58EF29530D8567A40 . 182544 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB841533$\winlogon.exe
[-] 2004-08-24 22:59 . 5922E8055EB439A58EF29530D8567A40 . 182544 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe
[-] 2004-03-11 02:37 . 563B3DE5B6EE842CFFA8813F9EF4CB5C . 181520 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB840987$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\winlogon.exe

[-] 2006-08-28 08:44 . F4230CAA2B9166E5114441F6B7B2DC3F . 530192 . . [ERROR: 0x0] . . c:\winnt\system32\comctl32.dll
[-] 2006-08-28 08:44 . F4230CAA2B9166E5114441F6B7B2DC3F . 530192 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\comctl32.dll
[-] 2003-06-19 19:05 . 7A0C4F7B3FAF67A8FE4FE3A24BB39927 . 550672 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\comctl32.dll
[-] 2002-08-29 14:14 . 9EDC93CC795DFF919C6CD953912838A9 . 529680 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB923191$\comctl32.dll

[-] 2005-04-21 08:08 . 7D77D4AF905903AEDBEED9989857A9A5 . 78096 . . [ERROR: 0x0] . . c:\winnt\system32\cryptsvc.dll
[-] 2005-04-21 08:08 . 7D77D4AF905903AEDBEED9989857A9A5 . 78096 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\cryptsvc.dll
[-] 2004-03-24 02:17 . 644108E90CA7F628AA5650C31A2E74F5 . 76048 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-07-10 10:00 . 019BD72A117C13DF44D6CA3B96A345D6 . 251152 . . [ERROR: 0x0] . . c:\winnt\system32\es.dll
[-] 2008-07-10 10:00 . 019BD72A117C13DF44D6CA3B96A345D6 . 251152 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\es.dll
[-] 2005-09-05 08:18 . D8D44D8ED1B35285A83984ACF5D13CB3 . 242448 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB950974$\es.dll
[-] 2004-03-11 21:29 . 0400F13BDEC0E1F04C1AD2002D5650A4 . 239888 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB828741$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\es.dll

[-] 2003-06-19 19:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2003-06-19 19:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\system32\imm32.dll

[-] 2007-04-16 12:44 . 18D623471DE9DCC2CEA310B2F3FBA15A . 712976 . . [ERROR: 0x0] . . c:\winnt\Driver Cache\i386\kernel32.dll
[-] 2007-04-16 12:44 . 0AB23B46CCAEBA64D748A5CF79CB4BB6 . 712976 . . [ERROR: 0x0] . . c:\winnt\system32\KERNEL32.DLL
[-] 2007-04-16 12:44 . 18D623471DE9DCC2CEA310B2F3FBA15A . 712976 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2006-06-21 06:52 . 84AE59F949F127A3D8D4F4A09D0CE0BD . 712976 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2005-08-16 09:39 . 694E9BC2ADE4F30C99D8A59340307E1A . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll
[-] 2004-06-22 01:35 . CBFC72131FB475249DB3667239F3F4EA . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB891711$\kernel32.dll
[-] 2004-06-17 23:05 . 276ABD5DD2053008C6C327C590DD806D . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB841533$\kernel32.dll
[-] 2004-06-17 23:05 . 276ABD5DD2053008C6C327C590DD806D . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll
[-] 2004-03-24 02:17 . 5E9BB22C56919870FC80444E655F8AF6 . 742160 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB840987$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\kernel32.dll
[-] 2003-06-19 19:05 . 1E93BDAAE187253D18711DA5C210474A . 743184 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\kernel32.dll

[-] 2005-09-23 11:03 . EB0EA3EF05D648455D691348C819E479 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\linkinfo.dll
[-] 2005-09-23 11:03 . EB0EA3EF05D648455D691348C819E479 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\linkinfo.dll
[-] 2005-04-08 11:54 . 4EDE648460D79405487672EFF49805F6 . 17168 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2004-09-02 20:03 . 814222ED1C5C31B135B6F97585FE6B41 . 17168 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll
[-] 1999-12-07 12:00 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB841356$\linkinfo.dll

[-] 2003-06-19 19:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2003-06-19 19:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\system32\lpk.dll

[-] 2003-06-19 19:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2003-06-19 19:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\system32\msvcrt.dll

[-] 2005-04-08 11:54 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [ERROR: 0x0] . . c:\winnt\system32\NETLOGON.DLL
[-] 2005-04-08 11:54 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\NETLOGON.DLL
[-] 2004-03-24 02:17 . 21537BC1F1AB7667A3828B2344E6D4BA . 371472 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\netlogon.dll

[-] 2003-06-19 19:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2003-06-19 19:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\system32\powrprof.dll

[-] 2005-01-12 19:39 . 6FCCE1622E75C7DC46509F7EC4B314A3 . 114448 . . [ERROR: 0x0] . . c:\winnt\system32\scecli.dll
[-] 2005-01-12 19:39 . 6FCCE1622E75C7DC46509F7EC4B314A3 . 114448 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\scecli.dll
[-] 2004-03-24 02:17 . 0B476C9305098B37BE70F0AC29E671E5 . 111376 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\scecli.dll

[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\svchost.exe
[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\svchost.exe

[-] 2005-07-02 11:30 . E1086008E7BCE8621F09E6F13B89CC31 . 175888 . . [ERROR: 0x0] . . c:\winnt\system32\tapisrv.dll
[-] 2005-07-02 11:30 . E1086008E7BCE8621F09E6F13B89CC31 . 175888 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\tapisrv.dll
[-] 2003-06-19 19:05 . 83C78929A8DB0AA545B5F90A4786783C . 173328 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
[-] 2003-06-19 19:05 . 83C78929A8DB0AA545B5F90A4786783C . 173328 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll

[-] 2007-03-06 11:17 . 40023A7103796B1AF6CA41A6DBC54775 . 381200 . . [ERROR: 0x0] . . c:\winnt\system32\USER32.DLL
[-] 2007-03-06 11:17 . 40023A7103796B1AF6CA41A6DBC54775 . 381200 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\USER32.DLL
[-] 2005-04-21 08:08 . 63A7731CF4BA8565B9F07908FAC05C3B . 419600 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2005-03-12 07:54 . 05CB047C49480A2157911B0A1C7E4C10 . 380688 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll
[-] 2004-12-29 09:14 . 6CDD0DEAC5BBF7BA47D52E237FFDAE43 . 380688 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2004-03-24 02:17 . 6AE59F325971F7D151A50A4E00E04DC0 . 403216 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB891711$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\user32.dll

[-] 2003-06-19 19:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2003-06-19 19:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\USERINIT.EXE

[-] 2003-06-19 19:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2003-06-19 19:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\system32\ws2_32.dll
[-] 2003-06-19 19:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ws2_32.dll

[-] 2003-06-19 19:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\explorer.exe
[-] 2003-06-19 19:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\explorer.exe

[-] 2005-04-08 11:54 . E7F03344AE103B02135C20112B557051 . 49424 . . [ERROR: 0x0] . . c:\winnt\system32\EVENTLOG.DLL
[-] 2005-04-08 11:54 . E7F03344AE103B02135C20112B557051 . 49424 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\EVENTLOG.DLL
[-] 2004-03-24 02:17 . CEB85BFA135CBDDA10C89E5D31D95F9B . 47888 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\eventlog.dll

[-] 2005-04-08 10:34 . 7645645BB506C26B96B8F31893378C4B . 973072 . . [ERROR: 0x0] . . c:\winnt\system32\sfcfiles.dll
[-] 2005-04-08 10:34 . 7645645BB506C26B96B8F31893378C4B . 973072 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\sfcfiles.dll
[-] 2004-03-24 02:17 . 33D82938C20BA61E4EDB6DA85829BF23 . 971536 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll

[-] 2003-06-19 19:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2003-06-19 19:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\system32\appmgmts.dll

[-] 2003-06-19 19:05 . 4B10B4DB777EE2EF8E755E7F3D7C4FE8 . 11536 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\acpiec.sys
[-] 2003-06-19 19:05 . 4B10B4DB777EE2EF8E755E7F3D7C4FE8 . 11536 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\acpiec.sys

[-] 2006-11-02 17:31 . 6CE82AC80967541ED3787B62B2242271 . 927504 . . [ERROR: 0x0] . . c:\winnt\system32\MFC40U.DLL
[-] 2006-11-02 17:31 . 6CE82AC80967541ED3787B62B2242271 . 927504 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\mfc40u.dll
[-] 1999-12-07 12:00 . CDDD1A27861C406D1B3906A2B2C60CE3 . 924432 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB924667$\mfc40u.dll

[-] 2005-04-08 11:54 . 4B6E4C650721D2A51B8F51B7E5787552 . 35600 . . [ERROR: 0x0] . . c:\winnt\system32\MSGSVC.DLL
[-] 2005-04-08 11:54 . 4B6E4C650721D2A51B8F51B7E5787552 . 35600 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\msgsvc.dll
[-] 2003-10-02 21:17 . B6C0EECE00ACE0379C0F75274E89E47F . 34064 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB828035$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll

[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2003-06-19 19:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2003-06-19 19:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\system32\ntmssvc.dll

[-] 2004-07-09 12:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [ERROR: 0x0] . . c:\winnt\system32\dsound.dll
[-] 2004-07-09 12:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager "= "mobsync.exe" [2003-06-19 111376]
"zBrowser Launcher "= "c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"EM_EXEC "= "c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"MMTray "= "c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"C-Media Mixer "= "Mixer.exe" [2002-10-16 1818624]
"pdfFactory Dispatcher v1 "= "c:\winnt\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-06-12 352256]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"SSC_UserPrompt "= "c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]
"SymTray - Norton SystemWorks "= "c:\program files\Common Files\Symantec Shared\Symtray.exe" [2005-11-29 116392]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-27 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2005-7-16 1056864]
WLAN Cardbus.lnk - c:\program files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe [2003-12-26 716800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [4/27/2009 2:15 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [11/3/2005 5:08 PM 95832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [7/6/2009 11:40 AM 101936]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [12/7/1999 5:00 AM 24784]
R3 SiS300;SiS300;c:\winnt\system32\drivers\sis300p.sys [12/27/2002 1:36 AM 52272]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [12/26/2002 1:08 AM 602128]
S3 rtl8180;WLAN Cardbus/PCI Adapter;c:\winnt\system32\drivers\rtl8180.sys [9/25/2003 1:02 PM 155152]
S3 s3legacy;s3legacy;c:\winnt\system32\drivers\s3legacy.sys [12/23/2002 11:44 AM 65456]
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:16]

2010-06-04 c:\winnt\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- c:\progra~1\NORTON~2\NORTON~1\Navw32.exe [2007-11-05 20:13]

2006-07-15 c:\winnt\Tasks\Norton AntiVirus - Run Norton QuickScan - Administrator.job
- c:\progra~1\NORTON~2\NORTON~1\Navw32.exe [2007-11-05 20:13]

2010-06-07 c:\winnt\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2005-11-29 18:47]

2010-05-08 c:\winnt\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-27 02:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4k9xxk3.default\
FF - prefs.js: browser.startup.homepage - hxxps://mailguard.calweb.com/login.php?lang=en|http://asmiforum.proboards.com/inde....php?f=2|http://www.whitehouse.gov/feed/blog/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 11:30
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2010-06-10 11:34:16
ComboFix-quarantined-files.txt 2010-06-10 18:34

Pre-Run: 11,798,953,984 bytes free
Post-Run: 12,159,664,128 bytes free

- - End Of File - - 1A840DFF435893876C3DA97F5C3BB42C

broni · 2010/06/10

Make sure to allow recovery console installation on next Combofix run.

Please, uninstall AVG Anti-Spyware 7.5, since it's not functional anymore.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\mvtrmppda

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

scorekeeper · 2010/06/10

Got a heck of a scare. When CB was done, I restarted. The restart didn't even get to checking the disk, drives, etc. I rest, and the 2nd time it stopped again, but this time I let it go, and after a few minutes it kicked off and ran.

CB didn't ask if I wanted to install recovery, but it did ask if I wanted to get the available update, which I did.

I got the same error messages about not being able to import crecc.dat and creg,dat. Otherwise things are goin' right along.

///////////////////////////////////////////////////

ComboFix 10-06-10.03 - Administrator 06/10/2010 15:12:34.2.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.98 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\mvtrmppda
c:\documents and settings\Administrator\Recent\exeHelper.com.pif
c:\documents and settings\Administrator\Recent\rkill.com.pif

.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 22:10 . 2010-06-10 22:10 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_3f0.dat
2010-06-10 18:38 . 2010-06-10 18:38 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_28c.dat
2010-06-10 00:33 . 2010-06-10 00:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-10 00:33 . 2010-04-29 22:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-06-10 00:33 . 2010-06-10 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 00:33 . 2010-04-29 22:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-06-10 00:33 . 2010-06-10 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 19:14 . 2010-06-09 19:14 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 19:14 . 2010-06-09 19:14 -------- d-----w- c:\program files\Trend Micro
2010-06-08 14:13 . 2010-06-08 14:13 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_298.dat
2010-05-26 17:34 . 2010-05-26 17:34 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35aee0ac-n\msvcp71.dll
2010-05-26 17:34 . 2010-05-26 17:34 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35aee0ac-n\jmc.dll
2010-05-26 17:34 . 2010-05-26 17:34 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35aee0ac-n\msvcr71.dll
2010-05-26 17:34 . 2010-05-26 17:34 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40f8df77-n\decora-sse.dll
2010-05-26 17:34 . 2010-05-26 17:34 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-40f8df77-n\decora-d3d.dll
2010-05-14 21:14 . 2010-05-14 21:14 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1745013d-n\msvcp71.dll
2010-05-14 21:14 . 2010-05-14 21:14 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1745013d-n\jmc.dll
2010-05-14 21:14 . 2010-05-14 21:14 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1745013d-n\msvcr71.dll
2010-05-14 21:14 . 2010-05-14 21:14 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e8d7382-n\decora-sse.dll
2010-05-14 21:14 . 2010-05-14 21:14 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5e8d7382-n\decora-d3d.dll
2010-05-14 21:14 . 2010-04-13 00:29 411368 ----a-w- c:\winnt\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 00:33 . 2002-12-26 08:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-07 19:06 . 2003-01-01 21:50 -------- d-----w- c:\program files\Norton SystemWorks
2010-06-05 19:23 . 2007-04-07 19:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-03 23:23 . 2006-12-26 01:14 8896 ----a-w- c:\winnt\hh.dat
2010-05-17 19:00 . 2003-01-01 22:12 80440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 21:14 . 2006-12-12 18:44 -------- d-----w- c:\program files\Common Files\Java
2010-05-14 21:13 . 2006-12-12 18:47 -------- d-----w- c:\program files\Java
2010-03-27 23:08 . 2010-03-27 23:08 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-27 23:07 . 2010-03-27 23:07 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-27 23:01 . 2010-03-27 23:01 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-15 16:28 . 2010-03-15 16:28 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_408.dat
2002-12-23 22:46 . 2002-12-23 22:46 21952 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2003-06-19 19:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\atapi.sys
[-] 2003-06-19 19:05 . 8C718AA8C77041B3285D55A0CE980867 . 86672 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\atapi.sys

[-] 2003-06-19 19:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\asyncmac.sys
[-] 2003-06-19 19:05 . 5D3D77C9EB3A8E6A14CC8E1252B6CC5C . 17840 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\asyncmac.sys

[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\beep.sys
[-] 1999-12-07 12:00 . DF012C2853281CE2BF536E8DE871C8C1 . 4080 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\beep.sys

[-] 2003-06-19 20:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\kbdclass.sys
[-] 2003-06-19 20:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\kbdclass.sys
[-] 2003-06-19 19:05 . 399055F5C4A98F39B47D26888A72145D . 24528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\kbdclass.sys

[-] 2003-06-19 19:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ndis.sys
[-] 2003-06-19 19:05 . FB4F2D0595BD3546A4DD915E4A9B4809 . 170928 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ndis.sys

[-] 2005-05-10 09:20 . 7DC1F0F9BF87CA5CEE9A46C9A63DC1D3 . 513424 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ntfs.sys
[-] 2005-05-10 09:20 . 7DC1F0F9BF87CA5CEE9A46C9A63DC1D3 . 513424 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB820888$\ntfs.sys
[-] 2003-06-19 19:05 . F6AB0E765D5B80443B93C52C42F2602A . 534192 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntfs.sys
[-] 2003-06-04 23:11 . 04E06B3B098087D2D0DBAA56280DCAB2 . 514320 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\ntfs.sys

[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\null.sys
[-] 1999-12-07 12:00 . 280209CDE798720A24D232BF9CFDA8E9 . 2800 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\null.sys

[-] 2005-04-08 11:54 . B4F3ECAAEBC715EDBEA44A28FDEDA851 . 71440 . . [ERROR: 0x0] . . c:\winnt\system32\browser.dll
[-] 2005-04-08 11:54 . B4F3ECAAEBC715EDBEA44A28FDEDA851 . 71440 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\browser.dll
[-] 2004-03-24 02:17 . 1B19559C80946E1FABF21859DB42CD54 . 69904 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\browser.dll
[-] 2003-06-19 19:05 . 38A6BC551496C24118BD1524425AF2FE . 68880 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\browser.dll

[-] 2004-12-19 22:30 . F19D0A319AB4BF5496F08807CB9B8651 . 33552 . . [ERROR: 0x0] . . c:\winnt\system32\LSASS.EXE
[-] 2004-12-19 22:30 . F19D0A319AB4BF5496F08807CB9B8651 . 33552 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\lsass.exe
[-] 2004-02-25 23:59 . 0C13D582EDAF90CBEA454A1AC535B913 . 33552 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\lsass.exe
[-] 2003-06-19 19:05 . 271229760CCED993E9E7CAB1C7274134 . 33552 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lsass.exe

[-] 2005-08-16 08:35 . 600104D606AB3E9B9AB36076E6261A05 . 100112 . . [ERROR: 0x0] . . c:\winnt\system32\netman.dll
[-] 2005-08-16 08:35 . 600104D606AB3E9B9AB36076E6261A05 . 100112 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\netman.dll
[-] 2003-06-19 19:05 . 648A07AB73E49EF547A48D240CD36125 . 95504 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB905414$\netman.dll
[-] 2003-06-19 19:05 . 648A07AB73E49EF547A48D240CD36125 . 95504 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\netman.dll

[-] 2004-10-05 17:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\qmgr.dll
[-] 2004-10-05 17:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\BITS\qmgr.dll
[-] 2004-10-05 17:43 . DCD38D8178BF1BEA585F2F003EE3460E . 362496 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\qmgr.dll
[-] 2003-06-19 19:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB842773$\qmgr.dll
[-] 2003-06-19 19:05 . FE02334DB8598E2706A51A24DD33AB00 . 244224 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\qmgr.dll

[-] 2005-09-05 08:18 . 037EBCF93DF5F0C31CCD2FF7E31E3BA5 . 212240 . . [ERROR: 0x0] . . c:\winnt\system32\rpcss.dll
[-] 2005-09-05 08:18 . 037EBCF93DF5F0C31CCD2FF7E31E3BA5 . 212240 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\rpcss.dll
[-] 2005-04-08 11:54 . 391AFA6F7FE9AA667B2C54DFAE2D0FBD . 273680 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 01:27 . 10789155522BE499A232AD2773AC1DF0 . 212240 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\rpcss.dll
[-] 2004-03-11 21:29 . 4A72D5DD3AAD4B967ABE12D2A3044B98 . 211728 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB873333$\rpcss.dll
[-] 2003-08-23 21:48 . EBF7D8A02D8A32926B19EA4C6AD4FE0E . 192272 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB828741$\rpcss.dll
[-] 2003-07-05 17:15 . F2096A09599496237540E3B5B571A9E0 . 188688 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB824146$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB823980$\rpcss.dll
[-] 2003-06-19 19:05 . B49E4F60ED7E5918E44396768F9F02F2 . 239376 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\rpcss.dll

[-] 2005-04-08 11:51 . B861B4E6E9637EB76A40C10C552E0229 . 92944 . . [ERROR: 0x0] . . c:\winnt\system32\SERVICES.EXE
[-] 2005-04-08 11:51 . B861B4E6E9637EB76A40C10C552E0229 . 92944 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\services.exe
[-] 2003-06-19 19:05 . CFED2D28F5B8A24127E9E06043070643 . 89360 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\services.exe

[-] 2005-07-12 04:59 . FACFB75ECC070103619FA044E0B210D3 . 47376 . . [ERROR: 0x0] . . c:\winnt\system32\spoolsv.exe
[-] 2005-07-12 04:59 . FACFB75ECC070103619FA044E0B210D3 . 47376 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\spoolsv.exe
[-] 2003-06-19 19:05 . 987DAF317B917CFC973DE8364D62A76C . 45328 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB896423$\spoolsv.exe
[-] 2003-06-19 19:05 . 987DAF317B917CFC973DE8364D62A76C . 45328 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\spoolsv.exe

[-] 2005-04-08 11:51 . BB1DAF6A5737652646D52665251A0265 . 186640 . . [ERROR: 0x0] . . c:\winnt\system32\WINLOGON.EXE
[-] 2005-04-08 11:51 . BB1DAF6A5737652646D52665251A0265 . 186640 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\WINLOGON.EXE
[-] 2004-08-24 22:59 . 5922E8055EB439A58EF29530D8567A40 . 182544 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB841533$\winlogon.exe
[-] 2004-08-24 22:59 . 5922E8055EB439A58EF29530D8567A40 . 182544 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\winlogon.exe
[-] 2004-03-11 02:37 . 563B3DE5B6EE842CFFA8813F9EF4CB5C . 181520 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB840987$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\winlogon.exe
[-] 2003-06-19 19:05 . 3980C28D116D438BBB36FB38526FDE1A . 181008 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\winlogon.exe

[-] 2006-08-28 08:44 . F4230CAA2B9166E5114441F6B7B2DC3F . 530192 . . [ERROR: 0x0] . . c:\winnt\system32\comctl32.dll
[-] 2006-08-28 08:44 . F4230CAA2B9166E5114441F6B7B2DC3F . 530192 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\comctl32.dll
[-] 2003-06-19 19:05 . 7A0C4F7B3FAF67A8FE4FE3A24BB39927 . 550672 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\comctl32.dll
[-] 2002-08-29 14:14 . 9EDC93CC795DFF919C6CD953912838A9 . 529680 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB923191$\comctl32.dll

[-] 2005-04-21 08:08 . 7D77D4AF905903AEDBEED9989857A9A5 . 78096 . . [ERROR: 0x0] . . c:\winnt\system32\cryptsvc.dll
[-] 2005-04-21 08:08 . 7D77D4AF905903AEDBEED9989857A9A5 . 78096 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\cryptsvc.dll
[-] 2004-03-24 02:17 . 644108E90CA7F628AA5650C31A2E74F5 . 76048 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\cryptsvc.dll
[-] 2003-06-19 19:05 . 385F52746FD8558D43999AEED250769A . 76048 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-07-10 10:00 . 019BD72A117C13DF44D6CA3B96A345D6 . 251152 . . [ERROR: 0x0] . . c:\winnt\system32\es.dll
[-] 2008-07-10 10:00 . 019BD72A117C13DF44D6CA3B96A345D6 . 251152 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\es.dll
[-] 2005-09-05 08:18 . D8D44D8ED1B35285A83984ACF5D13CB3 . 242448 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB950974$\es.dll
[-] 2004-03-11 21:29 . 0400F13BDEC0E1F04C1AD2002D5650A4 . 239888 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB902400$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB828741$\es.dll
[-] 2003-06-19 19:05 . FACD7422F6FBC7CD3AEA3AFCB8382ECF . 233232 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\es.dll

[-] 2003-06-19 19:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\imm32.dll
[-] 2003-06-19 19:05 . 873794CE17DD72420D9C4072D4D112E5 . 96528 . . [ERROR: 0x0] . . c:\winnt\system32\imm32.dll

[-] 2007-04-16 12:44 . 18D623471DE9DCC2CEA310B2F3FBA15A . 712976 . . [ERROR: 0x0] . . c:\winnt\Driver Cache\i386\kernel32.dll
[-] 2007-04-16 12:44 . 0AB23B46CCAEBA64D748A5CF79CB4BB6 . 712976 . . [ERROR: 0x0] . . c:\winnt\system32\KERNEL32.DLL
[-] 2007-04-16 12:44 . 18D623471DE9DCC2CEA310B2F3FBA15A . 712976 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\kernel32.dll
[-] 2006-06-21 06:52 . 84AE59F949F127A3D8D4F4A09D0CE0BD . 712976 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2005-08-16 09:39 . 694E9BC2ADE4F30C99D8A59340307E1A . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB917422$\kernel32.dll
[-] 2004-06-22 01:35 . CBFC72131FB475249DB3667239F3F4EA . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB891711$\kernel32.dll
[-] 2004-06-17 23:05 . 276ABD5DD2053008C6C327C590DD806D . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB841533$\kernel32.dll
[-] 2004-06-17 23:05 . 276ABD5DD2053008C6C327C590DD806D . 712464 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll
[-] 2004-03-24 02:17 . 5E9BB22C56919870FC80444E655F8AF6 . 742160 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB840987$\kernel32.dll
[-] 2003-06-19 19:05 . AFFDA6F602A8F0DBA615279C28B3BDF8 . 743184 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\kernel32.dll
[-] 2003-06-19 19:05 . 1E93BDAAE187253D18711DA5C210474A . 743184 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\kernel32.dll

[-] 2005-09-23 11:03 . EB0EA3EF05D648455D691348C819E479 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\linkinfo.dll
[-] 2005-09-23 11:03 . EB0EA3EF05D648455D691348C819E479 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\linkinfo.dll
[-] 2005-04-08 11:54 . 4EDE648460D79405487672EFF49805F6 . 17168 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB900725$\linkinfo.dll
[-] 2004-09-02 20:03 . 814222ED1C5C31B135B6F97585FE6B41 . 17168 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll
[-] 1999-12-07 12:00 . A5977BF56A537AFDF2464F1314C315CF . 16144 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB841356$\linkinfo.dll

[-] 2003-06-19 19:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\lpk.dll
[-] 2003-06-19 19:05 . EF290209052ED43DDFDB8F0E74EC79EF . 20240 . . [ERROR: 0x0] . . c:\winnt\system32\lpk.dll

[-] 2003-06-19 19:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msvcrt.dll
[-] 2003-06-19 19:05 . BA7BE6F92680B28B9031170659FD222D . 286773 . . [ERROR: 0x0] . . c:\winnt\system32\msvcrt.dll

[-] 2005-04-08 11:54 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [ERROR: 0x0] . . c:\winnt\system32\NETLOGON.DLL
[-] 2005-04-08 11:54 . BE8FC3C74AB5212CD4067E8973764AD6 . 366864 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\NETLOGON.DLL
[-] 2004-03-24 02:17 . 21537BC1F1AB7667A3828B2344E6D4BA . 371472 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\netlogon.dll
[-] 2003-06-19 19:05 . 11B91C26925F56F577089FF88AA0BEC0 . 371984 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\netlogon.dll

[-] 2003-06-19 19:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\powrprof.dll
[-] 2003-06-19 19:05 . 0A35F356726069B95F4BB2A99203FDD4 . 13584 . . [ERROR: 0x0] . . c:\winnt\system32\powrprof.dll

[-] 2005-01-12 19:39 . 6FCCE1622E75C7DC46509F7EC4B314A3 . 114448 . . [ERROR: 0x0] . . c:\winnt\system32\scecli.dll
[-] 2005-01-12 19:39 . 6FCCE1622E75C7DC46509F7EC4B314A3 . 114448 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\scecli.dll
[-] 2004-03-24 02:17 . 0B476C9305098B37BE70F0AC29E671E5 . 111376 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\scecli.dll
[-] 2003-06-19 19:05 . FF11B32A906D75CD96957B66E318DAD0 . 114448 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\scecli.dll

[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\svchost.exe
[-] 1999-12-07 12:00 . 9E64AD53CFD9DA2D22E8A924F8C6E62C . 7952 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\svchost.exe

[-] 2005-07-02 11:30 . E1086008E7BCE8621F09E6F13B89CC31 . 175888 . . [ERROR: 0x0] . . c:\winnt\system32\tapisrv.dll
[-] 2005-07-02 11:30 . E1086008E7BCE8621F09E6F13B89CC31 . 175888 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\tapisrv.dll
[-] 2003-06-19 19:05 . 83C78929A8DB0AA545B5F90A4786783C . 173328 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB893756$\tapisrv.dll
[-] 2003-06-19 19:05 . 83C78929A8DB0AA545B5F90A4786783C . 173328 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\tapisrv.dll

[-] 2007-03-06 11:17 . 40023A7103796B1AF6CA41A6DBC54775 . 381200 . . [ERROR: 0x0] . . c:\winnt\system32\USER32.DLL
[-] 2007-03-06 11:17 . 40023A7103796B1AF6CA41A6DBC54775 . 381200 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\USER32.DLL
[-] 2005-04-21 08:08 . 63A7731CF4BA8565B9F07908FAC05C3B . 419600 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB925902$\user32.dll
[-] 2005-03-12 07:54 . 05CB047C49480A2157911B0A1C7E4C10 . 380688 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\user32.dll
[-] 2004-12-29 09:14 . 6CDD0DEAC5BBF7BA47D52E237FFDAE43 . 380688 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB890859$\user32.dll
[-] 2004-03-24 02:17 . 6AE59F325971F7D151A50A4E00E04DC0 . 403216 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB891711$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\user32.dll
[-] 2003-06-19 19:05 . 11ED538DB87D8CF38017A63A82AA805D . 403216 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\user32.dll

[-] 2003-06-19 19:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\userinit.exe
[-] 2003-06-19 19:05 . BF179C5B8A722CC79AEF1CA90D6C7D48 . 17680 . . [ERROR: 0x0] . . c:\winnt\system32\USERINIT.EXE

[-] 2003-06-19 19:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ws2_32.dll
[-] 2003-06-19 19:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\system32\ws2_32.dll
[-] 2003-06-19 19:05 . 0190C62DE42396D78DB9BE771CF2403E . 69904 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\ws2_32.dll

[-] 2003-06-19 19:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\explorer.exe
[-] 2003-06-19 19:05 . 59CF2B7DCED9111F48F51B4B570E672D . 243472 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\explorer.exe

[-] 2005-04-08 11:54 . E7F03344AE103B02135C20112B557051 . 49424 . . [ERROR: 0x0] . . c:\winnt\system32\EVENTLOG.DLL
[-] 2005-04-08 11:54 . E7F03344AE103B02135C20112B557051 . 49424 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\EVENTLOG.DLL
[-] 2004-03-24 02:17 . CEB85BFA135CBDDA10C89E5D31D95F9B . 47888 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\eventlog.dll
[-] 2003-06-19 19:05 . 5738D5804F61A1D30D86FA24DEE56E0C . 47888 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\eventlog.dll

[-] 2005-04-08 10:34 . 7645645BB506C26B96B8F31893378C4B . 973072 . . [ERROR: 0x0] . . c:\winnt\system32\sfcfiles.dll
[-] 2005-04-08 10:34 . 7645645BB506C26B96B8F31893378C4B . 973072 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\sfcfiles.dll
[-] 2004-03-24 02:17 . 33D82938C20BA61E4EDB6DA85829BF23 . 971536 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB835732$\sfcfiles.dll
[-] 2003-06-19 19:05 . A871E77694E9146B3C655A734B1ECF46 . 971024 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\sfcfiles.dll

[-] 2003-06-19 19:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\appmgmts.dll
[-] 2003-06-19 19:05 . 9C2A16951FD6A21AEF1C29F213A564B2 . 120592 . . [ERROR: 0x0] . . c:\winnt\system32\appmgmts.dll

[-] 2003-06-19 19:05 . 4B10B4DB777EE2EF8E755E7F3D7C4FE8 . 11536 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\acpiec.sys
[-] 2003-06-19 19:05 . 4B10B4DB777EE2EF8E755E7F3D7C4FE8 . 11536 . . [ERROR: 0x0] . . c:\winnt\system32\drivers\acpiec.sys

[-] 2006-11-02 17:31 . 6CE82AC80967541ED3787B62B2242271 . 927504 . . [ERROR: 0x0] . . c:\winnt\system32\MFC40U.DLL
[-] 2006-11-02 17:31 . 6CE82AC80967541ED3787B62B2242271 . 927504 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\mfc40u.dll
[-] 1999-12-07 12:00 . CDDD1A27861C406D1B3906A2B2C60CE3 . 924432 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB924667$\mfc40u.dll

[-] 2005-04-08 11:54 . 4B6E4C650721D2A51B8F51B7E5787552 . 35600 . . [ERROR: 0x0] . . c:\winnt\system32\MSGSVC.DLL
[-] 2005-04-08 11:54 . 4B6E4C650721D2A51B8F51B7E5787552 . 35600 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\msgsvc.dll
[-] 2003-10-02 21:17 . B6C0EECE00ACE0379C0F75274E89E47F . 34064 . . [ERROR: 0x0] . . c:\winnt\$NtUpdateRollupPackUninstall$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\$NtUninstallKB828035$\msgsvc.dll
[-] 2003-06-19 19:05 . C470CF2972A6DF2214764DA2FE8B768F . 35600 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\msgsvc.dll

[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2003-06-19 19:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\ServicePackFiles\i386\ntmssvc.dll
[-] 2003-06-19 19:05 . 56D893A01269008C28FBF2D025B2FA78 . 401168 . . [ERROR: 0x0] . . c:\winnt\system32\ntmssvc.dll

[-] 2004-07-09 12:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [ERROR: 0x0] . . c:\winnt\system32\dsound.dll
[-] 2004-07-09 12:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [ERROR: 0x0] . . c:\winnt\system32\dllcache\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager "= "mobsync.exe" [2003-06-19 111376]
"zBrowser Launcher "= "c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"EM_EXEC "= "c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"MMTray "= "c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"C-Media Mixer "= "Mixer.exe" [2002-10-16 1818624]
"pdfFactory Dispatcher v1 "= "c:\winnt\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-06-12 352256]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"SSC_UserPrompt "= "c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]
"SymTray - Norton SystemWorks "= "c:\program files\Common Files\Symantec Shared\Symtray.exe" [2005-11-29 116392]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-27 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2005-7-16 1056864]
WLAN Cardbus.lnk - c:\program files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe [2003-12-26 716800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [4/27/2009 2:15 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [11/3/2005 5:08 PM 95832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [7/6/2009 11:40 AM 101936]
R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [12/7/1999 5:00 AM 24784]
R3 SiS300;SiS300;c:\winnt\system32\drivers\sis300p.sys [12/27/2002 1:36 AM 52272]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [12/26/2002 1:08 AM 602128]
S3 rtl8180;WLAN Cardbus/PCI Adapter;c:\winnt\system32\drivers\rtl8180.sys [9/25/2003 1:02 PM 155152]
S3 s3legacy;s3legacy;c:\winnt\system32\drivers\s3legacy.sys [12/23/2002 11:44 AM 65456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
*Deregistered* - AVG Anti-Spyware Guard
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:16]

2010-06-04 c:\winnt\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- c:\progra~1\NORTON~2\NORTON~1\Navw32.exe [2007-11-05 20:13]

2006-07-15 c:\winnt\Tasks\Norton AntiVirus - Run Norton QuickScan - Administrator.job
- c:\progra~1\NORTON~2\NORTON~1\Navw32.exe [2007-11-05 20:13]

2010-06-07 c:\winnt\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2005-11-29 18:47]

2010-05-08 c:\winnt\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-27 02:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4k9xxk3.default\
FF - prefs.js: browser.startup.homepage - hxxps://mailguard.calweb.com/login.php?lang=en|http://asmiforum.proboards.com/inde....php?f=2|http://www.whitehouse.gov/feed/blog/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Guard

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 15:20
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2010-06-10 15:23:59
ComboFix-quarantined-files.txt 2010-06-10 22:23
ComboFix2.txt 2010-06-10 18:34

Pre-Run: 12,070,457,344 bytes free
Post-Run: 12,189,966,336 bytes free

- - End Of File - - FEDE2CA7D0EE677FC4047BEA894F6A51

broni · 2010/06/10

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named.

---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt, and fresh HijackThis log in your next reply.

scorekeeper · 2010/06/10

"broni said: ↑

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named.
Click to expand...

Sorry to be such a schlub, but I didn’t see see jack at that site about a recovery console for 2000. I went to the link for 2000, but that was telling me to put in a CD. Iâ€™d love to, but I haven’t seen the 2000 CD for 10 years.

Is there anyplace to get this console other than those links? Iâ€™m afraid to do just about anything now because I don’t want to ***** something up and end up with no computer at all.

broni · 2010/06/10

Ooops, my fault.
I keep forgetting you're with Windows 2K. Sorry for that.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.
Your HJT version is outdated, so...
Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

scorekeeper · 2010/06/11

"broni said: ↑

Ooops, my fault.
I keep forgetting you're with Windows 2K. Sorry for that.
Click to expand...

Please don’t be sorry! I realize Iâ€™m about a half-century behind the times. Besides, getting rid of those infections makes me 100% better off than I was!

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.
Click to expand...

Done.

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
Click to expand...

Done.

Getting user folders.

Stopping running processes.

Emptying Temp folders.

User: Administrator
->Temp folder emptied: 1101 bytes
->Java cache emptied: 24267877 bytes
->FireFox cache emptied: 93477904 bytes
->Flash cache emptied: 117478 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Java cache emptied: 12118698 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 78297 bytes
%systemroot%\System32 .tmp files removed: 25377 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: shell32.dll unable to determine bytes removed.
Process complete!

Total Files Cleaned = 124.00 mb

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
Click to expand...

WHOA!

Went to the link and read through the requirements, but the accept button wouldn’t activate. After a minute or so, my box locked up.

Reset and got going again and tried to open firefox. Got a message Iâ€™d never seen before about it couldn’t open the tabs, likely because of one of the urls it was trying to open. Since I go the option of opening a new session, that’s what I did.

Went back to your link and tried again. Same thing with the button. Tried to use help, but after about another minute, the whole thing locked up again, and the exact same things happened after I restarted.

So, Iâ€™ll just wait to hear what to do next.

broni · 2010/06/11

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Post fresh HJT log afterward.

scorekeeper · 2010/06/11

Had eset running for about 40 mins when it froze the box.

WILL WAIT FOR FURTHER INSTRUCTIONS

broni · 2010/06/11

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Start scan button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View log.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

scorekeeper · 2010/06/11

"broni said: ↑

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Start scan button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

Click to expand...

Same thing. After a while the box locked up tighternâ€™adrum.

Iâ€™ll wait.

Log in or Sign up

Solved Shouldn't have let the kid borrow the box

scorekeeper Inactive Thread Starter

PeteC SuperGeek Staff

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Shouldn't have let the kid borrow the box

scorekeeper Inactive Thread Starter

PeteC SuperGeek Staff

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

broni Moderator Malware Analyst

scorekeeper Inactive Thread Starter

Share This Page

Useful Searches