Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 09:02
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > vbs: malware-gen --- cant clean hijack & combo log included
Show topics
 
Forums
Forums
VBS: malware-gen --- Cant clean Hijack & Combo log included
  Jump to:
 
Posted Message
martytess
Newbie
_ 		24. April 2009 @ 21:50 _ Link to this message    Send private message to this user   
Hi, I could not access my network, and then could not get on the net. I tried reloading my NIC driver, renewing IP etc, the problems would go away then come back, then I could not click on the task bar ?%$@#...virus time.

I have AVG free, I loaded Avast and did a boot scan, I downloaded the Microsoft malware scanner, Paretologic, and a few others. They all find a virus, I assume it is the same one with different names, here they are:

VBS: malware-gen
W32: Trojan.gen
W32: polycrypt-CNK [trj]
Dropper.generic.fwk

I have a USB 2 portable drive plugged in and I noticed that there is a folder called ?System Volume Information? on it that I do not remember seeing in the past. I am not sure this external drive is always being scanned.

I saw a thread on this site that fixed the VBS: malware-gen virus. Here is my Hijackthis log and Combofix log.

I am going crazy, I have spent hours and hours trying to fix this. This one is a real bugger!

Thanks in advance for any help.

Marty



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:19 PM, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\nod6441.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ctfmon] nod6441.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [ctfmon] nod6441.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-583907252-1060284298-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NICKY')
O4 - HKUS\S-1-5-21-583907252-1060284298-725345543-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'NICKY')
O4 - HKUS\S-1-5-21-583907252-1060284298-725345543-1004\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'NICKY')
O4 - HKUS\S-1-5-21-583907252-1060284298-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-21-583907252-1060284298-725345543-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/active...upv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/active...pv2.0.0.10.cab?
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - Unknown owner - C:\WINDOWS\system32\snmvtsvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14793 bytes









ComboFix 09-04-25.03 - MARTY 24/04/2009 18:31:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1374 [GMT -7:00]
Running from: C:\Documents and Settings\MARTY\Desktop\Maleware\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090424-0] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-24 02:40:46 . 2009-04-24 08:08:54 0 d-----w C:\WINDOWS\BDOSCAN8
2009-04-22 17:15:35 . 2009-04-22 17:15:38 0 d-----w C:\Documents and Settings\NICKY\Tracing
2009-04-21 06:28:45 . 2009-04-21 06:28:46 578560 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
2009-04-21 06:25:17 . 2009-04-21 06:25:19 0 d-----w C:\WINDOWS\ERUNT
2009-04-21 06:22:06 . 2009-04-21 06:52:12 0 d-----w C:\SDFix
2009-04-20 06:33:26 . 2009-04-21 02:58:07 3860 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2009-04-20 06:33:26 . 2009-04-21 02:58:07 29984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2009-04-20 06:33:26 . 2009-04-21 02:58:07 221204 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2009-04-20 06:33:26 . 2009-04-21 02:58:07 16124448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2009-04-20 06:33:13 . 2009-04-20 06:33:13 2719 ----a-w C:\rollback.ini
2009-04-20 06:20:05 . 2009-04-21 02:34:23 0 d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-04-20 06:19:18 . 2009-04-20 06:19:18 0 d-----w C:\Documents and Settings\MARTY\Local Settings\Application Data\Downloaded Installations
2009-04-19 04:39:59 . 2009-04-03 18:18:44 33256 ----a-w C:\WINDOWS\system32\drivers\hssdrv.sys
2009-04-19 02:24:50 . 2009-04-19 02:27:41 1379 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
2009-04-19 02:24:50 . 2009-04-19 02:27:22 33846 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.bmp
2009-04-19 02:19:41 . 2009-04-19 02:19:41 3400 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2009-04-19 02:19:41 . 2009-04-19 02:19:23 33846 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2009-04-19 02:14:23 . 2009-04-19 02:28:28 2573 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2009-04-19 02:14:23 . 2009-04-19 02:28:14 33846 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.bmp
2009-04-19 02:13:51 . 2009-04-19 02:13:27 33846 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2009-04-19 02:13:50 . 2009-04-19 02:13:51 36604 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-18 22:19:38 . 2009-04-18 22:19:38 0 d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-04-15 08:47:14 . 2009-04-15 08:49:00 0 d-----w C:\Documents and Settings\MARTY\Application Data\HouseCall 6.6
2009-04-15 08:11:53 . 2009-04-15 08:11:53 0 dc----w C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-15 07:26:15 . 2009-04-25 00:50:40 0 d-----w C:\Documents and Settings\MARTY\Tracing
2009-04-15 05:45:08 . 2009-03-27 06:58:38 1203922 -c----w C:\WINDOWS\system32\dllcache\sysmain.sdb
2009-04-15 05:45:08 . 2008-05-03 11:55:36 2560 ------w C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 05:45:08 . 2008-04-21 12:08:15 215552 -c----w C:\WINDOWS\system32\dllcache\wordpad.exe
2009-04-15 05:44:34 . 2009-03-06 14:22:18 284160 -c----w C:\WINDOWS\system32\dllcache\pdh.dll
2009-04-15 05:44:34 . 2009-02-09 12:10:48 473600 -c----w C:\WINDOWS\system32\dllcache\fastprox.dll
2009-04-15 05:44:34 . 2009-02-09 12:10:48 401408 -c----w C:\WINDOWS\system32\dllcache\rpcss.dll
2009-04-15 05:44:34 . 2009-02-06 11:11:05 110592 -c----w C:\WINDOWS\system32\dllcache\services.exe
2009-04-15 05:44:34 . 2009-02-06 10:10:02 227840 -c----w C:\WINDOWS\system32\dllcache\wmiprvse.exe
2009-04-15 05:44:33 . 2009-02-09 12:10:49 729088 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
2009-04-15 05:44:33 . 2009-02-09 12:10:48 714752 -c----w C:\WINDOWS\system32\dllcache\ntdll.dll
2009-04-15 05:44:33 . 2009-02-09 12:10:48 617472 -c----w C:\WINDOWS\system32\dllcache\advapi32.dll
2009-04-15 05:44:33 . 2009-02-09 12:10:48 453120 -c----w C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2009-04-13 05:39:33 . 2009-04-13 05:39:18 410984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-04-08 00:24:26 . 2009-04-08 00:24:26 0 ----a-w C:\WINDOWS\ativpsrm.bin
2009-04-03 09:07:36 . 2009-04-24 12:06:13 0 d--h--w C:\$AVG8.VAULT$
2009-04-03 09:00:29 . 2009-04-03 09:00:29 108552 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2009-04-03 09:00:29 . 2009-04-03 09:00:29 10520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2009-04-03 09:00:24 . 2009-04-03 09:00:24 325640 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2009-04-03 09:00:19 . 2009-04-24 23:56:38 0 d-----w C:\WINDOWS\system32\drivers\Avg
2009-04-03 09:00:04 . 2009-04-25 01:09:50 0 d-----w C:\Documents and Settings\All Users\Application Data\avg8
2009-04-03 05:49:57 . 2009-04-03 05:49:57 0 d--h--w C:\WindowsLiveSyncTemp
2009-03-31 05:36:18 . 2009-03-31 05:36:18 0 d-----w C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-03-28 18:39:13 . 2009-01-09 19:19:28 1089593 -c----w C:\WINDOWS\system32\dllcache\ntprint.cat
2009-03-28 18:26:53 . 2009-03-28 18:26:53 0 d-----w C:\WINDOWS\system32\XPSViewer
2009-03-28 18:26:08 . 2008-07-06 12:06:10 89088 -c----w C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 18:26:08 . 2008-07-06 12:06:10 575488 -c----w C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-03-28 18:26:08 . 2008-07-06 12:06:10 575488 ------w C:\WINDOWS\system32\xpsshhdr.dll
2009-03-28 18:26:08 . 2008-07-06 12:06:10 1676288 -c----w C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-03-28 18:26:08 . 2008-07-06 12:06:10 1676288 ------w C:\WINDOWS\system32\xpssvcs.dll
2009-03-28 18:26:08 . 2008-07-06 12:06:10 117760 ------w C:\WINDOWS\system32\prntvpt.dll
2009-03-28 18:26:08 . 2008-07-06 10:50:03 597504 -c----w C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-03-28 18:26:07 . 2009-03-28 18:26:30 0 d-----w C:\0d7a06a67371a675014a48becbae
2009-03-28 18:25:52 . 2009-03-28 18:34:22 0 d-----w C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 00:50:21 . 2009-03-25 07:00:48 0 d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-25 00:16:54 . 2009-04-25 00:16:54 0 d-----w C:\Program Files\Trend Micro
2009-04-24 06:02:25 . 2006-03-30 08:57:09 3402 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2009-04-22 16:59:02 . 2008-11-03 01:55:22 0 d-----w C:\Documents and Settings\MARTY\Application Data\uTorrent
2009-04-21 02:34:22 . 2009-04-20 06:20:05 0 d-----w C:\Program Files\Common Files\ParetoLogic
2009-04-19 04:40:36 . 2009-04-19 04:39:57 0 d-----w C:\Program Files\Hotspot Shield
2009-04-19 02:28:28 . 2006-12-26 04:19:40 130048 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2009-04-18 22:19:15 . 2009-04-18 22:19:15 0 d-----w C:\Program Files\NCH Software
2009-04-15 08:01:07 . 2009-04-15 07:14:52 0 d-----w C:\Program Files\Microsoft Silverlight
2009-04-15 08:01:01 . 2009-04-15 08:01:01 0 d-----w C:\Program Files\Windows Live SkyDrive
2009-04-15 08:01:01 . 2009-04-15 07:13:28 0 d-----w C:\Program Files\Microsoft
2009-04-15 08:01:00 . 2008-03-25 02:18:14 0 d-----w C:\Program Files\Windows Live
2009-04-15 07:26:01 . 2006-03-17 13:31:35 51400 ----a-w C:\Documents and Settings\MARTY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 07:10:32 . 2009-04-15 07:10:31 0 d-----w C:\Program Files\Common Files\Windows Live
2009-04-13 05:39:15 . 2006-05-06 07:28:38 0 d-----w C:\Program Files\Java
2009-04-08 06:38:36 . 2009-04-08 06:38:36 0 d-----w C:\Program Files\Alwil Software
2009-04-06 16:48:40 . 2006-03-20 09:12:00 50816 ----a-w C:\Documents and Settings\NICKY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 16:40:50 . 2008-06-15 20:49:19 0 d-----w C:\Documents and Settings\MARTY\Application Data\FileZilla
2009-04-03 09:00:05 . 2009-04-03 09:00:05 0 d-----w C:\Program Files\AVG
2009-04-03 07:18:53 . 2006-03-17 14:48:48 0 d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2009-04-03 07:18:52 . 2006-03-17 14:48:49 0 d-----w C:\Program Files\Common Files\Symantec Shared
2009-04-01 02:00:42 . 2008-11-29 03:30:21 0 d-----w C:\Documents and Settings\MARTY\Application Data\Universal Audio
2009-03-31 06:29:59 . 2007-01-31 07:21:23 0 d-----w C:\Program Files\NewsRover
2009-03-31 05:41:12 . 2006-06-28 05:12:32 0 d-----w C:\Documents and Settings\MARTY\Application Data\Yahoo!
2009-03-31 05:41:12 . 2006-03-18 18:33:20 0 d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2009-03-30 06:24:19 . 2009-03-30 06:24:19 0 d-----w C:\Program Files\MSECache
2009-03-29 02:34:21 . 2008-06-03 01:42:57 370 ----a-w C:\moduleName.txt
2009-03-28 18:34:22 . 2009-03-25 07:39:13 0 d-----w C:\Program Files\Spyware Doctor
2009-03-28 18:26:48 . 2009-03-28 18:26:48 0 d-----w C:\Program Files\MSBuild
2009-03-28 18:26:40 . 2009-03-28 18:26:40 0 d-----w C:\Program Files\Reference Assemblies
2009-03-25 07:47:51 . 2009-03-25 07:39:22 130424 ----a-w C:\WINDOWS\system32\drivers\PCTCore.sys
2009-03-25 07:44:16 . 2009-03-25 07:39:17 0 d-----w C:\Program Files\Common Files\PC Tools
2009-03-25 07:39:13 . 2009-03-25 07:39:13 0 d-----w C:\Documents and Settings\MARTY\Application Data\PC Tools
2009-03-25 07:39:13 . 2009-03-25 07:39:13 0 d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-22 23:56:25 . 2009-03-22 23:56:24 0 d-----w C:\Program Files\Antares Audio Technologies
2009-03-22 22:36:09 . 2009-03-22 22:36:07 0 d-----w C:\Documents and Settings\MARTY\Application Data\PACE Anti-Piracy
2009-03-22 22:36:09 . 2009-03-22 22:36:07 0 d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2009-03-22 22:36:07 . 2009-03-22 22:36:07 0 d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2009-03-21 20:08:04 . 2008-06-03 01:42:23 0 d-----w C:\Program Files\IKEA HomePlanner
2009-03-21 20:08:00 . 2008-06-03 01:41:55 0 d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-03-09 06:49:54 . 2009-03-09 06:49:54 0 d-----w C:\Program Files\Prolific Publishing, Inc
2009-03-08 02:40:22 . 2009-03-08 02:39:53 0 d-----w C:\Documents and Settings\MARTY\Application Data\Marine Aquarium 3
2009-03-08 02:39:52 . 2009-03-08 02:39:52 0 d-----w C:\Program Files\SereneScreen
2009-03-06 14:22:18 . 2004-08-04 12:00:00 284160 ----a-w C:\WINDOWS\system32\pdh.dll
2009-03-05 03:29:05 . 2009-03-05 03:29:05 268 ---ha-w C:\sqmdata12.sqm
2009-03-05 03:29:05 . 2009-03-05 03:29:05 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-03 23:14:08 . 2009-03-08 02:39:52 6545408 ----a-w C:\WINDOWS\system32\MarineAquarium3.scr
2009-03-03 00:18:25 . 2004-08-04 12:00:00 826368 ----a-w C:\WINDOWS\system32\wininet.dll
2009-02-26 11:05:46 . 2009-02-26 11:05:46 244 ---ha-w C:\sqmnoopt11.sqm
2009-02-26 11:05:46 . 2009-02-26 11:05:46 232 ---ha-w C:\sqmdata11.sqm
2009-02-24 19:42:08 . 2009-02-24 19:42:08 244 ---ha-w C:\sqmnoopt10.sqm
2009-02-24 19:42:08 . 2009-02-24 19:42:08 232 ---ha-w C:\sqmdata10.sqm
2009-02-23 19:48:20 . 2009-02-23 19:48:20 244 ---ha-w C:\sqmnoopt09.sqm
2009-02-23 19:48:20 . 2009-02-23 19:48:20 232 ---ha-w C:\sqmdata09.sqm
2009-02-20 18:09:38 . 2004-08-04 12:00:00 78336 ----a-w C:\WINDOWS\system32\ieencode.dll
2009-02-16 19:59:06 . 2009-02-16 19:59:06 244 ---ha-w C:\sqmnoopt08.sqm
2009-02-16 19:59:06 . 2009-02-16 19:59:06 232 ---ha-w C:\sqmdata08.sqm
2009-02-16 07:37:48 . 2009-02-16 07:37:48 244 ---ha-w C:\sqmnoopt07.sqm
2009-02-16 07:37:48 . 2009-02-16 07:37:48 232 ---ha-w C:\sqmdata07.sqm
2009-02-14 03:35:07 . 2009-02-14 03:35:07 244 ---ha-w C:\sqmnoopt06.sqm
2009-02-14 03:35:07 . 2009-02-14 03:35:07 232 ---ha-w C:\sqmdata06.sqm
2009-02-11 11:08:28 . 2009-02-11 11:08:28 244 ---ha-w C:\sqmnoopt05.sqm
2009-02-11 11:08:28 . 2009-02-11 11:08:28 232 ---ha-w C:\sqmdata05.sqm
2009-02-09 12:10:49 . 2004-08-04 12:00:00 729088 ----a-w C:\WINDOWS\system32\lsasrv.dll
2009-02-09 12:10:48 . 2004-08-04 12:00:00 714752 ----a-w C:\WINDOWS\system32\ntdll.dll
2009-02-09 12:10:48 . 2004-08-04 12:00:00 617472 ----a-w C:\WINDOWS\system32\advapi32.dll
2009-02-09 12:10:48 . 2004-08-04 12:00:00 401408 ----a-w C:\WINDOWS\system32\rpcss.dll
2009-02-09 11:13:27 . 2004-08-04 12:00:00 1846784 ----a-w C:\WINDOWS\system32\win32k.sys
2009-02-07 01:52:40 . 2009-02-07 01:52:40 49504 ----a-w C:\WINDOWS\system32\sirenacm.dll
2009-02-06 11:11:05 . 2004-08-04 12:00:00 110592 ----a-w C:\WINDOWS\system32\services.exe
2009-02-06 11:06:41 . 2004-08-04 12:00:00 2145280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 10:39:08 . 2004-08-04 12:00:00 35328 ----a-w C:\WINDOWS\system32\sc.exe
2009-02-06 10:32:56 . 2004-08-03 22:59:02 2023936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-03 19:59:07 . 2004-08-04 12:00:00 56832 ----a-w C:\WINDOWS\system32\secur32.dll
2009-01-31 09:37:34 . 2009-01-31 09:37:34 244 ---ha-w C:\sqmnoopt04.sqm
2009-01-31 09:37:34 . 2009-01-31 09:37:34 232 ---ha-w C:\sqmdata04.sqm
2009-01-18 20:26:11 . 2008-11-16 00:20:39 2516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2009-01-18 20:26:10 . 2008-11-16 00:20:39 88 --sh--r C:\Documents and Settings\All Users\Application Data\BFB208F9B6.sys
2007-11-07 08:44:45 . 2006-03-25 01:26:20 24192 ----a-w C:\Documents and Settings\MARTY\usbsermptxp.sys
2007-11-07 08:44:45 . 2006-03-25 01:26:20 22768 ----a-w C:\Documents and Settings\MARTY\usbsermpt.sys
2006-08-16 01:44:28 . 2006-08-16 01:44:28 0 ---ha-w C:\Documents and Settings\MARTY\Application Data\.64614FF0ABB8C36B.sys
2006-03-31 07:28:25 . 2006-03-30 09:06:38 56 --sh--r C:\WINDOWS\system32\B6F908B2BF.sys
2008-04-14 00:12:19 . 2004-08-04 12:00:00 1030717 --sh--r C:\WINDOWS\system32\nod6441.exe
2008-09-04 06:07:55 . 2008-09-04 06:08:00 32768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090320080904\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-25_00.40.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-25 00:49:13 . 2009-04-25 00:49:13 16384 C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat
+ 2009-04-25 00:49:27 . 2009-04-25 00:49:27 16384 C:\WINDOWS\Temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-19 04:39:59 332776 ----a-w C:\Program Files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 22:44:14 196608]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 01:51:28 3885408]
"Windows Live Sync"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 05:53:08 1170256]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 23:41:02 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 00:30:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 00:30:30 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-20 01:32:18 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 23:24:32 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 23:14:44 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-04-13 05:39:21 148888]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 05:38:56 623992]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-21 00:12:36 131072]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 23:49:48 77824]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 11:59:40 307200]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 22:57:24 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 16:51:46 1836328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 22:09:14 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 09:04:34 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-04-03 09:00:10 1932568]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000]
"SoundMan"="SOUNDMAN.EXE" - C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 10:20:20 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - C:\WINDOWS\system32\bthprops.cpl [2008-04-14 00:12:41 110592]
"ctfmon"="nod6441.exe" - C:\WINDOWS\system32\nod6441.exe [2008-04-14 00:12:19 1030717]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ctfmon"="nod6441.exe" - C:\WINDOWS\system32\nod6441.exe [2008-04-14 00:12:19 1030717]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\MARTY\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-03 09:00:29 10520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"ø[?|?ø"= ø[?|?ø:ctfmon
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 Apogee1394;Apogee1394;C:\WINDOWS\system32\Drivers\Apogee1394.sys [2006-03-20 06:42:16 414336]
R3 Apogee1394_avs;Apogee1394_avs;C:\WINDOWS\system32\Drivers\Apogee1394_avs.sys [2006-03-20 06:42:16 77696]
R3 hypaudio;hypaudio;C:\WINDOWS\system32\DRIVERS\hypaudio.sys [2007-12-07 00:20:00 1158656]
R3 hypkern;hypkern;C:\WINDOWS\system32\drivers\hypkern.sys [2007-12-07 00:20:00 164864]
R3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 20:40:56 348752]
R3 SoundMovieServer;SoundMovieServer; [x]
R3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2005-11-03 19:17:34 16896]
S0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [2009-03-25 07:47:51 130424]
S1 aswSP;avast! Self Protection; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-03 09:00:24 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-03 09:00:29 108552]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20:07:12 20560]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-03 09:00:07 298264]
S2 HssSrv;Hotspot Shield Helper Service;C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-03 18:18:44 364008]
S3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2007-12-11 11:59:40 33792]
S3 HssDrv;Hotspot Shield Helper Miniport;C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-04-03 18:18:44 33256]
S3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2007-01-05 01:17:54 22024]
S3 MotuMidi;MOTU MIDI Device;C:\WINDOWS\system32\drivers\MotuMidi.sys [2007-01-05 01:17:38 35336]
S3 MotuUsb;MotuUsb;C:\WINDOWS\system32\Drivers\MotuUsb.sys [2007-01-05 01:17:46 48648]
S3 SndTAudio;SndTAudio;C:\WINDOWS\system32\drivers\SndTAudio.sys [2008-10-24 19:23:48 23096]
S3 SndTVideo;SndTVideo;C:\WINDOWS\system32\DRIVERS\SndTVideo.sys [2008-10-24 19:23:52 3768]
S3 UAD2Pcie;Universal Audio UAD-2 DSP Accelerator;C:\WINDOWS\system32\DRIVERS\UAD2Pcie.sys [2008-12-16 03:03:21 27392]
S3 UAD2System;UAD-2 Global System Service;C:\WINDOWS\system32\DRIVERS\UAD2System.sys [2008-12-16 03:03:21 38784]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{09F2BF5F-576A-EF83-AB38-D0BFF6C50661}]
C:\WINDOWS\system32:Winupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C986066D-AE5E-4886-74DA-8E840BA9FA81}]
C:\WINDOWS:Chillpill.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 C:\WINDOWS\Tasks\DriverRobot.job
- C:\Program Files\Driver Robot\DriverRobot.exe [2009-01-09 18:26:32 . 2009-01-09 18:26:32]

2009-04-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A8E6F4CA-440A-49C7-96C9-1337C7BFAAA8}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 19:58:32 . 2006-10-17 19:58:32]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.intl=us
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > vbs: malware-gen --- cant clean hijack & combo log included
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork