Classic Windows Taskbar, No audio, MSconfig errors...HELP!!

when you say you restored twice, did you do a factory reset or a windows restore?

Your HJT log has some problems. I'd post in the security forum and/or expect this thread to be moved there.

I did a windows restore. For the oddest reason the company that made my computer made it without a way to factory reset it so I am screwed in that department unless I decide to do a complete system wipe. What problems do you see....I am not very program or windows savy. I just know the basics...you know ctrl-alt-delete, msconfig, ipconfig and regedit...and even then I only know how to mess with a few things in each one.

What problems do you see....I am not very program or windows savy. I just know the basics...

You have a bit of a mess.

Follow the steps in the link below and post the requested logs. I - or one of the other volunteers - will be happy to assist you as time permits.

Read me before posting a request for assistance

Best Luck :)
PP

Well I followed all instuctions to the "T" and was amazed to find so many infected files. Some of my buddies are having the same issue so we think its on one of their gigsticks from when they went home on leave from the deployment. So far the only thing I have not been able to do is disable the System Restore Points due to the same error from above. Also I cannot go into System in the Control Panel as I get a RUNDLL error.
Here are all the logs you requested. None of the programs had any issues running.

Malwarebytes' Anti-Malware 1.22
Database version: 977
Windows 5.1.2600 Service Pack 2


11:45:41 AM 7/22/2008
mbam-log-7-22-2008 (11-45-41).txt


Scan type: Full Scan (C:\|E:\|)
Objects scanned: 143747
Time elapsed: 54 minute(s), 1 second(s)


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 18
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 131


Memory Processes Infected:
(No malicious items detected)


Memory Modules Infected:
(No malicious items detected)


Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80af1289-f140-a140-d012-c1458759fc08} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914e0aa-eccb-4311-b584-c49538227824} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{841529cb-7f77-4b99-a895-b5441e0d302f} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.


Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{80af1289-f140-a140-d012-c1458759fc08} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7914e0aa-eccb-4311-b584-c49538227824} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{841529cb-7f77-4b99-a895-b5441e0d302f} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14698742-2059-3025-9058-954023874141} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.


Registry Data Items Infected:
(No malicious items detected)


Folders Infected:
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.


Files Infected:
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP120\A0061317.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP120\A0061319.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP120\A0061339.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP122\A0061370.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP122\A0061371.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP128\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP129\A0063370.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP129\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP130\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP131\A0064375.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP131\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP132\A0064376.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP132\snapshot\MFEX-1.DAT (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP111\A0049416.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050590.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050591.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050592.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050593.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050594.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050595.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050596.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050597.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050598.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050599.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050600.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050601.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050603.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050604.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050605.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050606.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050607.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050608.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050609.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050610.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP114\A0050602.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0051755.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0052753.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0053753.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0055009.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP115\A0058013.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059416.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059419.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059446.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059447.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059449.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059452.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059453.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP116\A0059454.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0059471.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0059472.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0059506.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061008.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061009.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061010.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061011.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061012.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061013.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061014.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP117\A0061015.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061239.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061230.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061232.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061241.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061242.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061243.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061244.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061245.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP118\A0061246.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061285.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061286.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061287.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061288.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061289.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DDC896A4-85FB-4728-ADC9-2CE936B6FFC8}\RP119\A0061290.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsRKAt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan Gartner\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.



ESET ONLINE SCANNER LOG


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3287 (20080722)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=8f30540818cdf9479341632a012abd64
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-07-22 10:20:49
# local_time=2008-07-22 12:20:49 (+0100, W. Europe Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=234734
# found=29
# scan_time=1760
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16272  Win32/PSW.OnLineGames.OAF trojan    C0C47673F779B83D257D9F62218A81D5
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16290  probably a variant of Win32/PSW.OnLineGames.OAF trojan  F8AEDCF99356D56656821E0B6D903FBD
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.19581  probably a variant of Win32/PSW.OnLineGames.OAF trojan  96D3006068C958EFE92F772545694D7A
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.23942  probably a variant of Win32/PSW.OnLineGames.OAF trojan  B4728DA4BD8A508D4B1D35FCF8C30987
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24084  probably a variant of Win32/PSW.OnLineGames.OAF trojan  72076372CE3DC9F8D4FB057C819AFE58
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24375  probably a variant of Win32/PSW.OnLineGames.OAF trojan  5A5DDACAC26A71CFF80749E93182020F
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.25660  probably a variant of Win32/PSW.OnLineGames.OAF trojan  0544B576C9EB86795101FDB3214B4597
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.31558  probably a variant of Win32/PSW.OnLineGames.OAF trojan  E978288FE86D7AB549B297148033A321
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35560  probably a variant of Win32/PSW.OnLineGames.OAF trojan  CCA79EF0259F6D9705CE6D68CB13F959
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37307  Win32/PSW.OnLineGames.OAF trojan    6159C2B79BFBFED466A72C250FDD1068
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38667  probably a variant of Win32/PSW.OnLineGames.OAF trojan  347D284C61F82BBF5A18C1FEA52BBCE6
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.44127  probably a variant of Win32/PSW.OnLineGames.OAF trojan  A46809747EB3FDB0FF076A92D6FD49A0
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45057  probably a variant of Win32/PSW.OnLineGames.OAF trojan  33A84B725A3506E44FAFBFEDC30D1ECD
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.51189  Win32/PSW.OnLineGames.OAF trojan    35FA2AFC23A5FA3A051C4C069963650B
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.51639  probably a variant of Win32/PSW.OnLineGames.OAF trojan  1A28264E0F163F038B78B672CAABA542
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70904  probably a variant of Win32/PSW.OnLineGames.OAF trojan  21DA88980F2BEC72581094AD750B247F
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.73858  probably a variant of Win32/PSW.OnLineGames.OAF trojan  CB0DD85CE5A67F3443D8657BD52F5D54
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.75872  probably a variant of Win32/PSW.OnLineGames.OAF trojan  57FCF55C08BD637AF0407C885BCBCDB5
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76054  probably a variant of Win32/PSW.OnLineGames.OAF trojan  27C01563013D159F0402C43EA79EF0C7
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.78972  probably a variant of Win32/PSW.OnLineGames.OAF trojan  0F4C04044A49875B98C0FFBB1EC4CCF1
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79169  probably a variant of Win32/PSW.OnLineGames.OAF trojan  3D9E1210D990186D8E3FE0C052350B2E
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.80674  Win32/PSW.OnLineGames.OAF trojan    A0CED4B0270A86CB6B2BBD04DFA97416
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83041  probably a variant of Win32/PSW.OnLineGames.OAF trojan  692AB6779A0F03151375DF28844563CA
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.84542  probably a variant of Win32/PSW.OnLineGames.OAF trojan  870725597F5C4B02C5150F091EAA5EA2
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86007  probably a variant of Win32/PSW.OnLineGames.OAF trojan  E4671392E3E4A06DF7DD8CF1A4C83DA1
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86308  probably a variant of Win32/PSW.OnLineGames.OAF trojan  4EFBAC1EE340422AC079984A69BC6DE0
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87023  probably a variant of Win32/PSW.OnLineGames.OAF trojan  991B8D9F910ABF6A6F1B68F90EEF48A8
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89256  probably a variant of Win32/PSW.OnLineGames.OAF trojan  D86A783DA352B33CD7DA13D73FEB4FBC
C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.98146  probably a variant of Win32/PSW.OnLineGames.OAF trojan  24AB5653386DB224AE6A51E260CC2675


Deckard's System Scanner v20071014.68
Run by Ryan Gartner on 2008-07-22 13:18:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Failed to create restore point; System Restore is disabled (service is not running).



-- Last 5 Restore Point(s) --
42: 2008-07-22 00:41:00 UTC - RP132 - Restore Operation
41: 2008-07-22 00:20:03 UTC - RP131 - Restore Operation
40: 2008-07-22 00:18:03 UTC - RP130 - In case of sound
39: 2008-07-22 00:11:23 UTC - RP129 - Restore Operation
38: 2008-07-21 16:13:25 UTC - RP128 - Installed DirectX 9.0



-- First Restore Point --
1: 2008-07-01 21:01:02 UTC - RP91 - Removed Age of Empires III



Backed up registry hives.
Performed disk cleanup.


System Drive C: has 25.5 GiB (less than 15%) free.



-- HijackThis (run as Ryan Gartner.exe) ----------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:40 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\MHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\CleGameKey\driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Ryan Gartner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan Gartner.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: detxbiua.dll - {20618412-C528-C784-C056-C164D1F7C502} - C:\WINDOWS\system32\detxbiua.dll (file missing)
O2 - BHO: ijdybpaw.dll - {2A698452-C5D8-C584-C256-C264C987C5A2} - C:\WINDOWS\system32\ijdybpaw.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: zywlcime.dll - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - C:\WINDOWS\system32\zywlcime.dll (file missing)
O2 - BHO: tisqctyu.dll - {38093456-9012-4568-9076-908765467183} - C:\WINDOWS\system32\tisqctyu.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:\WINDOWS\system32\pqzfajke.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O2 - BHO: hdf453d.dll - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - C:\WINDOWS\system32\hdf453d.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LchGKey] C:\WINDOWS\LchGKey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Hook] C:\Program Files\VideoView\StkHK.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196826068891
O17 - HKLM\System\CCS\Services\Tcpip\..\{797AB5AC-E12D-48D0-A954-55EE70D653F0}: NameServer = 217.237.148.102 217.237.151.115
O20 - AppInit_DLLs: NTNJXSJTVC.dll caotxb.dll jsnoer.dll joliom.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe


--
End of file - 12324 bytes


-- File Associations -----------------------------------------------------------


.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


All drivers whitelisted.



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


All services whitelisted.



-- Device Manager: Disabled ----------------------------------------------------


No disabled devices found.



-- Scheduled Tasks -------------------------------------------------------------


2008-07-22 07:28:47       354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-22 07:28:45       346 --a------ C:\WINDOWS\Tasks\McQcTask.job



-- Files created between 2008-06-22 and 2008-07-22 -----------------------------


2008-07-22 11:46:57         0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44:43         0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44:42         0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 10:44:41         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 07:37:10         0 dr------- C:\Documents and Settings\LocalService\Favorites <FAVORI~1>
2008-07-22 07:30:33         0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30:29         0 d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30:29         0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30:05    143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-07-22 07:28:37         0 d-------- C:\Program Files\McAfee.com
2008-07-22 07:28:36         0 d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28:29         0 d-------- C:\Program Files\McAfee
2008-07-22 07:16:56         0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-22 03:11:18         0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-22 03:02:57         0 d-------- C:\Program Files\Trend Micro
2008-07-22 02:30:24         0 d-------- C:\WINDOWS\pss
2008-07-22 01:46:14         0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 19:50:03     38048 --a------ C:\WINDOWS\system32\drivers\HBKernel.sys
2008-07-21 18:03:36         0 d-------- C:\Program Files\Codemasters
2008-07-20 13:55:02         0 d-------- C:\Program Files\Zune
2008-07-16 16:58:13         0 d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42:01         0 d-------- C:\Program Files\Sierra
2008-07-11 23:06:17         8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27:41        36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27:30        24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:23:47        24 --a------ C:\WINDOWS\system32\wymxajkl.sys
2008-07-08 00:21:02        20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00:12         0 d-------- C:\Program Files\Stardock Games
2008-07-06 12:52:26         0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-06 12:52:19         0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45:14         0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:45:13         0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 12:44:02         0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 01:01:45         0 d-------- C:\Program Files\EGOSOFT
2008-07-05 01:29:09        36 --a------ C:\WINDOWS\system32\ijzhatde.sys
2008-07-05 01:28:58        24 --a------ C:\WINDOWS\system32\sqjsakaq.sys
2008-07-04 15:08:27         0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48:31         0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47:18         0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-03 20:47:18         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-03 20:47:18         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-03 20:47:18         0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-03 20:47:18         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-03 20:47:18    524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-03 20:47:18         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-03 20:47:18         0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-03 20:47:18         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-03 20:47:18         0 d-------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-07-03 20:47:18         0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-03 20:47:18         0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-03 20:47:18         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-03 20:47:18         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-03 20:47:18         0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47:18         0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:18:42         4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-07-03 20:18:40         0 d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18:40         0 d-------- C:\WINDOWS\system32\gI5
2008-07-03 20:09:26        24 --a------ C:\WINDOWS\system32\pzwmaime.sys
2008-07-03 01:44:30         0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-03 01:40:56         0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40:37         0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:21:56         0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-02 21:16:58         0 d--h----- C:\WINDOWS\PIF
2008-07-02 20:10:59         0 d-------- C:\Temp
2008-07-01 23:04:18   5767168 --a------ C:\Documents and Settings\Ryan Gartner\ntuser.dat
2008-07-01 23:04:18    229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-30 17:48:00        24 --a------ C:\WINDOWS\system32\ciwdaapi.sys
2008-06-30 17:47:21        36 --a------ C:\WINDOWS\system32\ijsgajba.sys
2008-06-30 17:46:44        24 --a------ C:\WINDOWS\system32\pzwlaime.sys
2008-06-22 11:18:53         0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Help
2008-06-22 11:15:35         0 d-------- C:\Program Files\TRABULANCE



-- Find3M Report ---------------------------------------------------------------


2008-07-22 07:28:36         0 d-------- C:\Program Files\Common Files
2008-07-21 04:08:22         0 d-------- C:\Program Files\Steam
2008-07-17 06:21:05         0 d-------- C:\Program Files\DAP
2008-07-09 01:58:51         0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Adobe
2008-07-07 21:20:35         0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-02 14:00:00         0 d-------- C:\Program Files\Starcraft
2008-07-02 11:54:12         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 23:04:29         0 d-------- C:\Program Files\Sierra Entertainment
2008-06-15 19:35:40         0 d-------- C:\Program Files\Diablo II
2008-06-15 19:32:16     21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-15 19:32:16     17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-15 19:32:16     12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-15 13:51:41     34562 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-15 10:37:58      2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-15 10:37:58     94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-15 09:50:14         0 d-------- C:\Program Files\OpenAL
2008-06-13 14:26:00         0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 14:15:33         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 14:47:05         0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 18:53:00         0 d-------- C:\Program Files\Activision
2008-06-07 18:04:48         0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 00:42:16       967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-03 00:42:16     94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-03 00:42:16     35382 --a------ C:\WINDOWS\scunin.dat
2008-06-02 15:24:27         0 d-------- C:\Program Files\Elaborate Bytes



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20618412-C528-C784-C056-C164D1F7C502}]
C:\WINDOWS\system32\detxbiua.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A698452-C5D8-C584-C256-C264C987C5A2}]
C:\WINDOWS\system32\ijdybpaw.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936  --a------   c:\PROGRA~1\mcafee\msk\mcapbho.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}]
C:\WINDOWS\system32\zywlcime.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38093456-9012-4568-9076-908765467183}]
C:\WINDOWS\system32\tisqctyu.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D698451-2015-6358-9871-2015987452D3}]
C:\WINDOWS\system32\apzhctde.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}]
C:\WINDOWS\system32\pqzfajke.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FD45A54-9875-698F-E56E-65102358FDF7}]
C:\WINDOWS\system32\apsggjba.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B629FF4F-ACDB-5C90-A098-FACB3456A26B}]
C:\WINDOWS\system32\hdf453d.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [07/27/2007 02:00 PM C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/23/2007 05:45 PM]
"nwiz"="nwiz.exe" [08/23/2007 05:45 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/23/2007 05:45 PM]
"RTHDCPL"="RTHDCPL.EXE" [02/26/2007 09:03 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 12:04 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 12:43 PM C:\WINDOWS\Alcmtr.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/23/2006 01:31 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/08/2006 06:34 PM]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [04/10/2007 02:44 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/21/2007 09:19 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/21/2007 09:17 PM]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [07/30/2007 11:31 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/24/2006 01:10 AM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/06/2006 08:55 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/13/2006 01:40 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 08:35 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 03:21 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [08/24/2007 11:57 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/24/2006 04:05 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 02:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 09:34 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 05:07 AM]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 7:05:26 AM]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= C:\WINDOWS\system32\apsggjba.dll [ ]
"{8A041F13-A111-12A3-B0CF-F99818AA68A8}"= C:\WINDOWS\system32\zxmsewin.dll [ ]
"{2A698452-C5D8-C584-C256-C264C987C5A2}"= C:\WINDOWS\system32\ijdybpaw.dll [ ]
"{B629FF4F-ACDB-5C90-A098-FACB3456A26B}"= C:\WINDOWS\system32\hdf453d.dll [ ]
"{7319A1F1-9410-9654-3201-345FFA349137}"= C:\WINDOWS\system32\zywmgime.dll [ ]
"{20618412-C528-C784-C056-C164D1F7C502}"= C:\WINDOWS\system32\detxbiua.dll [ ]
"{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}"= C:\WINDOWS\system32\zywlcime.dll [ ]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= C:\WINDOWS\system32\mndshsrv.dll [ ]
"{6A908760-8000-4000-A000-9000322145A6}"= C:\WINDOWS\system32\akjsfkaq.dll [ ]
"{3D698451-2015-6358-9871-2015987452D3}"= C:\WINDOWS\system32\apzhctde.dll [ ]
"{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}"= C:\WINDOWS\system32\pqzfajke.dll [ ]
"{5A069845-2036-6084-9054-6087502480A5}"= C:\WINDOWS\system32\ozfyebyt.dll [ ]
"{45671234-7890-ABCD-CDEF-567801237654}"= C:\WINDOWS\system32\yxcsdhlp.dll [ ]
"{30618412-C528-C784-C056-C164D1F7C503}"= C:\WINDOWS\system32\detxciua.dll [ ]
"{57AC9076-C898-B098-D098-A18319080975}"= C:\WINDOWS\system32\nhmxejkl.dll [ ]
"{39109876-7619-9101-7012-901938475193}"= C:\WINDOWS\system32\ietzcpaq.dll [ ]
"{38093456-9012-4568-9076-908765467183}"= C:\WINDOWS\system32\tisqctyu.dll [ ]
"{4D698451-2015-6358-9871-2015987452D4}"= C:\WINDOWS\system32\apzhdtde.dll [ ]
"{7C954872-1230-6541-9548-6541025884C7}"= C:\WINDOWS\system32\fd233ds4f3.dll [ ]
"{25FD6584-698F-BCD2-602C-698745210352}"= C:\WINDOWS\system32\rijxbkin.dll [ ]
"{8C8D1401-A58D-A81C-CD24-A5915C4517C8}"= C:\WINDOWS\system32\mnmhhsrv.dll [ ]
"{A1954FAC-1023-154F-895A-1458258AD81A}"= C:\WINDOWS\system32\ypdjhbmp.dll [ ]
"{40618412-C528-C784-C056-C164D1F7C504}"= C:\WINDOWS\system32\detxdiua.dll [ ]
"{97FD640A-158F-48AC-FD14-1597F14A9779}"= C:\WINDOWS\system32\mndsisrv.dll [ ]
"{49109876-7619-9101-7012-901938475194}"= C:\WINDOWS\system32\ietzdpaq.dll [ ]
"{6A069845-2036-6084-9054-6087502480A6}"= C:\WINDOWS\system32\ozfyfbyt.dll [ ]
"{8C954872-1230-6541-9548-6541025884C8}"= C:\WINDOWS\system32\fd233ds4f4.dll [ ]
"{9319A1F1-9410-9654-3201-345FFA349139}"= C:\WINDOWS\system32\zywmiime.dll [ ]
"{C629FF4F-ACDB-5C90-A098-FACB3456A26C}"= C:\WINDOWS\system32\hdf453d1.dll [ ]
"{8FD45A54-9875-698F-E56E-65102358FDF8}"= C:\WINDOWS\system32\apsghjba.dll [ ]
"{50618412-C528-C784-C056-C164D1F7C505}"= C:\WINDOWS\system32\detxeiua.dll [ ]
"{47A924AF-1A5F-CF21-AB1D-1D5CF82A8A74}"= C:\WINDOWS\system32\zywldime.dll [ ]
"{48093456-9012-4568-9076-908765467184}"= C:\WINDOWS\system32\tisqdtyu.dll [ ]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= C:\WINDOWS\system32\tdfhex.dll [ ]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= C:\WINDOWS\system32\fmcvxy.dll [ ]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"= C:\WINDOWS\system32\zsdgff.dll [ ]
"{461D2AB4-29A5-45C2-9134-D52272D3DE38}"= C:\WINDOWS\system32\rfdswc.dll [ ]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]
"{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}"= C:\WINDOWS\system32\dndsaf.dll [ ]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS\system32\tdggrz.dll [ ]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [ ]
"{0086DD39-EB8E-4504-A085-AC8A433E34D0}"= C:\WINDOWS\system32\ydggsx.dll [ ]
"{28766E1C-74B0-4417-8C75-F12AE309EF35}"= C:\WINDOWS\system32\wzcfsw.dll [ ]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [ ]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [ ]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NTNJXSJTVC.dll caotxb.dll jsnoer.dll joliom.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
Auto\command- F:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
Auto\command- G:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
Auto\command- F:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
Auto\command- F:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe


-- Hosts -----------------------------------------------------------------------


202.165.102.205 972.aksjd11.com202.165.102.205 w3og.cn203.208.35.100 qazc.fourtw.cn203.208.35.100 www.aujoy.cn203.208.35.101 www.hao601.cn203.208.35.101 www.psp476.cn72.14.235.99 222.1212l112.net72.14.235.99 444.1212l112.netn72.14.235.99 555.1212l112.net72.14.235.99 111.1212l112.net


8264 more entries in hosts file.



-- End of Deckard's System Scanner: finished at 2008-07-22 13:19:04 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English


CPU

Well . . . That's a mess! You are probably right to suspect a bad pen drive, but that was probably only a small contributor.
Frankly, in cases such as this, a reformat and clean install is easier than trying to remove the mess since things might never get back to "normal." However, if you want to try, we can give it a go - just continue with the step below:

Please follow the steps in the linky below to run combofix and post that log for me:

How To Use ComboFix

Best Luck :)
PP

I must say, combofix may have done it. I have access to all files that gave me rundll32 errors, I can view my system information again and my sound drivers are back how they should be. One thing...I thought I had installed the recovery console but combofix apparently didnt detect it so I ran it again using the downloaded file just incase it would ever be needed again. Here is the log of the first time

ComboFix 08-07-21.2 - Ryan Gartner 2008-07-22 22:14:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2300 [GMT 2:00]
Running from: C:\Documents and Settings\Ryan Gartner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ryan Gartner\services.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\dndsaf.dll.LoG
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\dtzfajke.sys
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gajzalit.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gpzhatde.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\ijzhatde.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\tdfhex.dll.LoG
C:\WINDOWS\system32\tdggrz.dll.LoG
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HBKERNEL
-------\Service_HBKernel

((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 19:02 . 2008-07-22 19:02 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 11:46 . 2008-07-22 12:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44 . 2008-07-22 19:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 07:31 . 2008-07-22 15:48 8,983 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-22 07:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-22 07:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-22 07:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-22 07:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-22 07:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-22 07:28 . 2008-07-22 20:54 <DIR> d-------- C:\Program Files\McAfee
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-22 07:16 . 2008-07-22 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-22 03:02 . 2008-07-22 03:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03 . 2008-07-21 18:03 <DIR> d-------- C:\Program Files\Codemasters
2008-07-20 13:55 . 2008-07-20 13:56 <DIR> d-------- C:\Program Files\Zune
2008-07-20 13:55 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 16:58 . 2008-07-16 16:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42 . 2008-07-16 16:42 <DIR> d-------- C:\Program Files\Sierra
2008-07-11 23:06 . 2008-07-14 01:13 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27 . 2008-07-08 00:27 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27 . 2008-07-08 00:27 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:21 . 2008-07-08 00:21 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00 . 2008-07-06 17:00 <DIR> d-------- C:\Program Files\Stardock Games
2008-07-06 12:52 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45 . 2008-07-06 12:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:44 . 2008-07-22 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 09:05 . 2008-07-06 09:05 223,942 --a------ C:\AnalysisLog.sr0
2008-07-06 01:01 . 2008-07-06 01:01 <DIR> d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08 . 2008-07-04 15:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48 . 2008-07-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47 . 2007-12-05 05:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47 . 2008-04-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:47 . 2008-07-03 20:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:18 . 2008-07-04 16:10 <DIR> d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18 . 2008-07-08 17:29 <DIR> d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:40 . 2008-07-21 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40 . 2008-07-03 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:16 . 2008-07-02 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-02 20:20 . 2008-07-02 20:20 9,936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10 . 2008-07-02 20:10 <DIR> d-------- C:\Temp\syschk3
2008-07-02 20:10 . 2008-07-22 22:14 <DIR> d-------- C:\Temp
2008-07-02 19:30 . 2007-07-31 04:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 19:30 . 2007-07-31 04:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 19:30 . 2007-07-31 04:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-22 11:15 . 2008-06-22 11:15 <DIR> d-------- C:\Program Files\TRABULANCE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 02:08 --------- d-----w C:\Program Files\Steam
2008-07-17 04:21 --------- d-----w C:\Program Files\DAP
2008-07-07 19:20 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-07-02 12:00 --------- d-----w C:\Program Files\Starcraft
2008-07-02 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 21:04 --------- d-----w C:\Program Files\Sierra Entertainment
2008-06-19 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-15 17:35 --------- d-----w C:\Program Files\Diablo II
2008-06-15 08:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-15 08:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-15 07:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 12:26 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:18 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 18:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-09 12:47 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 16:53 --------- d-----w C:\Program Files\Activision
2008-06-07 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 22:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 13:24 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 20:19 22,328 ----a-w C:\Documents and Settings\Ryan Gartner\Application Data\PnkBstrK.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 23:33 3,640 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 23:34 1,040 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 22:19 520 --sh--w C:\WINDOWS\system32\xbfsbjbo.sys
2004-08-08 22:20 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 04:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 21:34 5724184]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 05:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 17:45 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 17:45 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 18:34 815104]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [2007-04-10 02:44 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 21:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 21:17 970752]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [2007-07-30 23:31 40960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 01:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 08:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-08-23 17:45 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"=
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13936:TCP"= 13936:TCP:BitComet 13936 TCP
"13936:UDP"= 13936:UDP:BitComet 13936 UDP

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-20 00:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-28 01:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 05:28:47 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-22 05:28:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKLM-Run-HBmhly - C:\WINDOWS\system32\HBmhly.exe
HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe
ShellExecuteHooks-{30618412-C528-C784-C056-C164D1F7C503} - C:\WINDOWS\system32\detxciua.dll
ShellExecuteHooks-{9319A1F1-9410-9654-3201-345FFA349139} - C:\WINDOWS\system32\zywmiime.dll
ShellExecuteHooks-{C629FF4F-ACDB-5C90-A098-FACB3456A26C} - C:\WINDOWS\system32\hdf453d1.dll
ShellExecuteHooks-{8FD45A54-9875-698F-E56E-65102358FDF8} - C:\WINDOWS\system32\apsghjba.dll
ShellExecuteHooks-{50618412-C528-C784-C056-C164D1F7C505} - C:\WINDOWS\system32\detxeiua.dll
ShellExecuteHooks-{47A924AF-1A5F-CF21-AB1D-1D5CF82A8A74} - C:\WINDOWS\system32\zywldime.dll
ShellExecuteHooks-{48093456-9012-4568-9076-908765467184} - C:\WINDOWS\system32\tisqdtyu.dll
ShellExecuteHooks-{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} - C:\WINDOWS\system32\fmcvxy.dll
ShellExecuteHooks-{53D44DB6-E22B-4B17-97D3-572C96CCA6E1} - C:\WINDOWS\system32\zsdgff.dll
ShellExecuteHooks-{5E907A48-400E-4EA8-9792-FFAE052D59E9} - C:\WINDOWS\system32\pedadt.dll
ShellExecuteHooks-{0086DD39-EB8E-4504-A085-AC8A433E34D0} - C:\WINDOWS\system32\ydggsx.dll
ShellExecuteHooks-{7914E0AA-ECCB-4311-B584-C49538227824} - C:\WINDOWS\system32\jhfrxz.dll
SSODL-DesktopWin-{DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 22:17:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\CleGameKey\Driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-07-22 22:21:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 20:21:37

Pre-Run: 27,029,389,312 bytes free
Post-Run: 26,963,234,816 bytes free

348

And this is when I installed the recovery console.

ComboFix 08-07-21.2 - Ryan Gartner 2008-07-22 22:35:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2270 [GMT 2:00]
Running from: C:\Documents and Settings\Ryan Gartner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan Gartner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\caotxb.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\googleons.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\jsnoer.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\welycz.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zycdex.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 22:33 . 2008-07-22 22:33 36,864 --a------ C:\WINDOWS\system32\mssetd.dll
2008-07-22 22:33 . 2008-07-22 22:33 24,576 --a------ C:\WINDOWS\system32\wcnonpe.dll
2008-07-22 22:33 . 2008-07-22 22:33 24,576 --a------ C:\WINDOWS\system32\myusemt.dll
2008-07-22 22:33 . 2008-07-22 22:33 24,576 --a------ C:\WINDOWS\system32\longasus.dll
2008-07-22 22:33 . 2008-07-22 22:33 14,336 --a------ C:\WINDOWS\system32\mssetdk.exe
2008-07-22 19:02 . 2008-07-22 19:02 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 11:46 . 2008-07-22 12:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44 . 2008-07-22 19:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 07:31 . 2008-07-22 15:48 8,983 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-22 07:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-22 07:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-22 07:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-22 07:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-22 07:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-22 07:28 . 2008-07-22 20:54 <DIR> d-------- C:\Program Files\McAfee
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-22 07:16 . 2008-07-22 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-22 03:02 . 2008-07-22 03:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03 . 2008-07-21 18:03 <DIR> d-------- C:\Program Files\Codemasters
2008-07-20 13:55 . 2008-07-20 13:56 <DIR> d-------- C:\Program Files\Zune
2008-07-20 13:55 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 16:58 . 2008-07-16 16:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42 . 2008-07-16 16:42 <DIR> d-------- C:\Program Files\Sierra
2008-07-11 23:06 . 2008-07-14 01:13 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27 . 2008-07-08 00:27 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27 . 2008-07-08 00:27 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:21 . 2008-07-08 00:21 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00 . 2008-07-06 17:00 <DIR> d-------- C:\Program Files\Stardock Games
2008-07-06 12:52 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45 . 2008-07-06 12:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:44 . 2008-07-22 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 09:05 . 2008-07-06 09:05 223,942 --a------ C:\AnalysisLog.sr0
2008-07-06 01:01 . 2008-07-06 01:01 <DIR> d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08 . 2008-07-04 15:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48 . 2008-07-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47 . 2007-12-05 05:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47 . 2008-04-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:47 . 2008-07-03 20:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:18 . 2008-07-04 16:10 <DIR> d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18 . 2008-07-08 17:29 <DIR> d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:40 . 2008-07-21 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40 . 2008-07-03 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:16 . 2008-07-02 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-02 20:20 . 2008-07-02 20:20 9,936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10 . 2008-07-02 20:10 <DIR> d-------- C:\Temp\syschk3
2008-07-02 20:10 . 2008-07-22 22:14 <DIR> d-------- C:\Temp
2008-07-02 19:30 . 2007-07-31 04:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 19:30 . 2007-07-31 04:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 19:30 . 2007-07-31 04:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-22 11:15 . 2008-06-22 11:15 <DIR> d-------- C:\Program Files\TRABULANCE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 21:02 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-22 20:31 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-21 02:08 --------- d-----w C:\Program Files\Steam
2008-07-17 04:21 --------- d-----w C:\Program Files\DAP
2008-07-07 19:20 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-07-02 12:00 --------- d-----w C:\Program Files\Starcraft
2008-07-02 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 21:04 --------- d-----w C:\Program Files\Sierra Entertainment
2008-06-19 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-15 17:35 --------- d-----w C:\Program Files\Diablo II
2008-06-15 08:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-15 08:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-15 07:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 12:26 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:18 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 18:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-09 12:47 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 16:53 --------- d-----w C:\Program Files\Activision
2008-06-07 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 22:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 13:24 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 20:19 22,328 ----a-w C:\Documents and Settings\Ryan Gartner\Application Data\PnkBstrK.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 23:33 3,640 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 23:34 1,040 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 22:19 520 --sh--w C:\WINDOWS\system32\xbfsbjbo.sys
2004-08-08 22:20 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_22.21.28.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-22 20:34:28 24,576 ----a-w C:\WINDOWS\system32\comrsdo.dll
+ 2008-07-22 20:34:12 240,128 ---ha-w C:\WINDOWS\system32\fmcvxy.dll
+ 2008-07-22 20:34:15 225,792 ---ha-w C:\WINDOWS\system32\jfdses.dll
+ 2008-07-22 20:34:05 225,792 ---ha-w C:\WINDOWS\system32\jhfrxz.dll
+ 2008-07-22 20:34:44 24,576 ----a-w C:\WINDOWS\system32\tennfs.dll
+ 2008-07-22 20:34:49 24,576 ----a-w C:\WINDOWS\system32\theralte.dll
+ 2008-07-22 20:34:18 28,672 ----a-w C:\WINDOWS\system32\woswelc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 04:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 21:34 5724184]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 05:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 17:45 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 17:45 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 18:34 815104]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [2007-04-10 02:44 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 21:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 21:17 970752]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [2007-07-30 23:31 40960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 01:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 08:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-08-23 17:45 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7914E0AA-ECCB-4311-B584-C49538227824}"= "C:\WINDOWS\system32\jhfrxz.dll" [2008-07-22 22:34 225792]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= "C:\WINDOWS\system32\fmcvxy.dll" [2008-07-22 22:34 240128]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\system32\jfdses.dll" [2008-07-22 22:34 225792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-22 22:31 14336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"=
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13936:TCP"= 13936:TCP:BitComet 13936 TCP
"13936:UDP"= 13936:UDP:BitComet 13936 UDP

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-20 00:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-28 01:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 05:28:47 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-22 05:28:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 23:02:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CleGameKey\Driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-07-22 23:05:34 - machine was rebooted [Ryan Gartner]
ComboFix-quarantined-files.txt 2008-07-22 21:05:31
ComboFix2.txt 2008-07-22 20:21:41

Pre-Run: 26,932,555,776 bytes free
Post-Run: 26,960,424,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

282

Hi slntassassin87,

There is still a bunch left to remove, but I am having trouble viewing this thread. Can you see all the posts OK?
I can only see them when I click the "reply" button and then some of the combofix log entries are cut off.

Could you please start a new thread and then run ComboFix again and post the log. I should be able to see that and give you the next steps ( a script for combofix to remove additional baddies).

PP :)

Hmmm I can see all of them ok...I will remake it with the combofix logs

Thanks.

I think it may turn out to be an issue on my end having to do with Firefox browser. I just don't have time to track it down and it happens so rarely. I just needed to see that Combofix log in its entirety to work up the next step.

PP :)