Okay here's all three logs. I really hope this is what you need! I apologize for not getting this to you the first time.
ComboFix 09-10-27.08 - bchodkowski 10/28/2009 17:16.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1672 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\desktop\combofix.exe
Command switches used :: /KillAll
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\LOG10.tmp
C:\LOG12.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\bewijeze(2).dll
c:\windows\system32\boponase.dll.tmp
c:\windows\system32\diveredi.dll.tmp
c:\windows\system32\logon.exe
c:\windows\system32\lupuwufe(2).dll
c:\windows\system32\mefupojo(2).dll
c:\windows\system32\riyudegi.dll.tmp
c:\windows\system32\tomuzipu(2).dll
----- BITS: Possible infected sites -----
hxxp://namsgirvg050.grouphc.net:8530
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-28 03:39 . 2009-10-28 03:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-28 03:36 . 2009-10-28 03:41 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\.housecall6.6
2009-10-27 03:59 . 2009-10-27 03:59 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-27 03:56 . 2009-10-27 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 03:53 . 2009-10-27 03:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-10-26 04:42 . 2009-10-27 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2009-10-12 18:13 . 2009-10-28 22:15 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-12 05:27 . 2009-10-12 05:27 -------- d-----w- c:\program files\Trend Micro
2009-10-12 04:28 . 2009-10-12 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-12 04:27 . 2009-10-12 04:27 -------- d-----w- c:\program files\Common Files\iS3
2009-10-12 04:27 . 2009-10-12 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:30 . 2008-02-13 21:31 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-09-24 02:37 . 2009-09-24 02:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Walgreens
2009-09-24 02:31 . 2009-09-24 02:31 -------- d-----w- c:\program files\Walgreens
2009-09-21 02:47 . 2009-09-21 02:47 -------- d-----w- c:\program files\ICCup
2009-09-14 03:26 . 2009-09-03 03:13 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Skype
2009-09-14 03:26 . 2009-09-03 03:17 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\skypePM
2009-09-10 02:31 . 2009-09-10 02:31 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-09-10 02:31 . 2009-09-10 02:26 -------- d-----w- c:\program files\Logitech
2009-09-10 02:31 . 2007-02-14 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 02:29 . 2009-08-27 01:52 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-10 02:17 . 2009-08-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-09-10 02:12 . 2009-09-03 03:12 -------- d-----r- c:\program files\Skype
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Common Files\Skype
2009-09-10 02:11 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-09 21:46 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-09-09 21:46 . 2009-06-10 03:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\AIM6
2009-09-04 00:50 . 2009-08-27 02:14 -------- d-----w- c:\program files\Viewpoint
2009-09-03 03:17 . 2009-09-03 03:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 01:18 . 2009-08-30 01:18 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 18:36 . 2009-09-09 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-09-09 03:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 22:23 . 2009-10-28 22:23 16384 c:\windows\temp\Perflib_Perfdata_518.dat
+ 2009-09-10 02:29 . 2004-08-04 05:56 53760 c:\windows\system32\vfwwdm32.dll
- 2004-08-04 00:56 . 2007-02-08 20:34 17408 c:\windows\system32\msyuv.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 17408 c:\windows\system32\msyuv.dll
- 2009-03-11 00:58 . 2009-03-11 00:58 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-11 00:58 . 2009-09-09 03:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 00:56 . 2007-02-08 20:34 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 47616 c:\windows\system32\iyuv_32.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUSBSta.sys
+ 2009-09-10 02:30 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\LVUSBSta.sys
+ 2009-09-10 02:30 . 2008-07-26 15:26 66456 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvselsus.sys
+ 2009-09-10 02:30 . 2008-07-26 15:24 95384 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvpopflt.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 23832 c:\windows\system32\DRVSTORE\lvPRO5c_1BFC52D9685745C065979BCEBCC76EF496BB7037\lvuvcflt.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUSBSta.sys
+ 2009-09-10 02:28 . 2008-07-26 15:26 41752 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\LVUSBSta.sys
+ 2009-09-10 02:28 . 2008-07-26 15:22 13848 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lv302af.sys
+ 2009-09-10 02:28 . 2008-02-01 09:46 41752 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUSBSta.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 19328 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2009-07-13 18:39 . 2004-08-04 03:58 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 15360 c:\windows\system32\drivers\StreamIP.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 11136 c:\windows\system32\drivers\SLIP.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 85376 c:\windows\system32\drivers\NABTSFEC.sys
+ 2009-09-10 02:29 . 2008-07-26 15:26 41752 c:\windows\system32\drivers\LVUSBSta.sys
+ 2008-07-26 13:25 . 2008-07-26 13:25 25624 c:\windows\system32\drivers\LVPr2Mon.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 19328 c:\windows\system32\dllcache\wstcodec.sys
+ 2009-09-10 02:29 . 2004-08-04 05:56 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2009-07-13 18:39 . 2004-08-04 03:58 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 15360 c:\windows\system32\dllcache\streamip.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 11136 c:\windows\system32\dllcache\slip.sys
+ 2009-09-10 02:31 . 2004-08-04 04:10 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2009-09-10 02:30 . 2004-08-04 04:10 85376 c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-04 00:56 . 2004-08-04 05:56 17408 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-09-10 02:30 . 2004-08-04 04:10 17024 c:\windows\system32\dllcache\ccdecode.sys
- 2007-02-14 14:41 . 2009-06-03 03:26 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-14 14:41 . 2009-10-27 03:42 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-14 14:41 . 2009-10-27 03:42 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-02-14 14:41 . 2009-06-03 03:26 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-05 21:03 . 2009-05-05 21:03 24064 c:\windows\Installer\151a89.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 84992 c:\windows\Installer\119c22.msi
+ 2009-09-07 02:15 . 2009-09-07 02:15 57344 c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 53248 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 15086 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2009-09-10 02:26 . 2009-09-10 02:26 15086 c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ARPPRODUCTICON.exe
+ 2009-08-27 02:14 . 2009-08-27 02:14 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2007-02-08 20:34 8192 c:\windows\system32\tsbyuv.dll
+ 2009-07-13 18:39 . 2001-08-18 03:36 5632 c:\windows\system32\ptpusb.dll
+ 2009-09-10 02:31 . 2004-08-04 03:58 5504 c:\windows\system32\drivers\MSTEE.sys
+ 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-09-10 02:31 . 2004-08-04 03:58 5504 c:\windows\system32\dllcache\mstee.sys
+ 2009-10-28 22:24 . 2009-10-28 22:24 6092 c:\windows\SoftwareDistribution\EventCache\{D6C89D56-7906-4D94-808E-56226FAB3FAD}.bin
+ 2009-09-10 02:29 . 2008-07-26 15:27 236056 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2009-10-28 22:23 . 2008-07-26 13:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2007-10-28 23:59 . 2007-10-28 23:59 323624 c:\windows\system32\wiaaut.dll
+ 2009-07-13 18:39 . 2004-08-04 05:56 159232 c:\windows\system32\ptpusd.dll
+ 2004-08-04 00:56 . 2004-08-04 05:56 294912 c:\windows\system32\msh263.drv
- 2004-08-04 00:56 . 2007-02-08 20:34 294912 c:\windows\system32\msh263.drv
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-10 02:29 . 2008-07-26 15:26 465432 c:\windows\system32\LVUI2RC.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 490008 c:\windows\system32\LVUI2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 416280 c:\windows\system32\lvcodec2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 195096 c:\windows\system32\lvci11801048.dll
+ 2009-09-10 02:30 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\WUApp32.exe
+ 2009-09-10 02:30 . 2008-07-26 15:27 236056 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvWIAext.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 465432 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2RC.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 490008 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2.dll
+ 2009-09-10 02:30 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcoinst.dll
+ 2009-09-10 02:30 . 2008-07-26 15:23 416280 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcodec2.dll
+ 2009-09-10 02:30 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\WUApp32.exe
+ 2009-09-10 02:30 . 2008-07-26 15:25 627864 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvrs.sys
+ 2009-09-10 02:30 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvcoinst.dll
+ 2009-09-10 02:29 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\WUApp32.exe
+ 2009-09-10 02:29 . 2008-07-26 15:27 236056 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvWIAext.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 465432 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2RC.dll
+ 2009-09-10 02:29 . 2008-07-26 15:26 490008 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcoinst.dll
+ 2009-09-10 02:29 . 2008-07-26 15:23 416280 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcodec2.dll
+ 2009-09-10 02:28 . 2008-07-26 15:29 439568 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\WUApp32.exe
+ 2009-09-10 02:28 . 2008-07-26 15:25 627864 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvrs.sys
+ 2009-09-10 02:28 . 2008-07-26 15:23 195096 c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvcoinst.dll
+ 2009-09-10 02:28 . 2008-02-01 09:49 439568 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\WUApp32.exe
+ 2009-09-10 02:28 . 2008-02-01 09:47 236056 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvWIAext.dll
+ 2009-09-10 02:28 . 2008-02-01 09:46 465432 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2RC.dll
+ 2009-09-10 02:28 . 2008-02-01 09:46 490008 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 195096 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcoinst.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 416280 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcodec2.dll
+ 2009-09-10 02:28 . 2008-02-01 09:43 489624 c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LV561AV.sys
- 2007-02-08 20:34 . 2009-06-10 02:16 182912 c:\windows\system32\drivers\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 17:06 182912 c:\windows\system32\drivers\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 02:16 182912 c:\windows\system32\drivers\ndis(4).sys
+ 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\drivers\ndis(3).sys
- 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\dllcache\ndis.sys
+ 2007-02-08 20:34 . 2009-06-10 17:02 182912 c:\windows\system32\dllcache\ndis.sys
+ 2008-01-30 16:41 . 2008-02-13 12:37 336896 c:\windows\system32\CCM\Cache\NAS0005F.1.System\UPHClean-Setup.msi
+ 2007-10-28 23:43 . 2007-10-28 23:43 516832 c:\windows\system32\capicom.dll
+ 2007-03-12 13:20 . 2007-03-12 13:20 340480 c:\windows\Installer\e9789fd.msi
+ 2007-09-22 17:39 . 2007-09-22 17:39 269312 c:\windows\Installer\ba103.msi
+ 2007-02-14 16:28 . 2007-02-14 16:28 902144 c:\windows\Installer\a5075.msi
+ 2009-01-07 20:49 . 2009-01-07 20:49 972800 c:\windows\Installer\a1412.msi
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\a140b.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\a13f7.msp
+ 2007-02-14 14:46 . 2007-02-14 14:46 264704 c:\windows\Installer\9d7c5.msi
+ 2007-02-14 14:45 . 2007-02-14 14:45 331776 c:\windows\Installer\9d7bb.msi
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\968ea.msp
+ 2008-07-28 20:59 . 2008-07-28 20:59 180736 c:\windows\Installer\968d2.msp
+ 2008-09-30 17:58 . 2008-09-30 17:58 993280 c:\windows\Installer\9446c.msi
+ 2008-09-30 17:56 . 2008-09-30 17:56 289792 c:\windows\Installer\94468.msi
+ 2009-09-07 02:15 . 2009-09-07 02:15 257024 c:\windows\Installer\6fad2.msi
+ 2007-02-14 16:11 . 2007-02-14 16:11 625664 c:\windows\Installer\51b0c0.msi
+ 2006-06-13 18:12 . 2006-06-13 18:12 509440 c:\windows\Installer\4d7a4.msp
+ 2007-02-14 15:51 . 2007-02-14 15:51 844800 c:\windows\Installer\44a541.msi
+ 2007-02-14 15:50 . 2007-02-14 15:50 428544 c:\windows\Installer\44a53c.msi
+ 2009-01-08 01:03 . 2009-01-08 01:03 603648 c:\windows\Installer\40afd.msi
+ 2008-06-04 12:57 . 2008-06-04 12:57 277504 c:\windows\Installer\3e8d6.msi
+ 2009-01-09 09:01 . 2009-01-09 09:01 432640 c:\windows\Installer\3a9774a.msi
+ 2007-04-11 16:51 . 2007-04-11 16:51 888832 c:\windows\Installer\36bf86.msi
+ 2007-02-14 16:39 . 2007-02-14 16:39 189952 c:\windows\Installer\358c4.msi
+ 2007-07-03 18:28 . 2007-07-03 18:28 412672 c:\windows\Installer\355ad4.msi
+ 2007-02-14 15:29 . 2007-02-14 15:29 916480 c:\windows\Installer\327f14.msi
+ 2009-06-30 05:48 . 2009-06-30 05:48 683520 c:\windows\Installer\306102b.msi
+ 2007-08-29 12:49 . 2007-08-29 12:49 431104 c:\windows\Installer\30017.msi
+ 2007-11-13 13:15 . 2007-11-13 13:15 471552 c:\windows\Installer\23b5ec.msi
+ 2007-11-13 13:15 . 2007-11-13 13:15 664064 c:\windows\Installer\23b5e3.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 121344 c:\windows\Installer\23b5d7.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 395776 c:\windows\Installer\23b5d2.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 121344 c:\windows\Installer\23b5ca.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 422912 c:\windows\Installer\23b5c5.msi
+ 2007-11-13 13:14 . 2007-11-13 13:14 615936 c:\windows\Installer\23b5bf.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 361984 c:\windows\Installer\23b5ba.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 299520 c:\windows\Installer\23b5b5.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 121344 c:\windows\Installer\23b5ac.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 589312 c:\windows\Installer\23b5a7.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 253440 c:\windows\Installer\23b598.msi
+ 2007-11-13 13:13 . 2007-11-13 13:13 303104 c:\windows\Installer\23b593.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 479744 c:\windows\Installer\23b58e.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 121344 c:\windows\Installer\23b586.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 389632 c:\windows\Installer\23b581.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 121344 c:\windows\Installer\23b578.msi
+ 2007-11-13 13:12 . 2007-11-13 13:12 508928 c:\windows\Installer\23b573.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 121344 c:\windows\Installer\23b56b.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 309760 c:\windows\Installer\23b566.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 188928 c:\windows\Installer\23b561.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 184320 c:\windows\Installer\23b55c.msi
+ 2007-11-13 13:11 . 2007-11-13 13:11 121344 c:\windows\Installer\23b554.msi
+ 2007-04-24 19:42 . 2007-04-24 19:42 381952 c:\windows\Installer\201ce0.msi
+ 2007-04-24 19:42 . 2007-04-24 19:42 442368 c:\windows\Installer\201cdc.msi
+ 2007-04-24 19:41 . 2007-04-24 19:41 450560 c:\windows\Installer\201cd9.msi
+ 2009-09-10 02:21 . 2009-09-10 02:21 794112 c:\windows\Installer\1ddab.msi
+ 2008-07-19 03:43 . 2008-07-19 03:43 532992 c:\windows\Installer\18443.msi
+ 2008-12-29 13:21 . 2008-12-29 13:21 562176 c:\windows\Installer\17da0b.msi
+ 2007-04-11 15:20 . 2007-04-11 15:20 268800 c:\windows\Installer\14844a.msi
+ 2007-10-15 23:33 . 2007-10-15 23:33 269312 c:\windows\Installer\13b83d.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 273920 c:\windows\Installer\119c3d.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 542208 c:\windows\Installer\119c2f.msi
+ 2007-07-31 23:10 . 2007-07-31 23:10 379392 c:\windows\Installer\119c28.msi
+ 2008-02-13 12:37 . 2008-02-13 12:37 139264 c:\windows\Installer\10810d.msi
+ 2009-09-10 02:11 . 2009-09-10 02:11 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2007-01-24 01:41 . 2007-01-24 01:41 841304 c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2007-02-08 20:34 . 2007-02-08 20:34 1326080 c:\windows\system32\webfldrs.msi
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-09-10 02:30 . 2008-07-26 15:26 4658584 c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvuvc.sys
+ 2009-09-10 02:29 . 2008-07-26 15:22 2570520 c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LV302V32.SYS
+ 2009-09-10 02:29 . 2008-07-26 15:22 2570520 c:\windows\system32\drivers\LV302V32.SYS
- 2009-05-13 21:12 . 2009-06-03 03:27 2293760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-13 21:12 . 2009-10-27 03:42 2293760 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-17 18:57 . 2007-04-13 07:50 7471104 c:\windows\system32\ccmsetup\{2FBB7E06-7665-442B-98E3-189CB634C5CC}\client.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-07-17 19:02 . 2008-07-17 19:02 2137088 c:\windows\Installer\d9e6.msi
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\c22ad.msp
+ 2006-04-18 18:48 . 2006-04-18 18:48 1629184 c:\windows\Installer\c22a5.msp
+ 2009-03-31 07:51 . 2009-03-31 07:51 4886528 c:\windows\Installer\bc11f.msi
+ 2009-03-31 07:50 . 2009-03-31 07:50 1659392 c:\windows\Installer\bc11b.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 8992256 c:\windows\Installer\bc116.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 1549312 c:\windows\Installer\bc111.msi
+ 2009-03-31 07:49 . 2009-03-31 07:49 3293696 c:\windows\Installer\bc10c.msi
+ 2007-04-13 07:50 . 2007-04-13 07:50 7471104 c:\windows\Installer\7c904.msi
+ 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\7c902.msp
+ 2007-07-23 22:40 . 2007-07-23 22:40 9945600 c:\windows\Installer\67d6b2.msp
+ 2007-04-25 21:14 . 2007-04-25 21:14 9828864 c:\windows\Installer\67d688.msp
+ 2007-11-16 18:58 . 2007-11-16 18:58 5495296 c:\windows\Installer\61fbe.msp
+ 2007-11-08 17:42 . 2007-11-08 17:42 4158464 c:\windows\Installer\61faa.msp
+ 2007-04-25 21:10 . 2007-04-25 21:10 6835712 c:\windows\Installer\61f84.msp
+ 2007-11-02 15:30 . 2007-11-02 15:30 7554048 c:\windows\Installer\5ee9a4.msp
+ 2007-05-22 15:46 . 2007-05-22 15:46 6108672 c:\windows\Installer\5ee98f.msp
+ 2007-02-14 16:13 . 2007-02-14 16:13 8240640 c:\windows\Installer\51b0c4.msi
+ 2007-02-14 16:04 . 2007-02-14 16:04 3397632 c:\windows\Installer\51b0bb.msi
+ 2006-12-04 17:51 . 2006-12-04 17:51 5250560 c:\windows\Installer\4d8a1.msp
+ 2006-11-20 17:42 . 2006-11-20 17:42 9713664 c:\windows\Installer\4d88b.msp
+ 2006-09-19 20:13 . 2006-09-19 20:13 8272896 c:\windows\Installer\4d876.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 6649856 c:\windows\Installer\4d861.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 4008448 c:\windows\Installer\4d83e.msp
+ 2006-09-11 16:19 . 2006-09-11 16:19 6253056 c:\windows\Installer\4d80e.msp
+ 2006-07-21 16:18 . 2006-07-21 16:18 4578816 c:\windows\Installer\4d7cf.msp
+ 2006-10-12 14:50 . 2006-10-12 14:50 1091584 c:\windows\Installer\4d7b9.msp
+ 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\4d78e.msp
+ 2006-08-16 02:36 . 2006-08-16 02:36 5206528 c:\windows\Installer\4d779.msp
+ 2007-04-11 15:58 . 2007-04-11 15:58 5923328 c:\windows\Installer\4d6b8.msi
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\4c5a4.msp
+ 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\4c576.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\4c538.msp
+ 2008-03-16 22:11 . 2008-03-16 22:11 5512704 c:\windows\Installer\4c524.msp
+ 2007-02-14 15:49 . 2007-02-14 15:49 5864960 c:\windows\Installer\44a536.msp
+ 2006-04-18 18:48 . 2006-04-18 18:48 1629184 c:\windows\Installer\44a52f.msp
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\44a52e.msp
+ 2007-02-14 15:45 . 2007-02-14 15:45 2109440 c:\windows\Installer\3f1850.msi
+ 2007-02-14 15:42 . 2007-02-14 15:42 3443712 c:\windows\Installer\3dc0ba.msi
+ 2008-07-08 17:27 . 2008-07-08 17:27 8436736 c:\windows\Installer\3a9775e.msp
+ 2007-07-03 18:30 . 2007-07-03 18:30 4185600 c:\windows\Installer\355ade.msi
+ 2007-01-10 14:05 . 2007-01-10 14:05 9921024 c:\windows\Installer\289ceb.msp
+ 2007-01-19 14:46 . 2007-01-19 14:46 6814208 c:\windows\Installer\289cd6.msp
+ 2007-03-19 14:31 . 2007-03-19 14:31 5259776 c:\windows\Installer\289cc1.msp
+ 2006-12-18 15:48 . 2006-12-18 15:48 5444096 c:\windows\Installer\289cac.msp
+ 2006-11-20 20:37 . 2006-11-20 20:37 6553088 c:\windows\Installer\289c97.msp
+ 2007-01-24 11:48 . 2007-01-24 11:48 9804800 c:\windows\Installer\289c6d.msp
+ 2008-02-13 01:58 . 2008-02-13 01:58 3620864 c:\windows\Installer\2084aa.msi
+ 2009-09-10 02:26 . 2009-09-10 02:26 3745280 c:\windows\Installer\1ddb2.msi
+ 2008-07-17 19:22 . 2008-07-17 19:22 7698432 c:\windows\Installer\11e7b2.msi
+ 2009-09-10 02:11 . 2009-09-10 02:11 1565696 c:\windows\Installer\10ca5b2.msi
+ 2007-02-14 15:29 . 2007-02-14 15:29 1863168 c:\windows\Downloaded Installations\{30E0B650-15F2-460F-98C9-0FC6E20CFC1E}\HMTCDWizard.msi
+ 2009-01-07 00:58 . 2009-10-27 03:59 17185912 c:\windows\system32\Restore\rstrlog.dat
+ 2007-04-24 19:05 . 2007-02-14 16:11 10673664 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142090}\Java 2 Runtime Environment, SE v1.4.2_09.msi
+ 2005-09-23 12:48 . 2005-09-23 12:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-03-12 13:24 . 2007-03-12 13:24 17103872 c:\windows\Installer\e978a0a.msi
+ 2008-08-15 00:49 . 2008-08-15 00:49 11615744 c:\windows\Installer\d1d8b4.msi
+ 2007-07-14 11:48 . 2007-07-14 11:48 15256576 c:\windows\Installer\aebe4.msp
+ 2007-05-29 19:41 . 2007-05-29 19:41 16549888 c:\windows\Installer\aebcd.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\6b29c.msp
+ 2007-05-01 15:29 . 2007-05-01 15:29 10994688 c:\windows\Installer\67d69d.msp
+ 2006-09-19 15:23 . 2006-09-19 15:23 12292096 c:\windows\Installer\4d823.msp
+ 2006-09-13 02:44 . 2006-09-13 02:44 13737984 c:\windows\Installer\4d7f9.msp
+ 2006-09-27 18:28 . 2006-09-27 18:28 10256384 c:\windows\Installer\4d7e4.msp
+ 2005-08-08 18:25 . 2005-08-08 18:25 97385984 c:\windows\Installer\4d762.msp
+ 2008-03-01 03:09 . 2008-03-01 03:09 16907776 c:\windows\Installer\4c58c.msp
+ 2008-04-14 19:26 . 2008-04-14 19:26 11888128 c:\windows\Installer\4c54d.msp
+ 2008-01-14 21:50 . 2008-01-14 21:50 11887104 c:\windows\Installer\4414e.msp
+ 2007-02-14 15:43 . 2007-02-14 15:43 19210240 c:\windows\Installer\3f1842.msp
+ 2008-03-17 17:48 . 2008-03-17 17:48 11813888 c:\windows\Installer\3e8ce.msp
+ 2008-08-13 20:49 . 2008-08-13 20:49 11816960 c:\windows\Installer\3a977b2.msp
+ 2008-07-30 14:50 . 2008-07-30 14:50 12506112 c:\windows\Installer\3a9779d.msp
+ 2008-07-08 16:09 . 2008-07-08 16:09 11887616 c:\windows\Installer\3a97788.msp
+ 2008-06-04 19:29 . 2008-06-04 19:29 16905728 c:\windows\Installer\3a97773.msp
+ 2007-01-18 18:29 . 2007-01-18 18:29 10978816 c:\windows\Installer\289c82.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-9 66864]
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55928:TCP"= 55928:TCP:GalleryAssemblies ModemWeb
"38781:TCP"= 38781:TCP:GalleryAssemblies SoftwareOffice
"21026:UDP"= 21026:UDP:GalleryAssemblies GoogleComponents
"37023:UDP"= 37023:UDP:GalleryAssemblies PublishWorks
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
S0 dtbyu;dtbyu;c:\windows\system32\drivers\bvdgk.sys --> c:\windows\system32\drivers\bvdgk.sys [?]
S0 phfzqldf;phfzqldf;c:\windows\system32\drivers\kbgzbk.sys --> c:\windows\system32\drivers\kbgzbk.sys [?]
S1 sdmanager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - uphcleanhlp
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder
2009-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-10-28 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-ccleaner - c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\CCleaner\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 17:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll
- - - - - - - > 'lsass.exe'(1380)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(5552)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\McAfee\VirusScan Enterprise\scriptcl.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\combofix\CF31346.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 17:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 22:32
ComboFix2.txt 2009-06-10 17:16
ComboFix3.txt 2009-06-10 02:29
Pre-Run: 40,869,425,152 bytes free
Post-Run: 41,100,742,656 bytes free
- - End Of File - - 7115E3E9E14F03368B0535138AFD30BA
ComboFix 09-06-09.06 - bchodkowski 06/10/2009 12:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1530 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\1301700638.exe
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\documents and settings\LocalService\Application Data\755020800.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\system32\avast!Antivirus.exe
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Malwarebytes
2009-06-10 04:10 . 2009-06-10 04:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 03:28 . 2009-06-10 04:10 -------- d-----w- c:\program files\World of Warcraft(3)
2009-06-10 03:06 . 2009-06-10 17:11 117760 ----a-w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 03:04 . 2009-06-10 04:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 03:04 . 2009-06-10 03:04 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\SUPERAntiSpyware.com
2009-06-10 02:50 . 2009-06-10 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 01:53 . 2009-06-10 02:19 63 ----a-w- c:\windows\system\SysSD.dll
2009-06-08 22:00 . 2009-06-10 04:10 -------- d-----w- c:\program files\World of Warcraft
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Acoustica
2009-05-17 05:32 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\program files\VST
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-05-17 05:30 . 2009-05-17 07:02 -------- d-----w- c:\program files\Acoustica Mixcraft 4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 17:06 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-10 02:16 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis(4).sys
2009-06-10 02:12 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis(3).sys
2009-05-08 04:06 . 2009-05-04 21:23 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\W Photo Studio Viewer
2009-05-06 18:33 . 2008-09-30 17:58 -------- d-----w- c:\program files\Google
2009-05-04 23:42 . 2009-05-04 20:27 98428 ----a-w- c:\windows\system32\drivers\c42c57a8.sys
2009-05-01 22:23 . 2009-05-01 17:53 100092 ----a-w- c:\windows\system32\drivers\e3d4ca63.sys
2009-03-13 02:18 . 2009-03-13 02:18 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.21.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 17:08 . 2009-06-10 17:08 16384 c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2009-06-10 03:04 . 2009-06-10 03:04 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-10 03:04 . 2009-06-10 03:04 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-01-07 00:58 . 2009-06-10 04:11 811984 c:\windows\system32\Restore\rstrlog.dat
+ 2007-02-08 20:34 . 2009-06-10 17:02 182912 c:\windows\system32\dllcache\ndis.sys
- 2007-02-08 20:34 . 2009-06-10 02:12 182912 c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S1 sdmanager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]
--- Other Services/Drivers In Memory ---
*Deregistered* - uphcleanhlp
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder
2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-06-10 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 12:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll
- - - - - - - > 'lsass.exe'(1380)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3300)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 12:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 17:16
ComboFix2.txt 2009-06-10 02:29
Pre-Run: 41,009,635,328 bytes free
Post-Run: 40,986,390,528 bytes free
248 --- E O F --- 2009-01-09 09:06
ComboFix 09-06-09.06 - bchodkowski 06/09/2009 21:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1425 [GMT -5:00]
Running from: c:\documents and settings\bchodkowski.HANSON-AMERICA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\9g2234wesdf3dfgjf23
c:\windows\system32\__c005BF47.dat
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\avast!AVSControlService.exe
c:\windows\system32\azton.mt
c:\windows\system32\hobukubo.dll.vir
c:\windows\system32\jbnmck.dll
c:\windows\system32\sft.res
c:\windows\system32\wejoseti.dll.tmp
c:\windows\system32\wiyoyova.dll.vir
c:\windows\system32\wopowupa.dll.tmp
c:\windows\system32\yeruwuma.dll.tmp
c:\windows\t55ft2692f44.dat
c:\windows\Temp\1175753116.exe
c:\windows\Temp\120.exe
c:\windows\Temp\1278194978.exe
c:\windows\Temp\1809917352.exe
c:\windows\Temp\210051792.exe
c:\windows\Temp\2431865338.exe
c:\windows\Temp\2441084088.exe
c:\windows\Temp\2580771588.exe
c:\windows\Temp\2762831588.exe
c:\windows\Temp\2769862838.exe
c:\windows\Temp\29045260.exe
c:\windows\Temp\2944394088.exe
c:\windows\Temp\3246240338.exe
c:\windows\Temp\3247490338.exe
c:\windows\Temp\3387177838.exe
c:\windows\Temp\4050698602.exe
c:\windows\Temp\4180698602.exe
c:\windows\Temp\658565616.exe
c:\windows\Temp\658878116.exe
c:\windows\Temp\687.exe
c:\windows\Temp\822054292.exe
c:\windows\Temp\869866792.exe
c:\windows\Temp\925.exe
----- BITS: Possible infected sites -----
hxxp://NAMSAMRVL009:80
hxxp://NAMSAMRVL009.grouphc.net:80
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 01:53 . 2009-06-10 02:19 63 ----a-w- c:\windows\system\SysSD.dll
2009-06-10 01:53 . 2009-01-07 22:20 13776 ----a-w- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 01:53 . 2009-01-22 15:29 1060864 ----a-w- c:\windows\system32\CheckDll.dll
2009-06-10 01:53 . 2009-06-10 01:56 -------- d-----w- c:\program files\SpywareDetector
2009-06-10 01:44 . 2009-06-10 01:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 22:22 . 2009-06-10 02:22 99422 ----a-w- c:\windows\system32\drivers\274af6ef.sys
2009-06-08 22:00 . 2009-06-08 22:15 -------- d-----w- c:\program files\World of Warcraft
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Acoustica
2009-05-17 05:32 . 2007-08-07 16:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-05-17 05:32 . 2009-05-17 05:32 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\program files\VST
2009-05-17 05:30 . 2009-05-17 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-05-17 05:30 . 2009-05-17 07:02 -------- d-----w- c:\program files\Acoustica Mixcraft 4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 02:16 . 2007-02-08 20:34 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-05-08 04:06 . 2009-05-04 21:23 -------- d-----w- c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\W Photo Studio Viewer
2009-05-06 18:33 . 2008-09-30 17:58 -------- d-----w- c:\program files\Google
2009-05-04 23:42 . 2009-05-04 20:27 98428 ----a-w- c:\windows\system32\drivers\c42c57a8.sys
2009-05-01 22:23 . 2009-05-01 17:53 100092 ----a-w- c:\windows\system32\drivers\e3d4ca63.sys
2009-03-13 02:18 . 2009-03-13 02:18 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-23 17920]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"ToolBoxFX"="c:\program files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2005-09-29 36864]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-31 1366528]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2007-2-14 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-09-09 07:15 63488 ----a-r- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sdnotify]
2008-12-01 16:15 475136 ----a-w- c:\program files\SpywareDetector\SDNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
R1 sdmanager;SDManager;c:\program files\SpywareDetector\SDManager.sys [6/9/2009 8:53 PM 13696]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
R2 sdmainsvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [6/9/2009 8:53 PM 923088]
R2 sdservice;SDService;c:\program files\SpywareDetector\SDService.exe [6/9/2009 8:53 PM 1720192]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/15/2007 1:50 PM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/14/2007 12:52 PM 36352]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2/8/2007 3:34 PM 14336]
S2 avast!AVSControlService;avast!AVSControlService;c:\windows\System32\avast!AVSControlService.exe -k netsvcs --> c:\windows\System32\avast!AVSControlService.exe -k netsvcs [?]
S2 Wmdmprov;iyglu;c:\windows\system32\svchost.exe -k netsvcs [2/8/2007 3:34 PM 14336]
S3 swmx02;HP ev2200 USB MUX Driver (#02);c:\windows\system32\drivers\swmx02.sys [11/18/2005 3:21 PM 57600]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SDMANAGER
*Deregistered* - uphcleanhlp
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Wmdmprov
.
Contents of the 'Scheduled Tasks' folder
2009-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-06-09 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-07-31 04:55]
.
- - - - ORPHANS REMOVED - - - -
BHO-{AFF01325-0FC2-4749-8914-FBF0565AD9CC} - jbnmck.dll
HKCU-Explorer_Run-1 - \\namarirvg001\admove$\emwprof\emwprof.bat
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 10.*.*.*;127.0.0.1;*.hanson-america.net;*.hanson-eu.net;*.hanson-ap.net;*.hgm.han;;;;;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: heidelbergcement.cyberu.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} - hxxp://hansononline/hbma/Portal/resources/msddsc.cab
FF - ProfilePath - c:\documents and settings\bchodkowski.HANSON-AMERICA\Application Data\Mozilla\Firefox\Profiles\1s396144.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 21:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\274af6ef]
"ImagePath"="\SystemRoot\System32\drivers\274af6ef.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmdmprov]
"ServiceDll"="c:\windows\system32\qctqykkn.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1340)
c:\program files\HPQ\IAM\Bin\OCGina.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\HPBrand.dll
c:\program files\HPQ\IAM\bin\ItTal.dll
c:\program files\HPQ\IAM\bin\ItReports.DLL
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\SpywareDetector\SDNotify.dll
c:\program files\HPQ\IAM\Bin\TrayIcon.dll
c:\program files\HPQ\IAM\Bin\ItDAC.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\STEngine.dll
c:\program files\HPQ\IAM\Bin\BioAuth.dll
c:\program files\HPQ\IAM\Bin\ITVCClient.dll
c:\program files\HPQ\IAM\Bin\AuthWiz.dll
c:\program files\HPQ\IAM\Bin\TpmAuth.dll
c:\program files\HPQ\IAM\Bin\TokenAuth.dll
c:\program files\HPQ\IAM\Bin\ittalsnap.DLL
c:\program files\HPQ\IAM\Bin\ItVCard.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\xenroll.dll
c:\program files\HPQ\IAM\Bin\ItAuth.dll
- - - - - - - > 'lsass.exe'(1396)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(324)
c:\windows\system32\APSHook.dll
c:\program files\HPQ\IAM\bin\ItClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\msiexec.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-10 21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 02:29
Pre-Run: 41,345,921,024 bytes free
Post-Run: 41,452,838,912 bytes free
281 --- E O F --- 2009-01-09 09:06
