Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Google Links Redirect and Many Many other problems!!!!

(New)
(!)

AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
22-Jun-2007, 12:05 PM #1
Solved: Google Links Redirect and Many Many other problems!!!!
Hello. I've been scanning like crazy with all sorts of stuff lately like AVG, SuperAntiSpyware, and other things. They keep coming up with things like Virtumonde, Smitfraud and countless other things and everytime I delete them, they come back. Also whenever I go to google and click a link it usually redirects me to a site like ebay. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:54, on 2007-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\scchk32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Application Data\pkforids.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\wvuturq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pkforids.exe] "C:\Documents and Settings\All Users\Application Data\pkforids.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1179799146341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1179799134498
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.pjio.com/download/pjio_gamelauncher.CAB
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{53B68F42-EEE0-457E-8A95-34691AA43C0C}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89B0B0F-A70F-44F4-A37E-BA72C60B7DAD}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O20 - Winlogon Notify: winqtd32 - winqtd32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wvuturq - wvuturq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rbcblbmy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
sjpritch25's Avatar
Computer Specs
Malware Removal Specialist with 9,113 posts.
 
Join Date: Sep 2005
Location: Florida
Experience: Advanced
22-Jun-2007, 02:29 PM #2
Welcome to TSG

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
22-Jun-2007, 05:47 PM #3
Thank you so much! I can't even begin to say how thankful I am.

The Combofix log:

ComboFix 07-06-21.3 - C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
"HP_Administrator" - 2007-06-22 18:24:59 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Conquer 2.0\c3\0003\611\_desktop.ini
C:\Program Files\Conquer 2.0\c3\0003\741\_desktop.ini
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-22 16:54 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-06-22 16:54 175,616 --a------ C:\WINDOWS\system32\strings.exe
2007-06-22 16:54 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-06-22 16:54 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-06-22 16:54 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-06-22 16:49 <DIR> d-------- C:\WINDOWS\system32\pmcubosf
2007-06-22 14:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-22 14:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-22 14:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-22 13:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-22 13:21 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MailFrontier
2007-06-22 13:16 37,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-22 13:16 326,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-22 13:01 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-22 13:01 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-22 13:01 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-22 13:01 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-22 13:01 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-22 13:01 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-22 13:00 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-22 13:00 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-22 12:50 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-22 12:50 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-22 12:50 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-22 12:49 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-22 12:49 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-22 12:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-22 12:32 <DIR> d-------- C:\Program Files\RogueRemover
2007-06-22 09:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-22 02:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-22 02:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-22 02:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-22 02:29 <DIR> d-------- C:\Program Files\SpywareGuard
2007-06-22 02:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-22 02:12 2,932 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-22 02:11 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\DoctorWeb
2007-06-22 02:07 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 22:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-21 17:30 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-21 15:59 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-06-21 15:27 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-21 15:03 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SpywareBot
2007-06-21 14:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-21 14:50 24,128 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-21 14:50 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-21 14:50 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-06-21 14:50 160,320 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-21 14:50 1,521,216 --a------ C:\WINDOWS\WRSetup.dll
2007-06-21 14:50 <DIR> d-------- C:\Program Files\Webroot
2007-06-21 14:50 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Webroot
2007-06-21 14:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-21 14:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-06-21 14:27 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-21 14:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-21 14:27 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-21 14:27 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-21 14:27 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-21 14:27 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-21 14:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-21 14:27 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools
2007-06-21 14:03 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\qvydclcl.exe
2007-06-21 12:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-21 08:56 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-18 19:55 <DIR> d-------- C:\Program Files\Immortal Defense
2007-06-18 16:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-18 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-18 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-18 16:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 12:00 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-14 11:50 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\pkforids.exe
2007-06-11 09:37 <DIR> d-------- C:\WINDOWS\system3232
2007-06-11 01:59 <DIR> d-------- C:\Program Files\The World
2007-06-07 12:20 <DIR> d-------- C:\Program Files\CAPCOM
2007-06-04 20:21 <DIR> d-------- C:\Program Files\BannedStory
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-28 12:01 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\DivX
2007-05-28 11:50 <DIR> d-------- C:\Program Files\EuropeMS
2007-05-27 14:24 <DIR> d-------- C:\Program Files\Blumenmacht
2007-05-24 20:29 <DIR> d-------- C:\Program Files\GetRight
2007-05-24 20:28 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\GetRightToGo
2007-05-22 21:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-22 21:35 1,843,584 --a------ C:\WINDOWS\system32\win32k.sys
2007-05-22 03:01 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-22 00:49 271,224 --a------ C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-10-23 22:39:49 -------- d-----w C:\Program Files\e-Games
2007-06-22 18:55:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-22 17:15:15 -------- d-----w C:\Program Files\Google
2007-06-22 06:15:42 -------- d-----w C:\Program Files\Viewpoint
2007-06-21 19:11:14 -------- d-----w C:\Program Files\FlashGet
2007-06-21 12:31:53 -------- d-----w C:\Program Files\Sketch Warriors 2
2007-06-20 02:51:54 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
2007-06-20 02:18:21 -------- d-----w C:\Program Files\CamStudio
2007-06-17 06:01:50 -------- d-----w C:\Program Files\Midi Maker
2007-06-17 02:46:20 -------- d-----w C:\Program Files\iTunes
2007-06-17 02:46:11 -------- d-----w C:\Program Files\iPod
2007-06-17 02:36:55 -------- d-----w C:\Program Files\QuickTime
2007-06-07 18:27:17 -------- d-----w C:\Program Files\HyCam2
2007-06-07 05:11:51 3,172 -c--a-w C:\WINDOWS\mozver.dat
2007-05-28 04:01:46 -------- d-----w C:\Program Files\Conquer 2.0
2007-05-23 01:51:47 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-05-22 03:05:03 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-20 21:40:19 -------- d-----w C:\Program Files\Game_Maker6
2007-05-20 00:23:20 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 03:06:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-15 03:06:18 -------- d-----w C:\Program Files\Triggersoft
2007-05-14 01:38:14 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-05-08 01:31:29 -------- d-----w C:\Program Files\Project64 1.6
2007-05-01 01:24:05 -------- d-----w C:\Program Files\DivX
2007-04-30 23:39:33 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\FlashGet
2007-04-25 21:01:37 -------- d-----w C:\Program Files\Common Files\DirectX
2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-31 20:32:20 261,384 ----a-w C:\WINDOWS\system32\p3xsvr.exe
2007-03-31 20:32:20 146,696 ----a-w C:\WINDOWS\system32\p3xfer.dll
2007-03-31 20:32:20 1,121,544 ----a-w C:\WINDOWS\system32\HSDLaxelore.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-26 23:13:31 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2006-10-26 11:28]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2006-10-17 14:44]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}=C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-06-17 23:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 02:19]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 23:30]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 C:\WINDOWS\RTHDCPL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"pkforids.exe"="C:\Documents and Settings\All Users\Application Data\pkforids.exe" [2007-06-14 11:50]
"PCDrProfiler"="" []
"nwiz"="nwiz.exe" [2006-01-24 22:15 C:\WINDOWS\system32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 14:44]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhg]
C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32]
winemx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqtd32]
winqtd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuturq]
wvuturq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawser vice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxs ervice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcore service]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Webroo tSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"C:\Program Files\AIM\aim.exe" -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvydclcl.exe]
"C:\Documents and Settings\All Users\Application Data\qvydclcl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
"C:\Program Files\SpywareBot\SpywareBot.exe" -boot


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-06-17 02:25:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-25 18:42:03 C:\WINDOWS\tasks\HPCeeSchedule.job
2007-06-16 03:44:18 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
2007-06-16 00:00:00 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
2007-06-21 20:33:12 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-03-26 06:51:06 C:\WINDOWS\tasks\Warranty Reminder 11 month.job
2007-06-21 18:51:00 C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 18:33:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 18:38:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-22 18:38

--- E O F ---
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
22-Jun-2007, 05:48 PM #4
The Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:44:12 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Application Data\pkforids.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pkforids.exe] C:\Documents and Settings\All Users\Application Data\pkforids.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1179799146341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1179799134498
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.pjio.com/download/pjio_gamelauncher.CAB
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{53B68F42-EEE0-457E-8A95-34691AA43C0C}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89B0B0F-A70F-44F4-A37E-BA72C60B7DAD}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O20 - Winlogon Notify: winqtd32 - winqtd32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wvuturq - wvuturq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rbcblbmy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
22-Jun-2007, 09:59 PM #5
Thank you so much. Nothing came up in the vundofix, which may be because of some stuff I did earlier.

Here is the AWF log:

Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~


Directory of C:\HP\KBD\BAK

02/02/2005 04:44 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 04:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\DISC\BAK

03/16/2006 05:12 AM 1,077,248 DISCover.exe
03/16/2006 05:11 AM 61,440 DiscUpdMgr.exe
2 File(s) 1,138,688 bytes

Directory of C:\PROGRA~1\HPDIGI~1\BAK

03/20/2006 12:05 PM 90,112 DMAScheduler.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/30/2005 12:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 01:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 12:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 01:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

12/15/2005 09:18 PM 49,152 HPwuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK

06/02/2005 02:35 AM 49,152 hphupd08.exe
1 File(s) 49,152 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Feb 2 2005 "C:\hp\KBD\bak\KBD.EXE"
67112 Aug 1 2006 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
1077248 Mar 16 2006 "C:\Program Files\DISC\bak\DISCover.exe"
61440 Mar 16 2006 "C:\Program Files\DISC\bak\DiscUpdMgr.exe"
90112 Mar 20 2006 "C:\Program Files\HP DigitalMedia Archive\bak\DMAScheduler.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 30 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Dec 15 2005 "C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
49152 Jun 2 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"


end of report











Here is a fresh HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:28 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Application Data\pkforids.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\wvuturq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pkforids.exe] C:\Documents and Settings\All Users\Application Data\pkforids.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1179799146341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1179799134498
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.pjio.com/download/pjio_gamelauncher.CAB
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{53B68F42-EEE0-457E-8A95-34691AA43C0C}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89B0B0F-A70F-44F4-A37E-BA72C60B7DAD}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O20 - Winlogon Notify: winqtd32 - winqtd32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wvuturq - wvuturq.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rbcblbmy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
sjpritch25's Avatar
Computer Specs
Malware Removal Specialist with 9,113 posts.
 
Join Date: Sep 2005
Location: Florida
Experience: Advanced
23-Jun-2007, 05:16 PM #6
Please download the attached file named ComboFix-Do.txt and Save it to your Desktop.



Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe


In your next reply, please post a fresh Combofix log and a fresh Hijackthis log.


Do not run on any other computer!!!! The Attached file ComboFix-Do.txt is created for this specfic computer. Running it on another system could cause it to crash or worse.

=================================

Please download Replace.zip to your Desktop, Extract/Unzip Replace.bat to your Desktop. Please don't run Replace.bat yet!!!!!!

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". See How to Boot in "SAFE MODE" tutorial if needed.


Double-Click on Replace.bat and follow all prompts. Let me know if something goes wrong. Thanks.


===================================

Be sure you have your Flash drive plugged in.



Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Batch file, get autoruns.bat, Written by Mosaic1. Once extracted, open the folder and double click on the get autoruns.bat to run the fix.
  1. The fix will make a report and if any autoruns are found, move them to a backup folder.
  2. If any autoruns are found on the root of your drives, it will kill explorer so that the registry entries in the MountPoints key are fixed.
  3. A document, Part 1.txt, will be created. It will show the pre-cleaning state.
  4. Run get autoruns.bat again immediately.
  5. It will produce a file named Part2.txt and this one will show the state after the cleaning.
  6. Please post the contents of Part1.txt and Part2.txt then along with a fresh Hjackthis log.

** It is important that you follow these directions exactly. Don't skip the second run or the reporting sequence, as we will become confused.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
23-Jun-2007, 06:45 PM #7
Thanks again for your help.

Here is the ComboFix log:

ComboFix 07-06-21.3 - C:\Documents and Settings\HP_ADM~1\Desktop\ComboFix.exe
"HP_Administrator" - 2007-06-23 18:47:59 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\HP_ADM~1\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-22 16:54 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-06-22 16:54 175,616 --a------ C:\WINDOWS\system32\strings.exe
2007-06-22 16:54 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-06-22 16:54 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-06-22 16:54 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-06-22 16:49 <DIR> d-------- C:\WINDOWS\system32\pmcubosf
2007-06-22 14:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-22 14:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-22 14:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-22 13:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-22 13:21 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\MailFrontier
2007-06-22 13:16 37,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-22 13:16 326,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-22 13:00 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-22 12:50 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-22 12:50 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-22 12:50 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-22 12:49 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-22 12:49 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-22 12:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-22 09:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-22 02:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-22 02:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-22 02:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-22 02:29 <DIR> d-------- C:\Program Files\SpywareGuard
2007-06-22 02:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-22 02:12 2,932 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-22 02:11 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\DoctorWeb
2007-06-22 02:07 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 22:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-21 17:30 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-21 15:59 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-06-21 15:27 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-21 15:03 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SpywareBot
2007-06-21 14:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-21 14:50 24,128 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-21 14:50 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-21 14:50 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-06-21 14:50 160,320 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-21 14:50 1,521,216 --a------ C:\WINDOWS\WRSetup.dll
2007-06-21 14:50 <DIR> d-------- C:\Program Files\Webroot
2007-06-21 14:50 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Webroot
2007-06-21 14:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-21 14:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-06-21 14:27 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-21 14:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-21 14:27 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-21 14:27 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-21 14:27 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-21 14:27 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-21 14:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-21 14:27 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\PC Tools
2007-06-21 12:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-21 08:56 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-18 19:55 <DIR> d-------- C:\Program Files\Immortal Defense
2007-06-18 16:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-18 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-18 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-18 16:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 12:00 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-14 11:50 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\pkforids.exe
2007-06-11 09:37 <DIR> d-------- C:\WINDOWS\system3232
2007-06-11 01:59 <DIR> d-------- C:\Program Files\The World
2007-06-07 12:20 <DIR> d-------- C:\Program Files\CAPCOM
2007-06-04 20:21 <DIR> d-------- C:\Program Files\BannedStory
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-28 12:01 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\DivX
2007-05-28 11:50 <DIR> d-------- C:\Program Files\EuropeMS
2007-05-27 14:24 <DIR> d-------- C:\Program Files\Blumenmacht
2007-05-24 20:29 <DIR> d-------- C:\Program Files\GetRight
2007-05-24 20:28 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\GetRightToGo


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-10-23 22:39:49 -------- d-----w C:\Program Files\e-Games
2007-06-23 22:43:04 -------- d-----w C:\Program Files\HP DigitalMedia Archive
2007-06-23 22:43:04 -------- d-----w C:\Program Files\DISC
2007-06-23 04:17:55 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-22 17:15:15 -------- d-----w C:\Program Files\Google
2007-06-22 06:15:42 -------- d-----w C:\Program Files\Viewpoint
2007-06-21 19:11:14 -------- d-----w C:\Program Files\FlashGet
2007-06-21 12:31:53 -------- d-----w C:\Program Files\Sketch Warriors 2
2007-06-20 02:51:54 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire
2007-06-20 02:18:21 -------- d-----w C:\Program Files\CamStudio
2007-06-17 06:01:50 -------- d-----w C:\Program Files\Midi Maker
2007-06-17 02:46:20 -------- d-----w C:\Program Files\iTunes
2007-06-17 02:46:11 -------- d-----w C:\Program Files\iPod
2007-06-17 02:36:55 -------- d-----w C:\Program Files\QuickTime
2007-06-07 18:27:17 -------- d-----w C:\Program Files\HyCam2
2007-06-07 05:11:51 3,172 -c--a-w C:\WINDOWS\mozver.dat
2007-05-28 04:01:46 -------- d-----w C:\Program Files\Conquer 2.0
2007-05-23 01:51:47 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-05-23 01:36:30 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-22 03:05:03 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-20 21:40:19 -------- d-----w C:\Program Files\Game_Maker6
2007-05-20 00:23:20 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 03:06:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-15 03:06:18 -------- d-----w C:\Program Files\Triggersoft
2007-05-14 01:38:14 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-05-08 01:31:29 -------- d-----w C:\Program Files\Project64 1.6
2007-05-01 01:24:05 -------- d-----w C:\Program Files\DivX
2007-04-30 23:39:33 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\FlashGet
2007-04-25 21:01:37 -------- d-----w C:\Program Files\Common Files\DirectX
2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-31 20:32:20 261,384 ----a-w C:\WINDOWS\system32\p3xsvr.exe
2007-03-31 20:32:20 146,696 ----a-w C:\WINDOWS\system32\p3xfer.dll
2007-03-31 20:32:20 1,121,544 ----a-w C:\WINDOWS\system32\HSDLaxelore.exe
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:31 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-27 07:55:31 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 07:55:31 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-26 23:13:31 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2006-10-26 11:28]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2006-10-17 14:44]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}=C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-06-17 23:52]
{EF885EBA-76E2-4D84-B094-C8B4E9492927}=C:\WINDOWS\system32\wvuturq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 14:44]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{EF885EBA-76E2-4D84-B094-C8B4E9492927}"="C:\WINDOWS\system32\wvuturq.dll " []
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawser vice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxs ervice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcore service]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Webroo tSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"C:\Program Files\AIM\aim.exe" -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvydclcl.exe]
"C:\Documents and Settings\All Users\Application Data\qvydclcl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-06-17 02:25:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-25 18:42:03 C:\WINDOWS\tasks\HPCeeSchedule.job
2007-06-23 02:07:49 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
2007-06-23 00:00:00 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
2007-06-21 20:33:12 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-03-26 06:51:06 C:\WINDOWS\tasks\Warranty Reminder 11 month.job
2007-06-21 18:51:00 C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 18:49:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 18:50:56
C:\ComboFix-quarantined-files.txt ... 2007-06-23 18:50
C:\ComboFix2.txt ... 2007-06-23 18:40
C:\ComboFix3.txt ... 2007-06-22 18:38

--- E O F ---
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
23-Jun-2007, 06:45 PM #8
This is the Part1 log:


REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\G]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\H]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\I]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\J]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0e877032-db64-11db-88e0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0e877033-db64-11db-88e0-806d6172696f}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0e877034-db64-11db-88e0-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff, ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,60,00,00,00,0a,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae48796-fe3a-11da-a2c8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae48797-fe3a-11da-a2c8-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,01,00,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae48798-fe3a-11da-a2c8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879a-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879b-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879c-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879d-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd00-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd01-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd02-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd03-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a436e46a-199f-11da-8f8d-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a436e46b-199f-11da-8f8d-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a436e46d-199f-11da-8f8d-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{ab885357-de61-11db-a2df-000f66104650}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{0e877032-db64-11db-88e0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33, \
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00, \
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,43,00,41,00,42,00,31,00,30,00,42, \
00,45,00,45,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00, \
4c,00,65,00,6e,00,67,00,74,00,68,00,33,00,38,00,30,00,35,00,31,00,43,00,38, \
00,32,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00, \
64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39, \
00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00, \
66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,30,00,65,00,38,00,37,00,37,00,30,00,33,00,32,00,2d,00,64,00,62, \
00,36,00,34,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,38,00,65,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,48,00,50,00,5f,00,50,00,41,00,56,00,49,00,4c,00,49,00, \
4f,00,4e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00, \
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00, \
00,ff,00,07,00,ff,00,00,00,36,00,00,00,08,47,88,78,00,00,00,00,00,00,00,30, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{0e877033-db64-11db-88e0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33, \
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00, \
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,43,00,41,00,42,00,31,00,30,00,42, \
00,45,00,45,00,4f,00,66,00,66,00,73,00,65,00,74,00,33,00,38,00,30,00,35,00, \
39,00,33,00,32,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,32, \
00,33,00,32,00,46,00,30,00,38,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00, \
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31, \
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00, \
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,30,00,65,00,38,00,37,00,37,00,30,00,33,00,33,00,2d,00,64,00,62, \
00,36,00,34,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,38,00,65,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,48,00,50,00,5f,00,52,00,45,00,43,00,4f,00,56,00,45,00, \
52,00,59,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,46,00, \
41,00,54,00,33,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00, \
00,06,00,00,00,ff,00,00,00,10,00,00,00,c0,6b,6e,4b,00,00,00,00,00,00,00,30, \
00,e0,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{0e877034-db64-11db-88e0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,0 0,\
64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f, \
00,44,00,56,00,44,00,52,00,52,00,57,00,5f,00,47,00,53,00,41,00,2d,00,48,00, \
32,00,31,00,4c,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f, \
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,4c,00,36,00,30,00,32,00,5f,00,5f,00, \
5f,00,5f,00,23,00,35,00,26,00,33,00,61,00,64,00,34,00,61,00,32,00,30,00,63, \
00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00, \
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31, \
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00, \
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,30,00,65,00,38,00,37,00,37,00,30,00,33,00,34,00,2d,00,64,00,62, \
00,36,00,34,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,38,00,65,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,7f,01,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd00-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,31,00,39,00,64,00,31,00,32,00, \
62,00,66,00,35,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,30,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd01-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,35,00,39,00,61,00,31,00,61,00, \
34,00,31,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66,00,35, \
00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00, \
64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63, \
00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,31,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd02-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,33,00,34,00,33,00,35,00,39,00, \
38,00,64,00,62,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,32,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd03-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,32,00,35,00,35,00,34,00,39,00, \
33,00,66,00,31,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,33,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

Part1 Report
Sat 06/23/2007 19:42:30.31

No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

No Autorun files found in root of C:


Files found on D:
Autorun.inf


Contents of autorun.inf on D:
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
23-Jun-2007, 06:46 PM #9
Part2 log:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\G]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\H]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\I]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\J]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0e877032-db64-11db-88e0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0e877033-db64-11db-88e0-806d6172696f}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0e877034-db64-11db-88e0-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff, ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,60,00,00,00,0a,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae48796-fe3a-11da-a2c8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae48797-fe3a-11da-a2c8-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,01,00,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae48798-fe3a-11da-a2c8-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879a-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879b-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879c-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{1ae4879d-fe3a-11da-a2c8-eec7eb7bc78a}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f, \
5f,5f,00,00,10,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2c4c4b4b-db66-11db-a2d1-001731c64ea4}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd00-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd01-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd02-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{5877fd03-db65-11db-a2d0-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a436e46a-199f-11da-8f8d-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a436e46b-199f-11da-8f8d-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a436e46d-199f-11da-8f8d-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{ab885357-de61-11db-a2df-000f66104650}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f, 5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf, \
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, \
ff,ff,00,00,10,00,00,08,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{0e877032-db64-11db-88e0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33, \
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00, \
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,43,00,41,00,42,00,31,00,30,00,42, \
00,45,00,45,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00, \
4c,00,65,00,6e,00,67,00,74,00,68,00,33,00,38,00,30,00,35,00,31,00,43,00,38, \
00,32,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00, \
64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39, \
00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00, \
66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,30,00,65,00,38,00,37,00,37,00,30,00,33,00,32,00,2d,00,64,00,62, \
00,36,00,34,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,38,00,65,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,48,00,50,00,5f,00,50,00,41,00,56,00,49,00,4c,00,49,00, \
4f,00,4e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00, \
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00, \
00,ff,00,07,00,ff,00,00,00,36,00,00,00,08,47,88,78,00,00,00,00,00,00,00,30, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{0e877033-db64-11db-88e0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33, \
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00, \
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,43,00,41,00,42,00,31,00,30,00,42, \
00,45,00,45,00,4f,00,66,00,66,00,73,00,65,00,74,00,33,00,38,00,30,00,35,00, \
39,00,33,00,32,00,30,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,32, \
00,33,00,32,00,46,00,30,00,38,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00, \
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31, \
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00, \
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,30,00,65,00,38,00,37,00,37,00,30,00,33,00,33,00,2d,00,64,00,62, \
00,36,00,34,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,38,00,65,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,48,00,50,00,5f,00,52,00,45,00,43,00,4f,00,56,00,45,00, \
52,00,59,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,46,00, \
41,00,54,00,33,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00, \
00,06,00,00,00,ff,00,00,00,10,00,00,00,c0,6b,6e,4b,00,00,00,00,00,00,00,30, \
00,e0,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{0e877034-db64-11db-88e0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,0 0,\
64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f, \
00,44,00,56,00,44,00,52,00,52,00,57,00,5f,00,47,00,53,00,41,00,2d,00,48,00, \
32,00,31,00,4c,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f, \
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,4c,00,36,00,30,00,32,00,5f,00,5f,00, \
5f,00,5f,00,23,00,35,00,26,00,33,00,61,00,64,00,34,00,61,00,32,00,30,00,63, \
00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00, \
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31, \
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00, \
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,30,00,65,00,38,00,37,00,37,00,30,00,33,00,34,00,2d,00,64,00,62, \
00,36,00,34,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,38,00,65,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,7f,01,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd00-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,31,00,39,00,64,00,31,00,32,00, \
62,00,66,00,35,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,30,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd01-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,35,00,39,00,61,00,31,00,61,00, \
34,00,31,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66,00,35, \
00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00, \
64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63, \
00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,31,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd02-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,33,00,34,00,33,00,35,00,39,00, \
38,00,64,00,62,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,32,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{5877fd03-db65-11db-a2d0-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,32,00,35,00,35,00,34,00,39,00, \
33,00,66,00,31,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,35,00,38,00,37,00,37,00,66,00,64,00,30,00,33,00,2d,00,64,00,62, \
00,36,00,35,00,2d,00,31,00,31,00,64,00,62,00,2d,00,61,00,32,00,64,00,30,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,90,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000002

Part2 Report
Sat 06/23/2007 19:42:46.54

No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

No Autorun files found in root of C:


No Autorun files found in root of D:
sjpritch25's Avatar
Computer Specs
Malware Removal Specialist with 9,113 posts.
 
Join Date: Sep 2005
Location: Florida
Experience: Advanced
23-Jun-2007, 07:13 PM #10
Good job, did Replace.bat work okay???

Please download the attached file cleanupautorun.zip, Extract/Unzip cleanupautorun.reg to your Desktop. Double-Click on cleanupautorun.reg and allow it to be merged into Windows Registry. Reboot your computer


==================================


Please post a fresh Hijackthis log. How is everything running???
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
23-Jun-2007, 10:29 PM #11
Everything seems to be running fine. The Replace.bat ran fine too. I haven't got the google redirect thing and my virus scanner didn't find Vundo or anything on my last scan. I appreciate all the help!!!

Here is the fresh HijackThis log you requested. See anything else that could be potentially dangerous?

Logfile of HijackThis v1.99.1
Scan saved at 11:26:32 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\wvuturq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1179799146341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1179799134498
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.pjio.com/download/pjio_gamelauncher.CAB
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{53B68F42-EEE0-457E-8A95-34691AA43C0C}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89B0B0F-A70F-44F4-A37E-BA72C60B7DAD}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rbcblbmy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
sjpritch25's Avatar
Computer Specs
Malware Removal Specialist with 9,113 posts.
 
Join Date: Sep 2005
Location: Florida
Experience: Advanced
23-Jun-2007, 11:29 PM #12
Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O2 - BHO: (no name) - {EF885EBA-76E2-4D84-B094-C8B4E9492927} - C:\WINDOWS\system32\wvuturq.dll (file missing)

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


=====================================

Please DELETE the following folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Folders:

C:\hp\KBD\bak <-- this folder
C:\Program Files\AIM\bak <-- this folder
C:\Program Files\DISCbak <-- this folder
C:\Program Files\HP DigitalMedia Archive\bak <-- this folder
C:\Program Files\QuickTime\bak <-- this folder
C:\WINDOWS\CREATOR\bak <-- this folder
C:\WINDOWS\ehome\bak <-- this folder
C:\WINDOWS\SMINST\bak <-- this folder
C:\WINDOWS\system32\bak <-- this folder
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak <-- this folder
C:\Program Files\HP\HP Software Update\bak <-- this folder
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak <-- this folder


=========================================

Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  1. Once you are on the Panda site click the Scan your PC button
  2. A new window will open...click the Check Now button
  3. Enter your Country
  4. Enter your State/Province
  5. Enter your e-mail address and click send
  6. Select either Home User or Company
  7. Click the big Scan Now button
  8. If it wants to install an ActiveX component allow it
  9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  10. When download is complete, click on Local Disks to start the scan
  11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


In your next reply, please include a fresh HIjackthis log and panda Activescan log. thanks
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
24-Jun-2007, 02:18 AM #13
Gah! Seems I still have some stuff:

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:17:33 AM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1179799146341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1179799134498
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://config.hyosungcdn.com/download/hsloadset.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.pjio.com/download/pjio_gamelauncher.CAB
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{53B68F42-EEE0-457E-8A95-34691AA43C0C}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B89B0B0F-A70F-44F4-A37E-BA72C60B7DAD}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{3D339EF2-F450-433C-81A1-A572D7F2CA44}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rbcblbmy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe







Activescan log:


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\l2mfix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\HP_Administrator\Desktop\l2mfix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\l2mfix.exe[l2mfix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\HP_Administrator\Desktop\l2mfix.exe[l2mfix/restart.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
Virus:Trj/Downloader.PBM Disinfected C:\QooBox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\qvydclcl.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssttt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\uswnhhje.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ybwrfkoq.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\WINDOWS\system32\restart.exe
sjpritch25's Avatar
Computer Specs
Malware Removal Specialist with 9,113 posts.
 
Join Date: Sep 2005
Location: Florida
Experience: Advanced
24-Jun-2007, 07:31 AM #14
Nope, that came out clean. Panda doesn't like some of the custom tools we use to fix malware, because these tools have to be powerful. How is everything running???
AphexTwins's Avatar
AphexTwins AphexTwins is offline
Junior Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2007
Experience: Computer Illiterate
24-Jun-2007, 09:23 AM #15
Ahh I see. Everything seems to be running well. I could never have fixed this without you. Thank you so much! Have a great day!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2