Homer Simpson

I am having virus issues, i keep getting trojans and they are coming from .dll files in users/temp folder, I delete the .dll files, clean the system but they re appear. I have trend micro, spyware doc and trojan hunter, it finds them all the time , cleans them but they re apear...

Windows Vista is the OS

Can any one assist how I can get rid of these for ever...whats the best software that cleans 100% as I am not happy with the current proggys....

Thanks in advance

R

__________________
Austech member since 2001 (member 21)

tristen

No anti-virus or anti-spyware program is perfect so you might have to use a combination of programs.
I find Nod32 and Spybot to be very good.
It would help if you advised what specifically you mean by "virus issues".
What is the effect of these virii?
What messages do you get?
What trojans? Name them.

Sanity

Download Hijack this , run it and post the log file so we can see how many nasties are in your system.

Homer Simpson

Ok done...thaks for your help

Log file here: MEGAUPLOAD - The leading online storage and file delivery service

__________________
Austech member since 2001 (member 21)

Sanity

I'll just paste it here Homer so its easier. ssrattus is a bit of a guru when it comes to finding and killing nasties , so hopefully he sees it. In the meantime I will see if I can find anything out of the ordinary.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:35 PM, on 7/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Stuff\Ultramon\UltraMon.exe
E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Security Stuff\Spyware Doctor\pctsTray.exe
C:\Program Files\Security Stuff\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AV Stuff\BlazeDTV 3.5\MediaDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Weather Stuff\wdisplay\WeatherD.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Stuff\Ultramon\UltraMonTaskbar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Windows Stuff\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\AV Stuff\Cyberlink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\Windows Stuff\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Security Stuff\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\Security Stuff\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\AV Stuff\BlazeDTV 3.5\MediaDetector.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jason\AppData\Local\Temp\ddCvSigf.dll,c
O4 - HKCU\..\Run: [BM3379b6f3] Rundll32.exe "C:\Users\Jason\AppData\Local\Temp\ltxmuisj.dll",s
O4 - HKCU\..\Run: [304a856f] rundll32.exe "C:\Users\Jason\AppData\Local\Temp\botavgqk.dll",b
O4 - HKCU\..\Run: [__c00575F6] rundll32.exe "C:\Users\Jason\AppData\Roaming\__c00575F6.dat ",B
O4 - Startup: WeatherD - Shortcut.lnk = C:\Program Files\Weather Stuff\wdisplay\WeatherD.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Security Stuff\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Security Stuff\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9166 bytes

Homer Simpson

ok sweet, thanks

__________________
Austech member since 2001 (member 21)

Sanity

Homer , do any of your programs name these trojans ? I am still looking but I see these 2 seem to get detected as viruses by some programs.


O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

They are installed by some computer game.

Will keep looking but if you have any info as to what your programs call them it would be appreciated.

acejas

C:\Program Files\AdwareAlert\AdwareAlert.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\ProgramFiles\AdwareAlert\AdwareAlert.exe -boot

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jason\AppData\Local\Temp\ddCvSigf.dll,c

O4 - HKCU\..\Run: [BM3379b6f3] Rundll32.exe "C:\Users\Jason\AppData\Local\Temp\ltxmuisj.dll",s

O4 - HKCU\..\Run: [304a856f] rundll32.exe "C:\Users\Jason\AppData\Local\Temp\botavgqk.dll",b

O4 - HKCU\..\Run: [__c00575F6] rundll32.exe "C:\Users\Jason\AppData\Roaming\__c00575F6.dat ",B

O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe


I would first run CCleaner, then run spybot and then see what Hijack comes with but if you get rid of these you may get rid of probs

HTH

RHCP

R33, i've never used vista, but can you run these programs from safe mode (like xp)? Also, if vista has system restore points delete them and disable this option for the time being.

Perhaps even get a boot disc which contains an up-to-date virus/spyware scanner and you can run the scanner from outside your os. I think BartPe may have a virus scanner in it (don't hold me to this).

Cheers, RHCP.

__________________
Democracy: Three wolves and a sheep voting on what's for lunch.

tagg

These are Punkbuster entries use in online gaming ?


Tagg

ssrattus

I agree with acejas adwarealert has a dubious rep and the others I don't like because they don't show any results in google, but I dunno what is creating them, I suspect they may come back with a different name.

You can copy msconfig.exe from a XP machine or download it and it will work under Vista. Run it and go to the startup tab and uncheck the entries in acejas's post.

The Castle cops Malware Removal and Prevention site is great for giving your pc a clean, it is a long winded process that should be followed carefully to the end. Malware Removal and Prevention

acejas

I find when removing malware I uninstall Trend Micro as it causes a lot of issues. Whne everything is back to OK then reinstall.



Great reference site ssrattus has given. The only thing I would do different is ccleaner. Why? It takes less time to do scans. Takeaway 50k files and each scan takes less time.
I use ccleaner Spybot, Superantispyware and malwarebytes
when removing Malware. The key is NOT to skip any scans. I have not come undone yet


Slightly off topic. You have a lot of processes runnning at bootup which IMO are totally unnecessary.

Your Adobe stuff can be removed as the updates and other niggly programs can be problematic and are unecessary.

Homer Simpson

Ok thanks guys, ill try all the above, I ran combofix and it found and deleted a few .dll files...ill try some suggestions from above



ComboFix 08-07-17.4 - Jason 2008-07-19 8:43:40.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.879 [GMT 10:00]
Running from: C:\Users\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\efcdDwwW.dll
C:\Windows\system32\pMDvUlkJ.dll
C:\Windows\system32\systeminfo.dll
C:\Windows\system32\xxyxuRLF.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-18 20:21 . 2008-07-18 20:23 <DIR> d-------- C:\Program Files\Java
2008-07-18 20:07 . 2008-07-18 20:07 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-18 16:09 . 2008-07-18 16:09 51,200 --a------ C:\Users\Jason\AppData\Roaming\__c00575F6.dat
2008-07-18 16:08 . 2008-07-18 16:08 51,200 --a------ C:\Users\Jason\AppData\Roaming\__c008A548.dat
2008-07-18 16:05 . 2008-07-18 16:05 51,200 --a------ C:\Users\Jason\AppData\Roaming\__c0090A2B.dat
2008-07-18 15:56 . 2008-07-18 15:56 51,200 --a------ C:\Users\Jason\AppData\Roaming\__c0065541.dat
2008-07-17 23:49 . 2008-07-17 23:49 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-07-17 23:48 . 2008-07-17 23:48 <DIR> d-------- C:\Users\All Users\VistaCodecs
2008-07-17 23:48 . 2008-07-17 23:48 <DIR> d-------- C:\ProgramData\VistaCodecs
2008-07-17 23:05 . 2008-07-17 23:05 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-07-17 23:04 . 2008-07-17 23:04 <DIR> d-------- C:\Program Files\Windows Media Components
2008-07-17 23:03 . 2008-07-17 23:04 <DIR> d--h----- C:\Users\All Users\{92263BC0-4C3A-4BDA-9C8F-D6E65510D431}
2008-07-17 23:03 . 2008-07-17 23:04 <DIR> d--h----- C:\ProgramData\{92263BC0-4C3A-4BDA-9C8F-D6E65510D431}
2008-07-17 23:03 . 2008-07-17 23:03 <DIR> d-------- C:\Program Files\ShedWorx
2008-07-17 21:22 . 2008-07-17 22:03 <DIR> d-------- C:\Users\Jason\AppData\Roaming\TeamViewer
2008-07-17 21:22 . 2008-07-17 21:22 <DIR> d-------- C:\Program Files\TeamViewer3
2008-07-17 21:21 . 2008-07-17 21:21 <DIR> d-------- C:\Users\Jason\temp
2008-07-15 00:21 . 2008-07-15 08:02 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Dr. DivX 2.0 OSS
2008-07-14 23:35 . 2008-07-15 00:04 <DIR> d-------- C:\divx
2008-07-14 08:06 . 2008-07-15 15:43 <DIR> d-------- C:\Users\Kelly\AppData\Roaming\AdwareAlert
2008-07-13 20:29 . 2008-07-13 20:29 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-07-13 20:29 . 2008-07-08 04:49 22,512 --a------ C:\Windows\System32\drivers\adwarealert.sys
2008-07-13 19:34 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-07-13 18:54 . 2008-07-13 18:54 <DIR> d-------- C:\Users\All Users\Iomatic
2008-07-13 18:54 . 2008-07-13 18:54 <DIR> d-------- C:\ProgramData\Iomatic
2008-07-13 18:36 . 2008-07-18 21:00 <DIR> d-------- C:\Users\Jason\AppData\Roaming\AdwareAlert
2008-07-13 18:36 . 2008-07-18 21:00 <DIR> d-------- C:\Program Files\AdwareAlert
2008-07-12 20:56 . 2008-07-12 20:56 <DIR> d-------- C:\Users\All Users\Trymedia
2008-07-12 20:56 . 2008-07-12 20:56 <DIR> d-------- C:\ProgramData\Trymedia
2008-07-12 08:49 . 2008-07-12 08:49 <DIR> d-------- C:\Users\All Users\GlobalSCAPE
2008-07-12 08:49 . 2008-07-12 08:49 <DIR> d-------- C:\ProgramData\GlobalSCAPE
2008-07-12 07:52 . 2008-07-12 07:52 <DIR> d-------- C:\Users\Jason\AppData\Roaming\GlobalSCAPE
2008-07-12 07:36 . 2008-07-12 07:37 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-10 20:40 . 2008-07-10 20:40 <DIR> d-------- C:\Users\Kelly\AppData\Roaming\TrojanHunter
2008-07-09 19:41 . 2008-07-09 19:41 <DIR> d-------- C:\Users\Jason\AppData\Roaming\TrojanHunter
2008-07-08 08:41 . 2008-07-08 08:41 <DIR> d-------- C:\Users\Jason\AppData\Roaming\PC Tools
2008-07-08 08:41 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-08 08:41 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-08 08:41 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-08 08:41 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-07-08 08:26 . 2008-07-18 21:03 292 --a------ C:\Windows\System32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80611102}.dat
2008-07-08 08:26 . 2008-07-18 21:03 292 --a------ C:\Windows\System32\DVCState-{00000002-00000000-00000003-00001102-00000002-80611102}.dat
2008-07-08 00:31 . 2008-07-18 11:17 10,752 --a------ C:\Windows\DCEBoot.exe
2008-07-07 20:32 . 2008-07-13 23:34 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-07-07 20:32 . 2008-07-13 23:34 <DIR> d-------- C:\ProgramData\FLEXnet
2008-07-07 20:05 . 2008-07-07 20:05 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-07-07 20:01 . 2008-07-07 20:01 <DIR> d-------- C:\Users\All Users\ALM
2008-07-07 20:01 . 2008-07-07 20:01 <DIR> d-------- C:\ProgramData\ALM
2008-07-07 19:48 . 2008-07-07 19:48 <DIR> d-------- C:\Program Files\QuickTime
2008-07-07 19:45 . 2006-09-29 06:56 28,248 -ra------ C:\Windows\System32\AdobePDF.dll
2008-07-07 19:40 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-07-07 19:40 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-07-07 19:30 . 2008-07-07 19:30 <DIR> d-------- C:\Program Files\Bonjour
2008-07-07 19:21 . 2008-07-07 19:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-06 11:53 . 2008-07-18 21:03 24,888 --a------ C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
2008-07-06 11:53 . 2008-07-18 21:03 24,888 --a------ C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
2008-07-06 11:53 . 2008-07-18 21:03 16,420 --a------ C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
2008-07-06 11:53 . 2008-07-18 21:03 16,420 --a------ C:\Windows\System32\BMXState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx
2008-07-06 11:53 . 2008-07-18 21:03 1,080 --a------ C:\Windows\System32\settingsbkup.sfm
2008-07-06 11:53 . 2008-07-18 21:03 1,080 --a------ C:\Windows\System32\settings.sfm
2008-07-06 09:59 . 2008-07-06 09:59 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Creative
2008-07-06 09:56 . 2008-07-06 09:56 <DIR> d-------- C:\Program Files\Gamer
2008-07-06 09:00 . 2008-07-06 09:00 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Publish Providers
2008-07-06 08:58 . 2008-07-19 08:39 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-06 08:58 . 2008-07-19 08:39 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-06 08:57 . 2008-07-14 21:51 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Sony
2008-07-06 08:48 . 2008-07-06 08:48 <DIR> d-------- C:\Users\All Users\Sony
2008-07-06 08:48 . 2008-07-06 08:48 <DIR> d-------- C:\ProgramData\Sony
2008-07-06 08:48 . 2008-07-06 08:48 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-06 03:04 . 2008-07-06 03:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-05 14:14 . 2008-07-05 14:14 <DIR> d-------- C:\Users\Kelly\AppData\Roaming\Realtime Soft
2008-07-05 08:57 . 2008-07-05 08:57 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Realtime Soft
2008-07-05 08:57 . 2008-07-05 08:57 <DIR> d-------- C:\Users\All Users\Realtime Soft
2008-07-05 08:57 . 2008-07-05 08:57 <DIR> d-------- C:\ProgramData\Realtime Soft
2008-07-04 23:17 . 2008-07-04 23:17 <DIR> d-------- C:\Program Files\CDR STUFF
2008-07-04 23:08 . 2008-07-04 23:08 <DIR> d-------- C:\Program Files\Common Files\Pinnacle
2008-07-04 23:07 . 2008-07-04 23:07 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate
2008-07-04 23:07 . 2008-07-04 23:07 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate
2008-07-04 23:03 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-07-04 23:03 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-07-04 23:03 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll
2008-07-04 23:03 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-07-04 23:03 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll
2008-07-04 23:03 . 2007-05-31 19:30 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-07-04 23:03 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll
2008-07-04 23:03 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-07-04 23:03 . 2007-05-31 19:29 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-07-04 22:59 . 2008-07-04 22:59 <DIR> d-------- C:\Users\All Users\Studio 12
2008-07-04 22:59 . 2008-07-04 22:59 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Plus
2008-07-04 22:59 . 2008-07-04 22:59 <DIR> d-------- C:\ProgramData\Studio 12
2008-07-04 22:59 . 2008-07-04 22:59 <DIR> d-------- C:\ProgramData\Pinnacle Studio Plus
2008-07-04 22:59 . 2008-07-04 22:59 <DIR> d-------- C:\Program Files\Pinnacle
2008-07-04 22:59 . 2008-07-04 22:59 <DIR> d-------- C:\Program Files\Common Files\Yahoo!
2008-07-04 19:04 . 2008-07-04 19:04 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-07-04 19:04 . 2008-07-04 19:04 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-07-04 19:04 . 2008-07-04 19:04 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-07-04 19:04 . 2008-07-04 19:04 22,328 --a------ C:\Users\Jason\AppData\Roaming\PnkBstrK.sys
2008-07-04 19:04 . 2008-07-04 19:04 273 --a------ C:\Windows\game.ini
2008-07-04 18:42 . 2008-07-04 23:17 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-07-04 18:42 . 2008-07-04 23:17 <DIR> d-------- C:\ProgramData\Pinnacle
2008-07-03 00:06 . 2008-07-03 00:06 <DIR> d-------- C:\Users\Jason\AppData\Roaming\CyberLink
2008-07-03 00:04 . 2008-07-03 00:06 <DIR> d-------- C:\Users\All Users\CyberLink
2008-07-03 00:04 . 2008-07-03 00:06 <DIR> d-------- C:\ProgramData\CyberLink
2008-07-03 00:04 . 2008-07-12 07:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 00:04 . 2008-07-03 00:04 <DIR> d-------- C:\Program Files\Cyberlink
2008-07-03 00:04 . 2008-07-03 00:04 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-07-03 00:00 . 2008-07-02 23:59 29,480 --a------ C:\Windows\System32\msxml3a.dll
2008-07-02 07:34 . 2008-07-02 07:34 <DIR> d-------- C:\Program Files\MSECache
2008-07-01 11:03 . 2007-03-15 11:52 1,152,000 --a------ C:\Windows\System32\themecpl.dll
2008-07-01 11:03 . 2007-07-20 09:55 233,888 --a------ C:\Windows\System32\DreamScene.dll
2008-07-01 11:01 . 2008-07-01 11:01 <DIR> d-------- C:\Program Files\BitLocker
2008-07-01 11:01 . 2007-02-22 12:26 1,171,848 --a------ C:\Windows\System32\SecureKeyBackupCPL.dll
2008-07-01 11:01 . 2006-12-21 10:58 711 --a------ C:\Windows\System32\CPSOKBTasks.xml
2008-07-01 11:00 . 2008-07-01 11:00 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-01 11:00 . 2008-03-13 06:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-07-01 10:57 . 2008-07-19 00:42 400,924 --a------ C:\Windows\System32\perfh011.dat
2008-07-01 10:57 . 2008-07-01 10:52 139,030 --a------ C:\Windows\System32\perfi011.dat
2008-07-01 10:57 . 2008-07-19 00:42 103,818 --a------ C:\Windows\System32\perfc011.dat
2008-07-01 10:57 . 2008-07-01 10:52 30,674 --a------ C:\Windows\System32\perfd011.dat
2008-07-01 10:53 . 2008-07-01 10:53 <DIR> d-------- C:\Windows\System32\ja
2008-07-01 10:53 . 2008-07-01 10:53 <DIR> d-------- C:\Windows\System32\drivers\ja-JP
2008-07-01 10:53 . 2008-07-01 10:53 <DIR> d-------- C:\Windows\System32\0411
2008-07-01 10:53 . 2008-07-01 10:53 <DIR> d-------- C:\Windows\ja-JP
2008-07-01 10:38 . 2008-07-19 00:42 265,756 --a------ C:\Windows\System32\perfh012.dat
2008-07-01 10:38 . 2008-07-01 10:36 155,890 --a------ C:\Windows\System32\perfi012.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-09 06:48 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 06:23 --------- d-----w C:\Program Files\Windows Mail
2008-07-05 23:57 7,837 ----a-w C:\Program Files\uninstal.log
2008-07-01 00:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-01 00:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-01 00:53 --------- d-----w C:\Program Files\Windows Journal
2008-07-01 00:53 --------- d-----w C:\Program Files\Windows Defender
2008-07-01 00:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-01 00:53 --------- d-----w C:\Program Files\Windows Calendar
2008-06-30 17:07 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-06-30 11:16 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-06-30 11:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-06-30 11:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-06-30 11:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-06-30 11:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-06-30 11:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-06-30 11:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-06-30 11:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-06-30 11:15 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-06-30 11:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-06-30 11:15 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-06-30 11:15 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-06-30 11:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-06-30 08:00 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-06-30 07:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-30 07:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-30 07:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-30 07:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-30 07:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-30 07:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-30 07:50 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-30 07:50 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-12 09:25 966,656 ----a-w C:\Windows\System32\VSFilter.dll
2008-06-12 04:36 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-06-03 06:22 3,695,104 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-06-03 03:19 3,401,216 ----a-w C:\Windows\System32\atiumdag.dll
2008-06-03 03:02 4,398,080 ----a-w C:\Windows\System32\atiumdva.dll
2008-06-03 02:50 49,664 ----a-w C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 32,256 ----a-w C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 10,043,392 ----a-w C:\Windows\System32\atioglxx.dll
2008-06-03 02:34 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-13 02:35 189,712 ----a-w C:\Windows\System32\RALMain.dll
2008-05-13 02:34 38,160 ----a-w C:\Windows\System32\MLPagAx.dll
2008-05-13 02:32 54,544 ----a-w C:\Windows\System32\PCLEGetGuid.dll
2008-04-29 09:56 245,664 ----a-w C:\Windows\System32\ZuneWlanCfgSvc.exe
2005-07-01 12:49 136 ----a-w C:\Program Files\Report bugs here.url
.

__________________
Austech member since 2001 (member 21)

Homer Simpson

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-30 17:59 1232896]
"BlazeServoTool"="C:\Program Files\AV Stuff\BlazeDTV 3.5\MediaDetector.exe" [2007-12-01 11:03 282624]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-07-11 05:29 8860912]
"__c00575F6"="C:\Users\Jason\AppData\Roaming\__c00 575F6.dat" [2008-07-18 16:09 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-17 15:58 1398024]
"Adobe Reader Speed Launcher"="C:\Program Files\Windows Stuff\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"PDVD8LanguageShortcut"="C:\Program Files\AV Stuff\Cyberlink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"UltraMon"="C:\Program Files\Windows Stuff\Ultramon\UltraMon.exe" [2006-10-12 21:27 304640]
"Acrobat Assistant 8.0"="E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"ISTray"="C:\Program Files\Security Stuff\Spyware Doctor\pctsTray.exe" [2008-07-08 08:50 1107848]
"THGuard"="C:\Program Files\Security Stuff\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 19:45 222208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\Windows\System32\CtHelper.exe]

C:\Users\Jason\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
WeatherD - Shortcut.lnk - C:\Program Files\Weather Stuff\wdisplay\WeatherD.exe [2008-06-30 22:03:15 23374848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-07-07 19:45:52 295606]
Adobe Acrobat Synchronizer.lnk - E:\Installed Programs\ADOBE CS3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-03-21 10:21 91432 C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 C:\Program Files\AV Stuff\Cyberlink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-04-29 19:56 158624 e:\Installed Programs\ZUNE\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{F5C33795-DEC2-488B-A1DB-404443597BE2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4D282A5-79E9-4560-AF05-DA5D8C960F3C}"= C:\Program Files\AV Stuff\Cyberlink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{B05478B1-AAFD-4BB5-9EE8-0260260C1A73}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{83B4BD58-F559-49FD-981A-56EB1A2A3A00}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{817FE70D-846C-4941-8BCE-917A72D5A716}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{790577CE-11CA-42CB-8718-70205976899A}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{FD90DA83-ED56-4EF4-AA6D-D8EEB31D6F0A}"= UDP:E:\GAMES\COD4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7344A2E6-3602-4ED2-A5A1-A9E196747547}"= TCP:E:\GAMES\COD4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{44EDD4E3-0D07-4306-9B7C-7B34FCD22197}"= UDP:C:\Program Files\AV Stuff\Pinnacle\Programs\RM.exe:Render Manager
"{00C28338-BEE6-43F3-80A5-50E3AB44AA72}"= TCP:C:\Program Files\AV Stuff\Pinnacle\Programs\RM.exe:Render Manager
"{EB4100DE-4497-40AC-B06B-2BDD8B571EEA}"= UDP:C:\Program Files\AV Stuff\Pinnacle\Programs\Studio.exe:Studio
"{B9D3E3C8-180D-4552-A29E-F319FC05ECEE}"= TCP:C:\Program Files\AV Stuff\Pinnacle\Programs\Studio.exe:Studio
"{28533EE5-1113-4345-85B8-F2092682FF83}"= UDP:C:\Program Files\AV Stuff\Pinnacle\Programs\umi.exe:umi
"{B316B0B8-5C1C-4AF1-BF1B-ECC6D184C526}"= TCP:C:\Program Files\AV Stuff\Pinnacle\Programs\umi.exe:umi
"{27A79089-8DED-4654-B1EA-06D28D6638C1}"= UDP:3703:Adobe Version Cue CS3 Server
"{179F1F8B-3F0E-40A4-9D26-C02373B52146}"= UDP:3704:Adobe Version Cue CS3 Server
"{671D182B-44E6-4CDD-9046-B7E6B1DF54CF}"= UDP:50900:Adobe Version Cue CS3 Server
"{4D7874F3-BD1A-4029-BDE0-3AC047139844}"= UDP:50901:Adobe Version Cue CS3 Server
"{E1652FA3-202B-43F7-8B41-078BE2CAC08A}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{D0592AEA-4EEF-4F26-8248-2D81062BD404}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 adwarealert;adwarealert;C:\Windows\system32\DRIVER S\adwarealert.sys [2008-07-08 04:49]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-10-27 01:51]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\AV Stuff\Cyberlink\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 AdwareAlertSrv;AdwareAlert Scanning Engine;C:\Program Files\AdwareAlert\AdwareAlert.srv.exe [2008-07-11 05:29]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-07-16 21:50]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-10-27 01:51]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2008-06-03 16:22]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\Windows\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 17:00:05 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
MSConfigStartUp-304a856f - C:\Users\Jason\AppData\Local\Temp\pxlvypeg.dll
MSConfigStartUp-BM3379b6f3 - C:\Users\Jason\AppData\Local\Temp\nentxexh.dll
MSConfigStartUp-cmds - C:\Users\Jason\AppData\Local\Temp\nnnkijHX.dll
MSConfigStartUp-MSServer - C:\Users\Kelly\AppData\Local\Temp\pmnmnLFx.dll
MSConfigStartUp-__c00396A1 - C:\Users\Jason\AppData\Roaming\__c00396A1.dat
MSConfigStartUp-__c00EBF04 - C:\Users\Jason\AppData\Roaming\__c00EBF04.dat


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 08:54:45
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-07-19 8:58:32
ComboFix-quarantined-files.txt 2008-07-18 22:58:18

Pre-Run: 20,945,141,760 bytes free
Post-Run: 20,935,962,624 bytes free

336 --- E O F --- 2008-07-09 06:24:35

__________________
Austech member since 2001 (member 21)