WiredWX Hobby Weather ToolsLog in

 


Ready for more System Security

2 posters

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
c:\program files\BitComet
c:\program files\BitComet\archive\8dbc6f5270bb98c117c15e69455ce6fc3d519dd9.torrent
c:\program files\BitComet\archive\9d38e984465e7fcd3d08da6d3f26670c9ec4cb66.torrent
c:\program files\BitComet\archive\a5ade0b22a54ad2bb741c2b63b26cea9cb656199.torrent
c:\program files\BitComet\archive\a8773b6cef2703cfdd9d2fe0f6cf4aa61c3361b5.torrent
c:\program files\BitComet\archive\ae8fa27f1098577d6934c925b5e3640ba7c06487.torrent
c:\program files\BitComet\archive\e806df25d3a12761bf76f5470f994eefade00d07.torrent
c:\program files\BitComet\BitComet.exe
c:\program files\BitComet\BitComet.url
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\cache\post_info.xml
c:\program files\BitComet\ChangeLog.txt
c:\program files\BitComet\CrashReport.exe
c:\program files\BitComet\dbghelp.dll
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\fav\download-complete.wav
c:\program files\BitComet\fav\fav_bg.xml
c:\program files\BitComet\fav\fav_ca.xml
c:\program files\BitComet\fav\fav_de.xml
c:\program files\BitComet\fav\fav_el.xml
c:\program files\BitComet\fav\fav_en_us.xml
c:\program files\BitComet\fav\fav_en_us.xml.bak
c:\program files\BitComet\fav\fav_es.xml
c:\program files\BitComet\fav\fav_fi.xml
c:\program files\BitComet\fav\fav_he.xml
c:\program files\BitComet\fav\fav_hu.xml
c:\program files\BitComet\fav\fav_it.xml
c:\program files\BitComet\fav\fav_ja.xml
c:\program files\BitComet\fav\fav_ko.xml
c:\program files\BitComet\fav\fav_lv.xml
c:\program files\BitComet\fav\fav_nl.xml
c:\program files\BitComet\fav\fav_pl.xml
c:\program files\BitComet\fav\fav_pt.xml
c:\program files\BitComet\fav\fav_pt_br.xml
c:\program files\BitComet\fav\fav_ru.xml
c:\program files\BitComet\fav\fav_sl.xml
c:\program files\BitComet\fav\fav_th.xml
c:\program files\BitComet\fav\fav_uk.xml
c:\program files\BitComet\fav\fav_vi.xml
c:\program files\BitComet\fav\fav_zh_cn.xml
c:\program files\BitComet\fav\fav_zh_tw.xml
c:\program files\BitComet\fav\HowTo-AddYourSite.txt
c:\program files\BitComet\fav\passport_info_en_us.mht
c:\program files\BitComet\fav\passport_info_zh_cn.mht
c:\program files\BitComet\fav\passport_info_zh_tw.mht
c:\program files\BitComet\fav\passport_login_en_us.mht
c:\program files\BitComet\fav\passport_login_zh_cn.mht
c:\program files\BitComet\fav\passport_login_zh_tw.mht
c:\program files\BitComet\lang\bitcomet-ar.mo
c:\program files\BitComet\lang\bitcomet-bg.mo
c:\program files\BitComet\lang\bitcomet-bs.mo
c:\program files\BitComet\lang\bitcomet-ca.mo
c:\program files\BitComet\lang\bitcomet-cs.mo
c:\program files\BitComet\lang\bitcomet-da.mo
c:\program files\BitComet\lang\bitcomet-de.mo
c:\program files\BitComet\lang\bitcomet-el.mo
c:\program files\BitComet\lang\bitcomet-en_US.mo
c:\program files\BitComet\lang\bitcomet-es.mo
c:\program files\BitComet\lang\bitcomet-es_AR.mo
c:\program files\BitComet\lang\bitcomet-et.mo
c:\program files\BitComet\lang\bitcomet-eu.mo
c:\program files\BitComet\lang\bitcomet-fa.mo
c:\program files\BitComet\lang\bitcomet-fi.mo
c:\program files\BitComet\lang\bitcomet-fr.mo
c:\program files\BitComet\lang\bitcomet-gl.mo
c:\program files\BitComet\lang\bitcomet-he.mo
c:\program files\BitComet\lang\bitcomet-hr.mo
c:\program files\BitComet\lang\bitcomet-hu.mo
c:\program files\BitComet\lang\bitcomet-hy.mo
c:\program files\BitComet\lang\bitcomet-id.mo
c:\program files\BitComet\lang\bitcomet-it.mo
c:\program files\BitComet\lang\bitcomet-ja.mo
c:\program files\BitComet\lang\bitcomet-kk.mo
c:\program files\BitComet\lang\bitcomet-kn.mo
c:\program files\BitComet\lang\bitcomet-ko.mo
c:\program files\BitComet\lang\bitcomet-lt.mo
c:\program files\BitComet\lang\bitcomet-lv.mo
c:\program files\BitComet\lang\bitcomet-mk.mo
c:\program files\BitComet\lang\bitcomet-ms.mo
c:\program files\BitComet\lang\bitcomet-nb.mo
c:\program files\BitComet\lang\bitcomet-ne.mo
c:\program files\BitComet\lang\bitcomet-nl.mo
c:\program files\BitComet\lang\bitcomet-pl.mo
c:\program files\BitComet\lang\bitcomet-pt.mo
c:\program files\BitComet\lang\bitcomet-pt_BR.mo
c:\program files\BitComet\lang\bitcomet-ro.mo
c:\program files\BitComet\lang\bitcomet-ru.mo
c:\program files\BitComet\lang\bitcomet-sk.mo
c:\program files\BitComet\lang\bitcomet-sl.mo
c:\program files\BitComet\lang\bitcomet-sq.mo
c:\program files\BitComet\lang\bitcomet-sr.mo
c:\program files\BitComet\lang\bitcomet-sv.mo
c:\program files\BitComet\lang\bitcomet-ta.mo
c:\program files\BitComet\lang\bitcomet-th.mo
c:\program files\BitComet\lang\bitcomet-tr.mo
c:\program files\BitComet\lang\bitcomet-uk.mo
c:\program files\BitComet\lang\bitcomet-ur.mo
c:\program files\BitComet\lang\bitcomet-vi.mo
c:\program files\BitComet\lang\bitcomet-zh_CN.mo
c:\program files\BitComet\lang\bitcomet-zh_TW.mo
c:\program files\BitComet\lang\HowTo-Translate.txt
c:\program files\BitComet\License.txt
c:\program files\BitComet\ReadMe.txt
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\rules\tracker.dat
c:\program files\BitComet\scripts\cookie.lua
c:\program files\BitComet\scripts\mp3_baidu.lua
c:\program files\BitComet\scripts\mp3_didai.lua
c:\program files\BitComet\scripts\mp3_iask.lua
c:\program files\BitComet\scripts\mp3_qihoo.lua
c:\program files\BitComet\scripts\mp3_sogou.lua
c:\program files\BitComet\scripts\mp3_sogua.lua
c:\program files\BitComet\scripts\mp3_yahoo.lua
c:\program files\BitComet\scripts\mp3_zhongsou.lua
c:\program files\BitComet\scripts\refer_crsky.lua
c:\program files\BitComet\scripts\refer_newhua.lua
c:\program files\BitComet\scripts\refer_pchome.lua
c:\program files\BitComet\scripts\refer_skycn.lua
c:\program files\BitComet\scripts\refer_sourceforge.lua
c:\program files\BitComet\scripts\soft_21cn.lua
c:\program files\BitComet\scripts\soft_crsky.lua
c:\program files\BitComet\scripts\soft_ddooo.lua
c:\program files\BitComet\scripts\soft_duote.lua
c:\program files\BitComet\scripts\soft_it_com_cn.lua
c:\program files\BitComet\scripts\soft_mydown.lua
c:\program files\BitComet\scripts\soft_mydrivers.lua
c:\program files\BitComet\scripts\soft_newhua.lua
c:\program files\BitComet\scripts\soft_pchome.lua
c:\program files\BitComet\scripts\soft_pconline.lua
c:\program files\BitComet\scripts\soft_sina.lua
c:\program files\BitComet\scripts\soft_skycn.lua
c:\program files\BitComet\scripts\soft_sohu.lua
c:\program files\BitComet\scripts\soft_zol.lua
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\tools\bitcomet_extension_signed.xpi
c:\program files\BitComet\tools\BitCometAgent_1.3.3.2.dll
c:\program files\BitComet\tools\BitCometBHO_1.3.3.2.dll
c:\program files\BitComet\tools\npBitCometAgent.dll
c:\program files\BitComet\tools\nsIBitCometAgent.xpt
c:\program files\BitComet\tools\UPNP.exe
c:\program files\BitComet\tools\VideoSnapshot.exe
c:\program files\BitComet\torrents\[2003] Number Ones - Michael Jackson - 184mb @ 320.torrent
c:\program files\BitComet\torrents\Billy Madison.avi.torrent
c:\program files\BitComet\torrents\BOWLING FOR SOUP - DISCOGRAPHY [CHANNEL NEO].torrent
c:\program files\BitComet\torrents\ComboFix.exe.xml
c:\program files\BitComet\torrents\Family Guy - Blue Harvest.avi.torrent
c:\program files\BitComet\torrents\Family Guy - Blue Harvest.avi.xml
c:\program files\BitComet\torrents\Green Day - 21st Century Breakdown (2009) - Rock [WwW.GureTorrents.CoM][By Bloop].torrent
c:\program files\BitComet\torrents\Green Day - 21st Century Breakdown (2009) - Rock [WwW.GureTorrents.CoM][By Bloop].xml
c:\program files\BitComet\torrents\Hilary Duff - Metamorphosis [2003].torrent
c:\program files\BitComet\torrents\LimeWire 5.0.11 Pro Multilang - Final.torrent
c:\program files\BitComet\torrents\LimeWire 5.0.11 Pro Multilang - Final.xml
c:\program files\BitComet\torrents\Michael Jackson - Number Ones.torrent
c:\program files\BitComet\torrents\No Doubt - The Singles (1992-2003) @(320).torrent
c:\program files\BitComet\torrents\No Doubt - The Singles (1992-2003) @(320).xml
c:\program files\BitComet\torrents\The Beach Boys - 20 Good Vibrations (The Greatest Hits) (MP3@320Kbps).torrent
c:\program files\BitComet\torrents\The Beach Boys - 20 Good Vibrations (The Greatest Hits) (MP3@320Kbps).xml
c:\program files\BitComet\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IWFJRVCI
-------\Legacy_LYDLCNC
-------\Legacy_TIGLY
-------\Service_I2decenrvi
-------\Service_iwfjrvci
-------\Service_lydlcnc
-------\Service_tigly


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 16:17 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 16:17 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 04:15 . 2009-07-03 04:15 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-03 04:15 . 2009-07-03 04:15 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-02 20:55 . 2009-07-02 20:55 574 ----a-w- C:\cleanup.bat
2009-07-02 20:55 . 2009-07-02 20:55 135168 ----a-w- C:\zip.exe
2009-07-02 14:52 . 2009-07-03 06:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 22:03 . 2009-06-30 22:04 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Temp
2009-06-11 23:13 . 2009-06-11 23:13 -------- d-----w- c:\documents and settings\Kevin\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-06-10 09:01 . 2009-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:15 . 2009-06-10 07:16 -------- d-----w- c:\program files\iTunes
2009-06-10 07:15 . 2009-06-10 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 07:09 . 2009-06-10 07:11 -------- d-----w- c:\program files\QuickTime
2009-06-10 07:04 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 06:35 . 2009-06-10 06:35 -------- d-----w- c:\program files\ConvertHelper
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\program files\YouTube Downloader
2009-06-09 17:10 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 17:10 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-06 21:41 . 2009-06-06 21:44 -------- dc-h--w- c:\windows\ie8
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 19:04 . 2007-01-12 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-03 19:04 . 2006-07-19 18:28 -------- d-----w- c:\program files\Viewpoint
2009-07-03 18:58 . 2006-08-05 02:03 -------- d-----w- c:\program files\Java
2009-07-03 18:04 . 2009-06-21 17:47 -------- d-----w- c:\program files\PeerGuardian2
2009-07-03 16:17 . 2008-12-08 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 06:41 . 2006-11-28 07:02 -------- d-----w- c:\program files\Spyware Doctor
2009-07-03 06:09 . 2008-10-25 16:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 05:56 . 2008-07-03 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 20:07 . 2006-09-02 23:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 12:56 . 2006-08-06 06:51 -------- d-----w- c:\program files\PokerStars
2009-06-30 21:35 . 2007-11-23 05:14 -------- d-----w- c:\documents and settings\Kevin\Application Data\Move Networks
2009-06-30 21:29 . 2009-06-30 21:29 127872 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\uninstall.exe
2009-06-30 21:29 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-30 03:13 . 2009-06-30 03:13 -------- d-----w- c:\program files\TweetDeck
2009-06-26 03:39 . 2006-12-21 06:41 -------- d-----w- c:\program files\Camfrog
2009-06-25 22:15 . 2009-06-25 22:15 488960 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-25 22:15 . 2009-06-25 22:15 319488 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-23 05:22 . 2009-06-23 05:22 185 ----a-w- c:\windows\winnit.reg
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-13 09:02 . 2008-08-29 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 09:18 . 2009-03-27 05:36 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 07:16 . 2006-08-04 21:03 -------- d-----w- c:\program files\iPod
2009-06-10 07:16 . 2007-09-10 23:58 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 07:12 . 2007-10-26 05:37 -------- d-----w- c:\program files\Bonjour
2009-06-10 07:05 . 2007-09-10 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 15:42 . 2007-12-06 20:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 07:04 . 2008-10-23 23:56 -------- d-----w- c:\documents and settings\Kevin\Application Data\skypePM
2009-06-02 07:01 . 2008-10-23 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-19 03:34 . 2009-05-15 05:27 -------- d-----w- c:\program files\Free FLV Converter
2009-05-13 05:15 . 2005-03-10 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 19:12 . 2006-07-19 02:48 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 18:51 . 2009-05-05 18:51 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-05-04 19:07 . 2009-06-02 05:42 2298680 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-21 18:51 . 2009-05-15 05:27 294912 ----a-w- c:\windows\system32\TubeFinder.exe
2009-04-17 09:58 . 2005-03-02 01:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 05:06 . 2009-06-20 06:31 38208 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-04-06 05:10 . 2009-04-06 05:10 1669 ----a-w- c:\windows\unins000.dat
2008-10-25 16:40 . 2008-10-25 16:40 10279270 ----a-w- c:\program files\pmconverter_setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-03_17.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 18:49 . 2008-10-01 03:02 139264 c:\windows\system32\javaw.exe
- 2008-10-01 03:02 . 2008-10-01 03:02 139264 c:\windows\system32\javaw.exe

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-03-16 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"librtexec"="javaw -jar" [X]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-05-27 136512]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-24 253952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-13 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-18 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [7/18/2006 11:28 AM 6144]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [7/18/2006 9:53 PM 58464]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 1:26 PM 35968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/8/2008 6:31 PM 33808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648010671-415334117-2666150105-1020Core.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:00]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648010671-415334117-2666150105-1020UA.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\Ctrax Player\DMDownload.htm
DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - hxxp://media.cdigix.com/Performer/downloads/PerformerSetup.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\
FF - plugin: c:\documents and settings\Kevin\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Kevin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 15:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1300)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-03 15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 19:41
ComboFix2.txt 2009-07-03 17:50

Pre-Run: 8,947,396,608 bytes free
Post-Run: 8,856,088,576 bytes free

908 --- E O F --- 2009-06-24 09:00

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Ready for more System Security - Page 2 CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
So far so good, just got a bubble on the start bar saying "virusscan enterprise is turned off"

It's the virus protection that's located with Windows Firewall, and windows security.

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
I did notice Combofix not detecting Mcafee as even present on the system.
Want to try and install Avira?

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
I'll give it a shot, I'll have to uninstall it when I go back to school anyway cause they only allow McAfee.

I mean, McAfee is enabled and running.

Could it have been because I disabled it for the ComboFix scans?

descriptionReady for more System Security - Page 2 EmptyRe: Ready for more System Security

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum