Can't Open Task Manager

**howardhopkinson** · #11 5th Jan 2008, 21:14

Ok, no worries mate.

Regards Howard.

**evilfantasy** · #12 5th Jan 2008, 21:19

Quote:

Wait a second, I don't know how but now it's working I'm going to run it.

This is a rare, but not uncommon problem. If you need to run combofix again, just don't touch anything, even the pop up window with the error message and it should eventually start to run.

Also if you need to run it again turn off Norton first.

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a

sign.

right-click it -> chose "Disable Auto-Protect."
select a duration of 5 hours (this assures no interference with the cleanup of your pc)
click "Ok."
a popup will warn that protection will now be disabled and the sign will now look like this:

You succesfully disabled the Norton Antivirus Guard.

**ImSoLost** · #13 5th Jan 2008, 21:29

Hey, I can't find the Combofix log. I went to C: and double clicked on Combofix but there's nothing there.

I never closed the Combofix log though so here it is

ComboFix 08-01-04.1 - Yasmany 2008-01-05 23:14:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.355 [GMT -5:00]
Running from: C:\Users\Yasmany\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\VGRTJP5Q\ComboFix[1].exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\SmartVideoCodec
C:\Program Files\SmartVideoCodec\install.ico
C:\Program Files\SmartVideoCodec\SmartVideoCodec.ocx
C:\Program Files\SmartVideoCodec\Uninstall.exe
C:\ProgramData\SeekmoSA
C:\ProgramData\SeekmoSA\SeekmoSA.dat
C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat
C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht
C:\ProgramData\SeekmoSA\SeekmoSAau.dat
C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht
C:\Windows\dat.txt
C:\Windows\jokvip.exe1
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-05 22:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 21:22 . 2008-01-05 21:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\Users\Yasmany\AppData\Roaming\SUPERAntiSpyware. com
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-05 18:04 . 2008-01-05 19:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 17:57 . 2008-01-05 17:57 <DIR> d-------- C:\Program Files\CCleaner
2007-12-25 22:51 . 2007-12-25 22:51 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 20:13 . 2007-12-23 20:13 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 17:29 . 2008-01-05 17:37 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-14 20:30 . 2007-12-14 20:30 <DIR> d-------- C:\Users\Yasmany\AppData\Roaming\AdobeUM
2007-12-11 22:19 . 2007-12-11 22:19 1,327,104 --a------ C:\WINDOWS\System32\quartz.dll
2007-12-11 22:19 . 2007-12-11 22:19 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2007-12-11 22:19 . 2007-12-11 22:19 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2007-12-11 22:19 . 2007-12-11 22:19 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2007-12-11 22:16 . 2007-12-11 22:16 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys
2007-12-11 22:16 . 2007-12-11 22:16 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys
2007-12-11 22:16 . 2007-12-11 22:16 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys
2007-12-11 22:15 . 2007-12-11 22:16 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys
2007-12-11 22:13 . 2007-12-11 22:13 3,504,824 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2007-12-11 22:13 . 2007-12-11 22:13 3,470,520 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2007-12-11 22:12 . 2007-12-11 22:12 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2007-12-11 12:10 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\System32\drivers\COH_Mon.sys
2007-12-11 12:10 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\System32\drivers\COH_Mon.cat
2007-12-11 12:10 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\System32\drivers\COH_Mon.inf
2007-12-09 20:28 . 2007-12-27 23:51 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-09 18:58 . 2007-12-09 18:58 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-09 18:58 . 2007-12-09 18:58 <DIR> d-------- C:\Program Files\Windows Media Components
2007-12-09 18:53 . 2007-12-09 18:53 <DIR> d-------- C:\Temp
2007-12-07 16:27 . 2007-12-07 16:27 <DIR> d-------- C:\Users\All Users\SupportSoft
2007-12-07 16:27 . 2007-12-07 16:27 <DIR> d-------- C:\ProgramData\SupportSoft
2007-12-07 16:27 . 2007-12-07 16:27 <DIR> d-------- C:\Program Files\Comcast
2007-12-07 16:27 . 2007-05-17 16:43 15,086 --a------ C:\WINDOWS\ComcastWebmail.ico
2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d-------- C:\Program Files\support.com
2007-12-07 16:23 . 2007-12-07 16:27 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-12-07 16:23 . 2007-12-07 16:23 865 --a------ C:\net_save.dna
2007-12-06 21:07 . 2007-12-06 21:07 102,400 --a------ C:\WINDOWS\System32\SampleGrabber.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-06 03:51 13,119 ----a-w C:\Users\Yasmany\AppData\Roaming\nvModes.dat
2008-01-05 19:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-05 03:13 --------- d-----w C:\Users\Yasmany\AppData\Roaming\LimeWire
2008-01-03 21:59 --------- d-----w C:\ProgramData\Roxio
2007-12-24 00:08 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-24 00:02 --------- d-----w C:\Program Files\Symantec
2007-12-24 00:01 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-24 00:01 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-24 00:01 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-23 23:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 03:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 03:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 03:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 02:37 --------- d-----w C:\ProgramData\Symantec
2007-12-04 21:55 --------- d-----w C:\Program Files\Windows Mail
2007-12-04 21:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-04 21:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-04 21:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-04 21:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-04 21:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-04 21:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-04 21:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-04 21:15 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-04 21:15 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-04 21:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-04 21:15 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-04 21:15 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-04 21:15 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-04 21:15 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-04 21:15 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-04 21:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-01 04:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-23 15:24 --------- d-----w C:\Program Files\AIM6
2007-11-23 15:16 --------- d-----w C:\ProgramData\AOL Downloads
2007-11-23 14:55 --------- d-----w C:\ProgramData\Viewpoint
2007-11-23 14:55 --------- d-----w C:\ProgramData\AOL
2007-10-22 02:48 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-22 02:47 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-22 02:47 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-22 02:47 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-22 02:45 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-22 02:45 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-22 02:45 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-09-03 18:48 174 --sha-w C:\Program Files\desktop.ini
2007-07-18 23:01 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
2007-07-18 23:01 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-18 23:01 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\RX Overlay]
@={921D05D3-1298-40CC-856C-910F8C16E1D9}
[HKEY_CLASSES_ROOT\CLSID\{921D05D3-1298-40CC-856C-910F8C16E1D9}]
C:\Windows\system32\fastRX.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35 1196032]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 19:36 1474560]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Veoh"="C:\Users\Yasmany\Desktop\Veoh\VeohClient.e xe" [2007-05-03 16:43 2019328]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-07-26 15:48 171448]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\WINDOWS\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-14 13:03 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 00:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 18:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 13:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 18:42 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 12:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 12:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-19 10:58 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-14 00:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-14 00:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-01-14 00:40 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-28 11:23 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 10:40:43]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 04:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 04:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 07:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sy s [2006-11-02 04:49]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 04:49]
R0 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.s ys [2006-11-02 04:50]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 04:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 04:50]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 04:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 03:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20071220.001\IDSvix86.sys [2007-11-06 11:07]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 03:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 04:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 03:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 03:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-05 02:02]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 03:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.s ys [2006-11-02 03:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.s ys [2006-11-02 04:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-07-10 18:16]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg .sys [2006-11-02 03:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-08-05 04:39]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.s ys [2006-11-02 03:31]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-05 02:02]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 04:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 04:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 03:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-07-10 18:18]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb1 0.sys [2006-11-02 03:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb2 0.sys [2007-12-11 22:16]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 07:34]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 03:44]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 22:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 22:31]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-11 22:16]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.s ys [2007-12-11 22:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2007-10-30 19:55]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-07-10 18:18]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 03:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 03:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 03:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 03:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 07:36]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 02:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\fi letrace.sys [2006-11-02 03:32]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 04:51]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 03:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.ex e [2006-11-02 04:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 04:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 04:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 04:50]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 03:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94x x.sys [2006-11-02 04:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahc i.sys [2006-11-02 04:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.s ys [2006-11-02 04:49]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 04:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.s ys [2006-11-02 04:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 03:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 03:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 03:24]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 03:55]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 03:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxsto r.sys [2006-11-02 04:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpciss s.sys [2006-11-02 04:50]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 04:51]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 04:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidr v.sys [2006-11-02 03:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system3 2\drivers\iteraid.sys [2006-11-02 04:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.s ys [2006-11-02 04:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sa s.sys [2006-11-02 04:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_ scsi.sys [2006-11-02 04:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S4 megasas;megasas;C:\Windows\system32\drivers\megasa s.sys [2006-11-02 04:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 04:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.s ys [2006-11-02 04:49]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 04:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd96 0.sys [2006-11-02 04:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 02:36]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 04:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 04:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisr aid2.sys [2006-11-02 04:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisr aid4.sys [2006-11-02 04:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahc i.sys [2006-11-02 04:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata 2.sys [2006-11-02 04:50]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 03:55]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 03:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmrai d.sys [2006-11-02 04:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 03:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 04:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{43896bb2-6ee6-11dc-b442-001636f8bc75}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 03:35:44 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Yasmany.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2007-12-23 23:29:59 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-01-06 02:06:25 C:\Windows\Tasks\User_Feed_Synchronization-{A13C7231-D35C-4309-9FA8-7A1966BEC144}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 23:21:54
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-05 23:24:14
ComboFix-quarantined-files.txt 2008-01-06 04:24:05
.
2007-12-12 03:20:15 --- E O F ---

**ImSoLost** · #14 5th Jan 2008, 21:36

I had to post my HJT log seperate because they didn't both fit on one post.

Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:02 PM, on 1/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Users\Yasmany\Desktop\Veoh\Plugins\reg\VeohTool bar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Users\Yasmany\Desktop\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12146 bytes

**howardhopkinson** · #15 5th Jan 2008, 22:00

Your HJT log is now clean.

Download the attached CFScript.txt file.

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Regards Howard.

**ImSoLost** · #16 6th Jan 2008, 06:55

Here it is.

ComboFix 08-01-04.1 - Yasmany 2008-01-06 8:46:53.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.433 [GMT -5:00]
Running from: C:\Users\Yasmany\Downloads\ComboFix.exe
Command switches used :: C:\Users\Yasmany\Desktop\CFScript.txt
FILE
C:\Windows\system32\fastRX.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Viewpoint
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-05 22:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 21:22 . 2008-01-05 21:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\Users\Yasmany\AppData\Roaming\SUPERAntiSpyware. com
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-05 18:04 . 2008-01-05 23:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 18:04 . 2008-01-05 18:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 17:57 . 2008-01-05 17:57 <DIR> d-------- C:\Program Files\CCleaner
2007-12-25 22:51 . 2007-12-25 22:51 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 20:13 . 2007-12-23 20:13 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 17:29 . 2008-01-05 17:37 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-14 20:30 . 2007-12-14 20:30 <DIR> d-------- C:\Users\Yasmany\AppData\Roaming\AdobeUM
2007-12-11 22:19 . 2007-12-11 22:19 1,327,104 --a------ C:\WINDOWS\System32\quartz.dll
2007-12-11 22:19 . 2007-12-11 22:19 223,232 --a------ C:\WINDOWS\System32\WMASF.DLL
2007-12-11 22:19 . 2007-12-11 22:19 9,728 --a------ C:\WINDOWS\System32\LAPRXY.DLL
2007-12-11 22:19 . 2007-12-11 22:19 2,048 --a------ C:\WINDOWS\System32\asferror.dll
2007-12-11 22:16 . 2007-12-11 22:16 101,888 --a------ C:\WINDOWS\System32\drivers\mrxsmb.sys
2007-12-11 22:16 . 2007-12-11 22:16 84,992 --a------ C:\WINDOWS\System32\drivers\srvnet.sys
2007-12-11 22:16 . 2007-12-11 22:16 58,368 --a------ C:\WINDOWS\System32\drivers\mrxsmb20.sys
2007-12-11 22:15 . 2007-12-11 22:16 130,048 --a------ C:\WINDOWS\System32\drivers\srv2.sys
2007-12-11 22:13 . 2007-12-11 22:13 3,504,824 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2007-12-11 22:13 . 2007-12-11 22:13 3,470,520 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2007-12-11 22:12 . 2007-12-11 22:12 2,048 --a------ C:\WINDOWS\System32\tzres.dll
2007-12-11 12:10 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\System32\drivers\COH_Mon.sys
2007-12-11 12:10 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\System32\drivers\COH_Mon.cat
2007-12-11 12:10 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\System32\drivers\COH_Mon.inf
2007-12-09 20:28 . 2007-12-27 23:51 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-09 18:58 . 2007-12-09 18:58 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-09 18:58 . 2007-12-09 18:58 <DIR> d-------- C:\Program Files\Windows Media Components
2007-12-09 18:53 . 2007-12-09 18:53 <DIR> d-------- C:\Temp
2007-12-07 16:27 . 2007-12-07 16:27 <DIR> d-------- C:\Users\All Users\SupportSoft
2007-12-07 16:27 . 2007-12-07 16:27 <DIR> d-------- C:\ProgramData\SupportSoft
2007-12-07 16:27 . 2007-12-07 16:27 <DIR> d-------- C:\Program Files\Comcast
2007-12-07 16:27 . 2007-05-17 16:43 15,086 --a------ C:\WINDOWS\ComcastWebmail.ico
2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d-------- C:\Program Files\support.com
2007-12-07 16:23 . 2007-12-07 16:27 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-12-07 16:23 . 2007-12-07 16:23 865 --a------ C:\net_save.dna
2007-12-06 21:07 . 2007-12-06 21:07 102,400 --a------ C:\WINDOWS\System32\SampleGrabber.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-06 03:51 13,119 ----a-w C:\Users\Yasmany\AppData\Roaming\nvModes.dat
2008-01-05 19:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-05 03:13 --------- d-----w C:\Users\Yasmany\AppData\Roaming\LimeWire
2008-01-03 21:59 --------- d-----w C:\ProgramData\Roxio
2007-12-24 00:08 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-24 00:02 --------- d-----w C:\Program Files\Symantec
2007-12-24 00:01 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-12-24 00:01 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2007-12-24 00:01 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-12-23 23:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 03:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 03:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 03:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 02:37 --------- d-----w C:\ProgramData\Symantec
2007-12-04 21:55 --------- d-----w C:\Program Files\Windows Mail
2007-12-04 21:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-04 21:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-04 21:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-04 21:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-04 21:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-04 21:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-04 21:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-04 21:15 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-04 21:15 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-04 21:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-04 21:15 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-04 21:15 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-04 21:15 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-04 21:15 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-04 21:15 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-04 21:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-01 04:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-23 15:24 --------- d-----w C:\Program Files\AIM6
2007-11-23 15:16 --------- d-----w C:\ProgramData\AOL Downloads
2007-11-23 14:55 --------- d-----w C:\ProgramData\AOL
2007-10-22 02:48 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-22 02:47 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-22 02:47 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-22 02:47 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-22 02:45 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-22 02:45 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-22 02:45 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-09-03 18:48 174 --sha-w C:\Program Files\desktop.ini
2007-07-18 23:01 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
2007-07-18 23:01 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-18 23:01 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-01-05_23.23.20.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-06 03:49:12 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-06 13:36:50 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-06 03:55:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-01-06 13:42:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-01-06 03:55:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-06 13:42:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-06 03:55:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-06 13:42:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-06 03:56:01 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-06 13:38:38 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-06 03:56:01 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-06 13:38:38 618,648 ----a-w C:\Windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\RX Overlay]
@={921D05D3-1298-40CC-856C-910F8C16E1D9}
[HKEY_CLASSES_ROOT\CLSID\{921D05D3-1298-40CC-856C-910F8C16E1D9}]
C:\Windows\system32\fastRX.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35 1196032]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 19:36 1474560]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Veoh"="C:\Users\Yasmany\Desktop\Veoh\VeohClient.e xe" [2007-05-03 16:43 2019328]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-07-26 15:48 171448]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\WINDOWS\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-14 13:03 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 00:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 18:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 13:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 18:42 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 12:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 12:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-19 10:58 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-14 00:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-14 00:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-01-14 00:40 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-28 11:23 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
C:\Users\Yasmany\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-19 10:40:43]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 04:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 04:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 07:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sy s [2006-11-02 04:49]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2006-11-02 04:49]
R0 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.s ys [2006-11-02 04:50]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 04:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2006-11-02 04:50]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 04:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 03:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20071220.001\IDSvix86.sys [2007-11-06 11:07]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 03:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 04:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 03:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 03:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-05 02:02]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 03:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.s ys [2006-11-02 03:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.s ys [2006-11-02 04:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-07-10 18:16]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg .sys [2006-11-02 03:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-08-05 04:39]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.s ys [2006-11-02 03:31]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-05 02:02]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 04:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 04:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 03:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-07-10 18:18]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb1 0.sys [2006-11-02 03:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb2 0.sys [2007-12-11 22:16]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 07:34]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 03:44]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 22:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 22:31]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-11 22:16]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.s ys [2007-12-11 22:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2007-10-30 19:55]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-07-10 18:18]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 03:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 03:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 03:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 03:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 07:36]
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 02:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\fi letrace.sys [2006-11-02 03:32]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 04:51]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 03:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.ex e [2006-11-02 04:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 04:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 04:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2006-11-02 04:50]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 03:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 04:45]
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94x x.sys [2006-11-02 04:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahc i.sys [2006-11-02 04:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.s ys [2006-11-02 04:49]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 04:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.s ys [2006-11-02 04:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 03:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 03:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 03:24]
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 03:55]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 03:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxsto r.sys [2006-11-02 04:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpciss s.sys [2006-11-02 04:50]
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 04:51]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 04:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidr v.sys [2006-11-02 03:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system3 2\drivers\iteraid.sys [2006-11-02 04:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.s ys [2006-11-02 04:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sa s.sys [2006-11-02 04:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_ scsi.sys [2006-11-02 04:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
S4 megasas;megasas;C:\Windows\system32\drivers\megasa s.sys [2006-11-02 04:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 04:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.s ys [2006-11-02 04:49]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 04:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd96 0.sys [2006-11-02 04:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 02:36]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 04:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 04:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisr aid2.sys [2006-11-02 04:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisr aid4.sys [2006-11-02 04:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahc i.sys [2006-11-02 04:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata 2.sys [2006-11-02 04:50]
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 03:55]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 03:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmrai d.sys [2006-11-02 04:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 03:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 04:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{43896bb2-6ee6-11dc-b442-001636f8bc75}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.

**ImSoLost** · #17 6th Jan 2008, 06:55

Contents of the 'Scheduled Tasks' folder
"2008-01-01 03:35:44 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Yasmany.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2007-12-23 23:29:59 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-01-06 06:44:14 C:\Windows\Tasks\User_Feed_Synchronization-{A13C7231-D35C-4309-9FA8-7A1966BEC144}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 08:50:52
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-01-06 8:52:18
ComboFix-quarantined-files.txt 2008-01-06 13:52:10
ComboFix2.txt 2008-01-06 04:24:16
.
2007-12-12 03:20:15 --- E O F ---

I had to seperate it sorry.

**howardhopkinson** · #18 6th Jan 2008, 07:01

Ok, please do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to wherever you want.

Navigate to the following registry key and delete the bold portion.

HKEY_CLASSES_ROOT\CLSID\{921D05D3-1298-40CC-856C-910F8C16E1D9}

Close regedit.

Locate and delete the following bold files and/or folders(if there).

C:\Windows\system32\fastRX.dll

Reboot into normal mode and rehide your protected OS files.

Post what will hopefully be a final Combofix log.

Regards Howard.

**ImSoLost** · #19 6th Jan 2008, 11:35

Hey here's the problem, I only have one account on Windows and I'm guessing that's also the administrator account. I couldn't find either of those two thing that you told me to delete.

**evilfantasy** · #20 6th Jan 2008, 12:28

Download The Avenger By Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the Input script manually box.
Click on the Magnifying Glass Icon which will open a new window titled View/edit script
Copy the below text, and paste it in the box that opens:

--------------------------------------------------------------------------------------------------------------------------------------

Folders to delete:
C:\Windows\system32\fastRX.dll
Registry keys to delete:
HKEY_CLASSES_ROOT\CLSID\{921D05D3-1298-40CC-856C-910F8C16E1D9}

-----------------------------------------------------------------------------------------------------------------------------------------

Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system

Now click the 'Done' button.
Click on the Green Light and OK the prompt.
You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt

The Avenger will automatically do the following:
[list][*] It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)[*] On reboot, it will briefly open a black command window on your desktop, this is normal.[*] After the restart, it creates a log file that should open with the results of Avenger's actions.

This log file will be located at C:\avenger.txt

[*] The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Please attach the C:\avenger.txt in your next post.