Solved problem deleting registry keys

pasterbill · 2009/02/01

[Resolved] problem deleting registry keys

A few days ago I got a couple of popups in a row ... I found a few suspicious .dll and a ~.exe file that I was able to delete from an XP restore CD command prompt (several traditional delete methods were tried but unsuccessful)... the popups stopped but I still have a few few registry keys/values that I am unable to delete ...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0B5E3AA-B142-4DF8-94E4-5C811317E875}

the following is from a dds.txt file ...

DDS (Ver_09-01-19.01) - NTFSx86
Run by stephen fischer at 9:07:59.26 on Fri 01/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.505 [GMT -9:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\eHome\Wireless G EH103\SiSWLSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\stephen fischer.YOUR-5OLNB28OAO\Local Settings\Temporary Internet Files\Content.IE5\4XA3C9UB\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = about:blank
BHO: {f0b5e3aa-b142-4df8-94e4-5c811317e875} - c:\windows\system32\comcatk.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe "
mRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340 "
IE: Download All Files by HiDownload - c:\progra~1\hidown~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\hidown~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - c:\progra~1\hidown~1\hidownload.exe
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

============= SERVICES / DRIVERS ===============

R0 xwsmovca;xwsmovca;c:\windows\system32\drivers\xwsmovca.sys [2001-8-29 23424]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys [2002-8-5 33280]
R4 A4S2;A4S2;c:\windows\system32\drivers\a4s2.sys [2002-11-17 13344]
R4 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [2001-12-6 25632]
S0 Winpw74;Winpw74;c:\windows\system32\drivers\winpw74.sys --> c:\windows\system32\drivers\Winpw74.sys [?]
S1 DW;DW; [x]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\coachvc.sys --> c:\windows\system32\drivers\CoachVc.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2003-12-1 10368]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-12-8 23296]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2007-12-24 217600]
S3 TDKUSBDR;TDK MOJO USB driver;c:\windows\system32\drivers\tdkusbdr.sys [2004-12-19 16384]
S4 AvSynMgr;AVSync Manager;c:\program files\mcafee\mcafee virusscan\Avsynmgr.exe [2002-8-5 196625]
S4 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2002-12-3 15104]
S4 McAfee Firewall;McAfee Firewall;c:\program files\mcafee\mcafee firewall\cpd.exe [2002-8-5 77824]
S4 McShield;McShield;c:\program files\common files\network associates\mcshield\Mcshield.exe [2002-8-5 237663]

=============== Created Last 30 ================

2009-01-29 22:51 <DIR> a-dshr-- C:\cmdcons
2009-01-29 22:47 161,792 a------- c:\windows\SWREG.exe
2009-01-29 22:47 98,816 a------- c:\windows\sed.exe
2009-01-29 19:56 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-29 19:56 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-01-29 19:56 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-01-29 19:56 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-01-29 19:56 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-01-29 19:56 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-01-29 19:55 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-01-29 19:55 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-01-29 19:55 53,760 ac------ c:\windows\system32\dllcache\wiamsmud.dll
2009-01-29 19:54 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-29 19:54 701,386 ac------ c:\windows\system32\dllcache\wdhaalba.sys
2009-01-29 19:54 35,871 ac------ c:\windows\system32\dllcache\wbfirdma.sys
2009-01-29 19:54 16,925 ac------ c:\windows\system32\dllcache\w940nd.sys
2009-01-29 19:54 19,016 ac------ c:\windows\system32\dllcache\w926nd.sys
2009-01-29 19:54 19,528 ac------ c:\windows\system32\dllcache\w840nd.sys
2009-01-29 19:53 249,402 ac------ c:\windows\system32\dllcache\vinwm.sys
2009-01-29 19:53 24,576 ac------ c:\windows\system32\dllcache\viairda.sys
2009-01-29 19:53 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-01-29 19:53 765,884 ac------ c:\windows\system32\dllcache\usrti.sys
2009-01-29 19:53 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys
2009-01-29 19:53 7,556 ac------ c:\windows\system32\dllcache\usroslba.sys
2009-01-29 19:53 224,802 ac------ c:\windows\system32\dllcache\usr1807a.sys
2009-01-29 19:52 794,399 ac------ c:\windows\system32\dllcache\usr1806v.sys
2009-01-29 19:52 793,598 ac------ c:\windows\system32\dllcache\usr1806.sys
2009-01-29 19:52 794,654 ac------ c:\windows\system32\dllcache\usr1801.sys
2009-01-29 19:52 94,720 ac------ c:\windows\system32\dllcache\umaxud32.dll
2009-01-29 19:52 28,160 ac------ c:\windows\system32\dllcache\umaxu40.dll
2009-01-29 19:52 26,624 ac------ c:\windows\system32\dllcache\umaxu22.dll
2009-01-29 19:52 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-01-29 19:52 50,688 ac------ c:\windows\system32\dllcache\umaxscan.dll
2009-01-29 19:51 22,912 ac------ c:\windows\system32\dllcache\umaxpcls.sys
2009-01-29 19:51 50,176 ac------ c:\windows\system32\dllcache\umaxp60.dll
2009-01-29 19:51 47,616 ac------ c:\windows\system32\dllcache\umaxcam.dll
2009-01-29 19:51 211,968 ac------ c:\windows\system32\dllcache\um54scan.dll
2009-01-29 19:51 216,064 ac------ c:\windows\system32\dllcache\um34scan.dll
2009-01-29 19:51 36,736 ac------ c:\windows\system32\dllcache\ultra.sys
2009-01-29 19:51 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
2009-01-29 19:51 166,784 ac------ c:\windows\system32\dllcache\tridxpm.sys
2009-01-29 19:51 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
2009-01-29 19:50 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2009-01-29 19:50 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
2009-01-29 19:50 222,336 ac------ c:\windows\system32\dllcache\trid3dm.sys
2009-01-29 19:50 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
2009-01-29 19:50 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-01-29 19:50 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
2009-01-29 19:50 82,944 ac------ c:\windows\system32\dllcache\tp4mon.exe
2009-01-29 19:50 31,744 ac------ c:\windows\system32\dllcache\tp4.dll
2009-01-29 19:50 4,992 ac------ c:\windows\system32\dllcache\toside.sys
2009-01-29 19:50 230,912 ac------ c:\windows\system32\dllcache\tosdvd03.sys
2009-01-29 19:49 241,664 ac------ c:\windows\system32\dllcache\tosdvd02.sys
2009-01-29 19:49 28,232 ac------ c:\windows\system32\dllcache\tos4mo.sys
2009-01-29 19:49 123,995 ac------ c:\windows\system32\dllcache\tjisdn.sys
2009-01-29 19:49 138,528 ac------ c:\windows\system32\dllcache\tgiulnt5.sys
2009-01-29 19:49 81,408 ac------ c:\windows\system32\dllcache\tgiul50.dll
2009-01-29 19:49 149,376 ac------ c:\windows\system32\dllcache\tffsport.sys
2009-01-29 19:49 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
2009-01-29 19:49 37,961 ac------ c:\windows\system32\dllcache\tdk100b.sys
2009-01-29 19:49 30,464 ac------ c:\windows\system32\dllcache\tbatm155.sys
2009-01-29 19:48 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2009-01-29 19:48 36,640 ac------ c:\windows\system32\dllcache\t2r4mini.sys
2009-01-29 19:48 172,768 ac------ c:\windows\system32\dllcache\t2r4disp.dll
2009-01-29 19:48 32,640 ac------ c:\windows\system32\dllcache\symc8xx.sys
2009-01-29 19:48 16,256 ac------ c:\windows\system32\dllcache\symc810.sys
2009-01-29 19:48 30,688 ac------ c:\windows\system32\dllcache\sym_u3.sys
2009-01-29 19:48 28,384 ac------ c:\windows\system32\dllcache\sym_hi.sys
2009-01-29 19:48 94,293 ac------ c:\windows\system32\dllcache\sxports.dll
2009-01-29 19:48 103,936 ac------ c:\windows\system32\dllcache\sx.sys
2009-01-29 19:48 3,968 ac------ c:\windows\system32\dllcache\swusbflt.sys
2009-01-29 19:47 10,240 ac------ c:\windows\system32\dllcache\swpidflt.dll
2009-01-29 19:47 10,240 ac------ c:\windows\system32\dllcache\swpdflt2.dll
2009-01-29 19:47 53,760 ac------ c:\windows\system32\dllcache\sw_wheel.dll
2009-01-29 19:47 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-01-29 19:47 155,648 ac------ c:\windows\system32\dllcache\stlnprop.dll
2009-01-29 19:47 53,248 ac------ c:\windows\system32\dllcache\stlncoin.dll
2009-01-29 19:47 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-01-29 19:47 16,896 ac------ c:\windows\system32\dllcache\stcusb.sys
2009-01-29 19:47 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-01-29 19:46 99,328 ac------ c:\windows\system32\dllcache\srusd.dll
2009-01-29 19:46 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-01-29 19:46 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-01-29 19:46 106,584 ac------ c:\windows\system32\dllcache\spdports.dll
2009-01-29 19:46 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-01-29 19:46 37,040 ac------ c:\windows\system32\dllcache\sonypi.sys
2009-01-29 19:46 114,688 ac------ c:\windows\system32\dllcache\sonypi.dll
2009-01-29 19:46 20,752 ac------ c:\windows\system32\dllcache\sonync.sys
2009-01-29 19:46 9,600 ac------ c:\windows\system32\dllcache\sonymc.sys
2009-01-29 19:46 7,552 ac------ c:\windows\system32\dllcache\sonyait.sys
2009-01-29 19:46 143,422 ac------ c:\windows\system32\dllcache\softkey.dll
2009-01-29 19:45 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-01-29 19:44 58,368 ac------ c:\windows\system32\dllcache\smiminib.sys
2009-01-29 19:44 147,200 ac------ c:\windows\system32\dllcache\smidispb.dll
2009-01-29 19:44 25,034 ac------ c:\windows\system32\dllcache\smcpwr2n.sys
2009-01-29 19:44 35,913 ac------ c:\windows\system32\dllcache\smcirda.sys
2009-01-29 19:43 24,576 ac------ c:\windows\system32\dllcache\smc8000n.sys
2009-01-29 19:43 6,784 ac------ c:\windows\system32\dllcache\smbhc.sys
2009-01-29 19:43 6,912 ac------ c:\windows\system32\dllcache\smbclass.sys
2009-01-29 19:43 16,000 ac------ c:\windows\system32\dllcache\smbbatt.sys
2009-01-29 19:43 45,568 ac------ c:\windows\system32\dllcache\smb3w.dll
2009-01-29 19:43 33,792 ac------ c:\windows\system32\dllcache\smb0w.dll
2009-01-29 19:43 28,672 ac------ c:\windows\system32\dllcache\sma0w.dll
2009-01-29 19:43 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2009-01-29 19:43 63,547 ac------ c:\windows\system32\dllcache\sla30nd5.sys
2009-01-29 19:43 91,294 ac------ c:\windows\system32\dllcache\skfpwin.sys
2009-01-29 19:42 94,698 ac------ c:\windows\system32\dllcache\sk98xwin.sys
2009-01-29 19:42 157,696 ac------ c:\windows\system32\dllcache\sisv256.dll
2009-01-29 19:42 50,432 ac------ c:\windows\system32\dllcache\sisv.sys
2009-01-29 19:42 32,768 ac------ c:\windows\system32\dllcache\sisnic.sys
2009-01-29 19:42 238,592 ac------ c:\windows\system32\dllcache\sisgrv.dll
2009-01-29 19:42 104,064 ac------ c:\windows\system32\dllcache\sisgrp.sys
2009-01-29 19:42 150,144 ac------ c:\windows\system32\dllcache\sis6306v.dll
2009-01-29 19:42 68,608 ac------ c:\windows\system32\dllcache\sis6306p.sys
2009-01-29 19:42 252,032 ac------ c:\windows\system32\dllcache\sis300iv.dll
2009-01-29 19:42 101,760 ac------ c:\windows\system32\dllcache\sis300ip.sys
2009-01-29 19:41 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2009-01-29 19:41 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
2009-01-29 19:41 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2009-01-29 19:41 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2009-01-29 19:41 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2009-01-29 19:41 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-01-29 19:41 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2009-01-29 19:40 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
2009-01-29 19:40 11,520 ac------ c:\windows\system32\dllcache\scsiscan.sys
2009-01-29 19:40 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2009-01-29 19:37 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2009-01-29 19:37 16,640 ac------ c:\windows\system32\dllcache\scmstcs.sys
2009-01-29 19:37 23,936 ac------ c:\windows\system32\dllcache\sccmusbm.sys
2009-01-29 19:37 23,936 ac------ c:\windows\system32\dllcache\sccmn50m.sys
2009-01-29 19:37 43,904 ac------ c:\windows\system32\dllcache\sbp2port.sys
2009-01-29 19:37 495,616 ac------ c:\windows\system32\dllcache\sblfx.dll
2009-01-29 19:37 75,392 ac------ c:\windows\system32\dllcache\s3savmxm.sys
2009-01-29 19:36 245,632 ac------ c:\windows\system32\dllcache\s3savmx.dll
2009-01-29 19:36 77,824 ac------ c:\windows\system32\dllcache\s3sav4m.sys
2009-01-29 19:36 198,400 ac------ c:\windows\system32\dllcache\s3sav4.dll
2009-01-29 19:36 61,504 ac------ c:\windows\system32\dllcache\s3sav3dm.sys
2009-01-29 19:36 179,264 ac------ c:\windows\system32\dllcache\s3sav3d.dll
2009-01-29 19:36 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-01-29 19:36 62,496 ac------ c:\windows\system32\dllcache\s3mtrio.dll
2009-01-29 19:36 41,216 ac------ c:\windows\system32\dllcache\s3mt3d.sys
2009-01-29 19:36 182,272 ac------ c:\windows\system32\dllcache\s3mt3d.dll
2009-01-29 19:36 166,720 ac------ c:\windows\system32\dllcache\s3m.sys
2009-01-29 19:36 65,664 ac------ c:\windows\system32\dllcache\s3legacy.sys
2009-01-29 19:35 82,432 ac------ c:\windows\system32\dllcache\rwia450.dll
2009-01-29 19:35 79,872 ac------ c:\windows\system32\dllcache\rwia430.dll
2009-01-29 19:35 29,696 ac------ c:\windows\system32\dllcache\rw450ext.dll
2009-01-29 19:35 27,648 ac------ c:\windows\system32\dllcache\rw430ext.dll
2009-01-29 19:35 19,017 ac------ c:\windows\system32\dllcache\rtl8029.sys
2009-01-29 19:35 30,720 ac------ c:\windows\system32\dllcache\rthwcls.sys
2009-01-29 19:35 9,216 ac------ c:\windows\system32\dllcache\rsmgrstr.dll
2009-01-29 19:35 3,840 ac------ c:\windows\system32\dllcache\rpfun.sys
2009-01-29 19:35 79,104 ac------ c:\windows\system32\dllcache\rocket.sys
2009-01-29 19:35 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-01-29 19:35 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll
2009-01-29 19:32 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-01-29 19:32 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-01-29 19:32 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-01-29 19:32 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2009-01-29 19:32 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys
2009-01-29 19:32 49,024 ac------ c:\windows\system32\dllcache\ql1280.sys
2009-01-29 19:30 17,792 ac------ c:\windows\system32\dllcache\ppa.sys
2009-01-29 19:30 8,832 ac------ c:\windows\system32\dllcache\powerfil.sys
2009-01-29 19:30 7,168 ac------ c:\windows\system32\dllcache\pnrmc.sys
2009-01-29 19:30 121,344 ac------ c:\windows\system32\dllcache\phvfwext.dll
2009-01-29 19:30 19,840 ac------ c:\windows\system32\dllcache\philtune.sys
2009-01-29 19:30 92,416 ac------ c:\windows\system32\dllcache\phildec.sys
2009-01-29 19:30 173,696 ac------ c:\windows\system32\dllcache\philcam2.sys
2009-01-29 19:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-01-29 19:30 16,384 ac------ c:\windows\system32\dllcache\philcam1.dll
2009-01-29 19:30 105,984 ac------ c:\windows\system32\dllcache\phdsext.ax
2009-01-29 19:30 259,328 ac------ c:\windows\system32\dllcache\perm3dd.dll
2009-01-29 19:28 41,984 ac------ c:\windows\system32\dllcache\ovui2rc.dll
2009-01-29 19:28 44,544 ac------ c:\windows\system32\dllcache\ovui2.dll
2009-01-29 19:28 25,216 ac------ c:\windows\system32\dllcache\ovsound2.sys
2009-01-29 19:28 39,424 ac------ c:\windows\system32\dllcache\ovcoms.exe
2009-01-29 19:28 20,480 ac------ c:\windows\system32\dllcache\ovcomc.dll
2009-01-29 19:28 351,616 ac------ c:\windows\system32\dllcache\ovcodek2.sys
2009-01-29 19:28 116,736 ac------ c:\windows\system32\dllcache\ovcodec2.dll
2009-01-29 19:28 31,872 ac------ c:\windows\system32\dllcache\ovce.sys
2009-01-29 19:28 28,032 ac------ c:\windows\system32\dllcache\ovcd.sys
2009-01-29 19:28 48,000 ac------ c:\windows\system32\dllcache\ovcam2.sys
2009-01-29 19:28 25,088 ac------ c:\windows\system32\dllcache\ovca.sys
2009-01-29 19:27 54,186 ac------ c:\windows\system32\dllcache\otcsercb.sys
2009-01-29 19:27 43,689 ac------ c:\windows\system32\dllcache\otceth5.sys
2009-01-29 19:27 27,209 ac------ c:\windows\system32\dllcache\otc06x5.sys
2009-01-29 19:27 54,528 ac------ c:\windows\system32\dllcache\opl3sax.sys
2009-01-29 19:27 61,696 ac------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-29 19:27 198,144 ac------ c:\windows\system32\dllcache\nv3.sys
2009-01-29 19:27 123,776 ac------ c:\windows\system32\dllcache\nv3.dll
2009-01-29 19:27 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-01-29 19:25 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-01-29 19:25 7,552 ac------ c:\windows\system32\dllcache\nsmmc.sys
2009-01-29 19:25 28,672 ac------ c:\windows\system32\dllcache\nscirda.sys
2009-01-29 19:24 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-01-29 19:24 126,080 ac------ c:\windows\system32\dllcache\nm5a2wdm.sys
2009-01-29 19:24 32,840 ac------ c:\windows\system32\dllcache\ngrpci.sys
2009-01-29 19:24 132,695 ac------ c:\windows\system32\dllcache\netwlan5.sys
2009-01-29 19:24 65,278 ac------ c:\windows\system32\dllcache\netflx3.sys
2009-01-29 19:24 39,264 ac------ c:\windows\system32\dllcache\neo20xx.sys
2009-01-29 19:24 60,480 ac------ c:\windows\system32\dllcache\neo20xx.dll
2009-01-29 19:24 15,872 ac------ c:\windows\system32\dllcache\ne2000.sys
2009-01-29 19:24 91,488 ac------ c:\windows\system32\dllcache\n9i3disp.dll
2009-01-29 19:24 27,936 ac------ c:\windows\system32\dllcache\n9i3d.sys
2009-01-29 19:22 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-01-29 19:22 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-01-29 19:22 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-01-29 19:22 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-01-29 19:22 98,304 ac------ c:\windows\system32\dllcache\msir3jp.dll
2009-01-29 19:22 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-01-29 19:22 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-01-29 19:22 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-01-29 19:22 51,200 ac------ c:\windows\system32\dllcache\msdv.sys
2009-01-29 19:21 17,280 ac------ c:\windows\system32\dllcache\mraid35x.sys
2009-01-29 19:21 15,232 ac------ c:\windows\system32\dllcache\mpe.sys
2009-01-29 19:21 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-01-29 19:21 320,384 ac------ c:\windows\system32\dllcache\mgaum.sys
2009-01-29 19:21 235,648 ac------ c:\windows\system32\dllcache\mgaud.dll
2009-01-29 19:21 26,112 ac------ c:\windows\system32\dllcache\memstpci.sys
2009-01-29 19:21 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-01-29 19:21 8,320 ac------ c:\windows\system32\dllcache\memcard.sys
2009-01-29 19:21 164,586 ac------ c:\windows\system32\dllcache\mdgndis5.sys
2009-01-29 19:21 7,424 ac------ c:\windows\system32\dllcache\mammoth.sys
2009-01-29 19:20 48,768 ac------ c:\windows\system32\dllcache\maestro.sys
2009-01-29 19:20 58,880 ac------ c:\windows\system32\dllcache\m3092dc.dll
2009-01-29 19:20 58,368 ac------ c:\windows\system32\dllcache\m3091dc.dll
2009-01-29 19:20 22,848 ac------ c:\windows\system32\dllcache\lwusbhid.sys
2009-01-29 19:20 20,864 ac------ c:\windows\system32\dllcache\lwadihid.sys
2009-01-29 19:20 797,500 ac------ c:\windows\system32\dllcache\ltsmt.sys
2009-01-29 19:20 802,683 ac------ c:\windows\system32\dllcache\ltsm.sys
2009-01-29 19:20 7,040 ac------ c:\windows\system32\dllcache\ltotape.sys
2009-01-29 19:20 420,992 ac------ c:\windows\system32\dllcache\ltmdmntt.sys
2009-01-29 19:18 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-29 19:18 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-01-29 19:18 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-01-29 19:18 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-01-29 19:18 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2009-01-29 19:18 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-01-29 19:18 88,192 ac------ c:\windows\system32\dllcache\irda.sys
2009-01-29 19:18 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-01-29 19:18 90,200 ac------ c:\windows\system32\dllcache\io8ports.dll
2009-01-29 19:16 61,952 ac------ c:\windows\system32\dllcache\icam4ext.dll
2009-01-29 19:15 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-01-29 19:15 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-01-29 19:15 19,456 ac------ c:\windows\system32\dllcache\hr1w.dll
2009-01-29 19:15 5,760 ac------ c:\windows\system32\dllcache\hpt4qic.sys
2009-01-29 19:15 13,312 ac------ c:\windows\system32\dllcache\hpsjmcro.dll
2009-01-29 19:15 324,608 ac------ c:\windows\system32\dllcache\hpojwia.dll
2009-01-29 19:15 25,952 ac------ c:\windows\system32\dllcache\hpn.sys
2009-01-29 19:15 32,768 ac------ c:\windows\system32\dllcache\hpgtmcro.dll
2009-01-29 19:15 68,608 ac------ c:\windows\system32\dllcache\hpgt53tk.dll
2009-01-29 19:15 165,888 ac------ c:\windows\system32\dllcache\hpgt53.dll
2009-01-29 19:15 31,232 ac------ c:\windows\system32\dllcache\hpgt42tk.dll
2009-01-29 19:15 93,696 ac------ c:\windows\system32\dllcache\hpgt42.dll
2009-01-29 19:13 1,733,120 ac------ c:\windows\system32\dllcache\g400d.dll
2009-01-29 19:13 320,384 ac------ c:\windows\system32\dllcache\g200m.sys
2009-01-29 19:13 470,144 ac------ c:\windows\system32\dllcache\g200d.dll
2009-01-29 19:13 454,912 ac------ c:\windows\system32\dllcache\fxusbase.sys
2009-01-29 19:13 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2009-01-29 19:13 455,296 ac------ c:\windows\system32\dllcache\fusbbase.sys
2009-01-29 19:13 455,680 ac------ c:\windows\system32\dllcache\fus2base.sys
2009-01-29 19:13 442,240 ac------ c:\windows\system32\dllcache\fpnpbase.sys
2009-01-29 19:13 441,728 ac------ c:\windows\system32\dllcache\fpcmbase.sys
2009-01-29 19:13 444,416 ac------ c:\windows\system32\dllcache\fpcibase.sys
2009-01-29 19:13 34,173 ac------ c:\windows\system32\dllcache\forehe.sys
2009-01-29 19:13 71,680 ac------ c:\windows\system32\dllcache\fnfilter.dll
2009-01-29 19:13 27,165 ac------ c:\windows\system32\dllcache\fetnd5.sys
2009-01-29 19:12 22,090 ac------ c:\windows\system32\dllcache\fem556n5.sys
2009-01-29 19:10 24,618 ac------ c:\windows\system32\dllcache\fa410nd5.sys
2009-01-29 19:10 16,074 ac------ c:\windows\system32\dllcache\fa312nd5.sys
2009-01-29 19:10 11,850 ac------ c:\windows\system32\dllcache\f3ab18xj.sys
2009-01-29 19:10 12,362 ac------ c:\windows\system32\dllcache\f3ab18xi.sys
2009-01-29 19:10 7,040 ac------ c:\windows\system32\dllcache\exabyte2.sys
2009-01-29 19:10 16,998 ac------ c:\windows\system32\dllcache\ex10.sys
2009-01-29 19:10 45,568 ac------ c:\windows\system32\dllcache\esunib.dll
2009-01-29 19:10 45,568 ac------ c:\windows\system32\dllcache\esuni.dll
2009-01-29 19:08 6,400 ac------ c:\windows\system32\dllcache\enum1394.sys
2009-01-29 19:07 50,719 ac------ c:\windows\system32\dllcache\e1000nt5.sys
2009-01-29 19:06 110,621 ac------ c:\windows\system32\dllcache\digirlpt.dll
2009-01-29 19:05 179,584 ac------ c:\windows\system32\dllcache\dac2w2k.sys
2009-01-29 19:04 10,240 ac------ c:\windows\system32\dllcache\compbatt.sys
2009-01-29 19:03 244,224 ac------ c:\windows\system32\dllcache\camext20.ax
2009-01-29 10:09 <DIR> --d----- c:\program files\Windows Resource Kits
2009-01-28 18:17 126,621 a------- c:\windows\EPSTPLOG.BAK
2009-01-28 18:03 <DIR> --d----- c:\program files\Microsoft Easy Assist
2009-01-26 10:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-01-24 12:08 <DIR> --d-h--- C:\BJPrinter
2009-01-24 10:12 <DIR> --d----- c:\docume~1\stephe~1.you\applic~1\CD-LabelPrint
2009-01-24 10:00 <DIR> --d----- c:\program files\CD-LabelPrint
2009-01-22 17:22 66,082 ac------ c:\windows\system32\dllcache\c_1144.nls
2009-01-22 17:22 66,082 ac------ c:\windows\system32\dllcache\c_1142.nls
2009-01-22 17:22 66,082 ac------ c:\windows\system32\dllcache\c_1141.nls
2009-01-22 17:22 66,082 ac------ c:\windows\system32\dllcache\c_1140.nls
2009-01-22 17:22 66,082 ac------ c:\windows\system32\dllcache\c_1047.nls
2009-01-22 17:22 66,082 ac------ c:\windows\system32\dllcache\c_10021.nls
2009-01-22 17:22 173,602 ac------ c:\windows\system32\dllcache\c_10008.nls
2009-01-22 17:17 66,082 ac------ c:\windows\system32\dllcache\c_10005.nls
2009-01-22 17:17 66,082 ac------ c:\windows\system32\dllcache\c_10004.nls
2009-01-22 17:17 177,698 ac------ c:\windows\system32\dllcache\c_10003.nls
2009-01-22 17:17 195,618 ac------ c:\windows\system32\dllcache\c_10002.nls
2009-01-22 17:17 162,850 ac------ c:\windows\system32\dllcache\c_10001.nls
2009-01-22 17:17 82,172 ac------ c:\windows\system32\dllcache\bopomofo.nls
2009-01-22 13:54 <DIR> --d----- C:\EPSONREG
2009-01-22 13:32 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-01-22 13:26 <DIR> --d----- c:\program files\EPSON Print CD
2009-01-22 13:19 309,760 a------- c:\windows\system32\EAL32.DLL
2009-01-22 13:19 82,944 a------- c:\windows\system32\EAL.EXE
2009-01-22 13:19 79,679 a------- c:\windows\system32\E_FLMAJA.DLL
2009-01-22 13:19 64,000 a------- c:\windows\system32\E_FBCBAJA.DLL
2009-01-22 13:19 34,304 a------- c:\windows\system32\E_FBCHAJA.DLL
2009-01-22 13:19 58 a------- c:\windows\system32\EAL32.INI
2009-01-22 13:19 44 a------- c:\windows\EPR340.ini

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-11 01:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-03-30 07:36 47,360 a------- c:\docume~1\stephe~1.you\applic~1\pcouffin.sys
2006-11-12 10:42 147,136 a------- c:\docume~1\stephe~1.you\applic~1\GDIPFONTCACHEV1.DAT
2001-08-17 10:15 271,981 a----r-- c:\windows\inf\ALCXWDM.SYS
2001-07-26 16:58 47 a------- c:\program files\ACMonitor_X73.ini
2001-07-05 12:46 8,116 a------- c:\program files\OSLO3071b2.USB
2001-06-20 16:19 40,960 a------- c:\program files\ACMonitor_X83.exe
2001-05-11 11:39 53,248 a------- c:\program files\ACMonitor_X73.exe
2001-05-08 16:36 114,688 a------- c:\program files\lxarscan.dll
2001-04-23 14:22 1,437 a------- c:\program files\gtx73.ini
2001-02-22 09:54 768 a------- c:\program files\x73_lut.dat

============= FINISH: 9:09:13.32 ===============

and from a attach.txt file ......

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 8.897 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/29/2009 10:47:55 PM - System Checkpoint
RP2: 1/29/2009 10:48:45 PM - ComboFix created restore point

==== Installed Programs ======================

10,000 Home Plans
1st Page 2000 2.00 Free
3DMiracle (remove only)
3DMonster (remove only)
56HP92-PCT Drivers
Acoustica MP3 Audio Mixer
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
Adobe SVG Viewer 3.0
AnswerWorks Runtime
AnyDVD
ArcSoft Funhouse
ArcSoft Greeting Card Creator
ArcSoft PhotoBase 4
ArcSoft PhotoImpression 5
Audacity 1.0.0
AutoBackup
BC Calc 2001
BEToolbox
Camera Window
Canon Camera WIA Driver
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss REBEL 300D WIA Driver
Canon PhotoRecord
Canon PIXMA iP4000
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities Easy-PhotoPrint
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CD-LabelPrint
Compatibility Pack for the 2007 Office system
CONSYS 2000
Corel Applications
Corel R.A.V.E. 2
Corel RAVE 2 SA
dBpowerAMP Mp4 Codec
dBpowerAMP Music Converter
dBpowerAMP Real Audio Codec
dBPowerAMP Real Audio Encoder R3
dBpowerAMP WMA V9 Codec
dMC Power Pack
DVD Decrypter (Remove Only)
DVD PhotoPlay
DVD Shrink 3.2
DVDFab Decrypter 3.0.8.6
DVDFab HD Decrypter 4.1.2.0
Easy-WebPrint
Easy CD Creator 5 Platinum
EH103 Wireless G USB Adapter
EphPod
EPSON Copy Utility
EPSON Photo Print
EPSON Print CD
EPSON Printer Software
EPSON Smart Panel
EPSON SPR340 User's Guide
EPSON TWAIN 5
File Viewer Utility 1.3.2
Flash Decompiler
FLV Player
Free DWG Viewer 5.4
FreeAgent Pro Tools
Google Toolbar for Internet Explorer
HiDownload
HijackThis 1.99.1
HotFax
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Resizer Powertoy for Windows XP
Infine CaptureFlash version 1.6
iPhoto Plus 4
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kodak EasyShare software
LimeWire 4.12.6
Lpile Plus v5.0
Lyra Personal Audio Player (RD1021/1071/1075)
Malwarebytes' Anti-Malware
Maxtor Backup
Maxtor OneTouch III
McAfee Firewall
McAfee VirusScan Home Edition
Mechanical programs (incl. Framework)
MediaFACE 4.0
MGI PhotoSuite 8.1 (Remove Only)
Micrografx Designer 6.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Easy Assist v2
Microsoft Expression Code Name Acrylic Graphic Designer
Microsoft Expression Code Name Acrylic Graphic Designer XAML Exporter
Microsoft IntelliPoint 5.0
Microsoft Interactive Training
Microsoft Office 2000 Disc 2
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6.0
mIRC
MP3 Converter 4.1
MPIO Manager 2
MPIO Plugins Pack
MSN Messenger 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
Mustek Scanner Solutions for 600 III EP Plus v3.0
Natural Color
Nero Suite
Netflix Movie Viewer
Netscape (7.0)
Netscape Communicator 4.7
NokiaFREE Unlock Codes Calculator
NVIDIA Windows 2000/XP Display Drivers
PDFCreator
Photo Explosion Deluxe
PhotoParade Player
PhotoStitch
Picasa 2
Pinnacle Hollywood FX for Studio
Pinnacle Instant PhotoAlbum
PowerDVD
Quick Screen Capture 3.0
QuickTime
Radio@Netscape
RAW Image Task
RealPlayer
RemoteCapture 2.7.5
RemoteCapture Task
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Sierra Print Artist 6.0
SimpleOCR 3.1
SmartSound Quicktracks Plugin
Snood for Windows version 3.0-W
Sothink SWF Quicker
Sothink SWF to Video Converter
SoundEdit Pro
Studio 9
Studio 9.4 Patch
TDK UniFi for MOJO 128&256F
TDK UniFi Plug-ins Pack
TextBridge Classic
The Jazz Midi Sequencer
The Rosetta Stone
TOPO! 4
TurboTax ItsDeductible 2006
Ulead COOL 360 1.0
un****
Universal Media Player
Unlocker 1.8.6
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player (Remove Only)
WavePad Uninstall
WebFldrs XP
WexTech AnswerWorks
Winamp (remove only)
WinAVI VideoConverter
Windows Genuine Advantage Notifications (KB905474)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 11
Yahoo! Messenger
Zero Assumption Recovery Version 7.9

==== Event Viewer Messages From Past Week ========

1/28/2009 4:12:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/28/2009 4:02:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/28/2009 11:30:14 AM, error: Service Control Manager [7000] - The PCTEL Speaker Phone service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/28/2009 11:30:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PCTEL Speaker Phone service to connect.
1/28/2009 11:30:14 AM, error: Service Control Manager [7000] - The Lexmark X73 MFP Scanner service failed to start due to the following error: The system cannot find the file specified.
1/28/2009 11:30:14 AM, error: Service Control Manager [7000] - The Genesys Logic USB Scanner Controller NT 5.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/28/2009 11:28:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/28/2009 11:28:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/28/2009 10:59:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/28/2009 10:57:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT NetworkX PCLEPCI RasAcd Rdbss Tcpip WS2IFSL
1/28/2009 10:57:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2009 10:57:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2009 10:57:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2009 10:57:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2009 8:00:23 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/27/2009 3:59:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
1/27/2009 1:36:41 PM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x43), which lies in the 0x40 - 0x43 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
1/29/2009 10:54:43 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
1/29/2009 10:54:43 PM, error: Service Control Manager [7034] - The PCTEL Speaker Phone service terminated unexpectedly. It has done this 1 time(s).
1/29/2009 10:54:43 PM, error: Service Control Manager [7034] - The SiS WirelessLan Service service terminated unexpectedly. It has done this 1 time(s).
1/29/2009 10:54:43 PM, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
1/29/2009 10:54:43 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/29/2009 10:54:43 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
1/29/2009 10:58:00 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/29/2009 11:01:02 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
1/29/2009 6:57:56 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
1/29/2009 7:22:53 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\msxml2r.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 8.2.8307.0.
1/29/2009 7:22:54 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\msxml2r.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 8.1.7502.0.
1/29/2009 7:22:55 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\msxml3r.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 8.20.9307.0.
1/29/2009 7:22:56 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\system32\msxml3r.dll has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 8.20.8730.1.
1/29/2009 7:52:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\usb101et.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:52:40 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\usbaudio.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:52:42 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\usbccgp.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:52:44 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\usbser.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:53:42 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\viaide.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:26 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wadv01nt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:28 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wadv02nt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:29 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wadv05nt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:32 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\watv01nt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:34 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\watv02nt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:36 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\watv04nt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:46 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wceusbsh.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:54:47 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wch7xxnt.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:55:35 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wlluc48.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:55:39 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wmiacpi.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:56:15 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\wshirda.dll could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:56:18 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wsiintxx.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:56:25 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\wvchntxx.sys could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:56:58 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\xrxscnui.dll could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:57:07 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\xrxwiadr.dll could not be copied into the DLL cache. The specific error code is 0x0000000d [The data is invalid. ]. This file is necessary to maintain system stability.
1/29/2009 7:57:08 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.

==== End Of File ===========================

any help would be greatly appreciatted

noahdfear · 2009/02/02

Welcome to WindowsBBS pasterbill

I see you ran ComboFix and MBAM.
Please post the C:\combofix.txt log here.
I would also like to see the logs from MBAM, if anything was detected and/or removed with it.

pasterbill · 2009/02/03

the combofix file ......

ComboFix 09-01-21.04 -2009-01-29 22:54:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.526 [GMT -9:00]
Running from: c:\documents and settings\stephen fischer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\stephen fischer\Desktop\CFscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\STEPHE~1.YOU\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Application Data\inst.exe
c:\windows\Downloaded Program Files\ODCTOOLS

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2009-01-29 19:56 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-01-29 19:56 . 2004-08-04 10:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-01-29 19:56 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-01-29 19:56 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-29 19:56 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-01-29 19:56 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-01-29 19:55 . 2001-08-17 13:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys
2009-01-29 19:55 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll
2009-01-29 19:55 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2009-01-29 19:54 . 2001-08-17 13:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys
2009-01-29 19:54 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-29 19:54 . 2001-08-17 12:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys
2009-01-29 19:54 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys
2009-01-29 19:54 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys
2009-01-29 19:54 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys
2009-01-29 19:53 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2009-01-29 19:53 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys
2009-01-29 19:53 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys
2009-01-29 19:53 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys
2009-01-29 19:53 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys
2009-01-29 19:53 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys
2009-01-29 19:53 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys
2009-01-29 19:52 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-01-29 19:52 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys
2009-01-29 19:52 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys
2009-01-29 19:52 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll
2009-01-29 19:52 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll
2009-01-29 19:52 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll
2009-01-29 19:52 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll
2009-01-29 19:52 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll
2009-01-29 19:51 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-01-29 19:51 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll
2009-01-29 19:51 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll
2009-01-29 19:51 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys
2009-01-29 19:51 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll
2009-01-29 19:51 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll
2009-01-29 19:51 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys
2009-01-29 19:51 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys
2009-01-29 19:51 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys
2009-01-29 19:50 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll
2009-01-29 19:50 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll
2009-01-29 19:50 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys
2009-01-29 19:50 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys
2009-01-29 19:50 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys
2009-01-29 19:50 . 2008-04-13 16:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2009-01-29 19:50 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll
2009-01-29 19:50 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys
2009-01-29 19:50 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll
2009-01-29 19:50 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys
2009-01-29 19:49 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-01-29 19:49 . 2008-04-13 10:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2009-01-29 19:49 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
2009-01-29 19:49 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
2009-01-29 19:49 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
2009-01-29 19:49 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
2009-01-29 19:49 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys
2009-01-29 19:49 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
2009-01-29 19:49 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
2009-01-29 19:48 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-01-29 19:48 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys
2009-01-29 19:48 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll
2009-01-29 19:48 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys
2009-01-29 19:48 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys
2009-01-29 19:48 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys
2009-01-29 19:48 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys
2009-01-29 19:48 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys
2009-01-29 19:48 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys
2009-01-29 19:48 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys
2009-01-29 19:47 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-01-29 19:47 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll
2009-01-29 19:47 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll
2009-01-29 19:47 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll
2009-01-29 19:47 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
2009-01-29 19:47 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll
2009-01-29 19:47 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys
2009-01-29 19:47 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll
2009-01-29 19:47 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll
2009-01-29 19:46 . 2004-08-04 10:00 143,422 --a--c--- c:\windows\system32\dllcache\softkey.dll
2009-01-29 19:46 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll
2009-01-29 19:46 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
2009-01-29 19:46 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-01-29 19:46 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
2009-01-29 19:46 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
2009-01-29 19:46 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
2009-01-29 19:46 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys
2009-01-29 19:46 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
2009-01-29 19:46 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys
2009-01-29 19:46 . 2008-04-13 10:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2009-01-29 19:45 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys
2009-01-29 19:44 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll
2009-01-29 19:44 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys
2009-01-29 19:44 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys
2009-01-29 19:44 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys
2009-01-29 19:43 . 2001-08-17 12:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys
2009-01-29 19:43 . 2002-08-28 21:59 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
2009-01-29 19:43 . 2001-08-17 22:36 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll
2009-01-29 19:43 . 2001-08-17 22:36 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll
2009-01-29 19:43 . 2001-08-17 22:36 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll
2009-01-29 19:43 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll
2009-01-29 19:43 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys
2009-01-29 19:43 . 2008-04-13 10:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2009-01-29 19:43 . 2008-04-13 10:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2009-01-29 19:43 . 2001-08-17 13:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys
2009-01-29 19:42 . 2001-08-17 14:56 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll
2009-01-29 19:42 . 2001-08-17 22:36 238,592 --a--c--- c:\windows\system32\dllcache\sisgrv.dll
2009-01-29 19:42 . 2001-08-17 14:56 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll
2009-01-29 19:42 . 2001-08-17 14:56 150,144 --a--c--- c:\windows\system32\dllcache\sis6306v.dll
2009-01-29 19:42 . 2001-08-17 12:50 104,064 --a--c--- c:\windows\system32\dllcache\sisgrp.sys
2009-01-29 19:42 . 2001-08-17 12:50 101,760 --a--c--- c:\windows\system32\dllcache\sis300ip.sys
2009-01-29 19:42 . 2001-08-17 12:12 94,698 --a--c--- c:\windows\system32\dllcache\sk98xwin.sys
2009-01-29 19:42 . 2001-08-17 12:50 68,608 --a--c--- c:\windows\system32\dllcache\sis6306p.sys
2009-01-29 19:42 . 2001-08-17 12:50 50,432 --a--c--- c:\windows\system32\dllcache\sisv.sys
2009-01-29 19:42 . 2004-08-03 21:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2009-01-29 19:41 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-01-29 19:41 . 2001-07-21 14:29 161,568 --a--c--- c:\windows\system32\dllcache\sgsmusb.sys
2009-01-29 19:41 . 2001-08-17 12:51 98,080 --a--c--- c:\windows\system32\dllcache\sgiulnt5.sys
2009-01-29 19:41 . 2001-08-17 12:19 36,480 --a--c--- c:\windows\system32\dllcache\sfmanm.sys
2009-01-29 19:41 . 2001-07-21 14:29 18,400 --a--c--- c:\windows\system32\dllcache\sgsmld.sys
2009-01-29 19:41 . 2001-08-17 13:48 17,664 --a--c--- c:\windows\system32\dllcache\sermouse.sys
2009-01-29 19:41 . 2001-08-17 13:53 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-01-29 19:40 . 2001-08-17 13:52 11,648 --a--c--- c:\windows\system32\dllcache\scsiprnt.sys
2009-01-29 19:40 . 2008-04-13 10:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys
2009-01-29 19:40 . 2001-08-17 13:53 6,912 --a--c--- c:\windows\system32\dllcache\seaddsmc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 00:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-29 19:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 05:51 --------- d-----w c:\program files\EPSON
2009-01-26 03:12 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-22 23:21 --------- d-----w c:\program files\LexmarkX73
2009-01-22 22:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 22:30 --------- d-----w c:\program files\ArcSoft
2009-01-15 01:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 01:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-03-30 16:36 47,360 ----a-w c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Application Data\pcouffin.sys
2006-11-12 19:42 147,136 ----a-w c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Application Data\GDIPFONTCACHEV1.DAT
2001-07-27 01:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 21:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-06-21 01:19 40,960 ----a-w c:\program files\ACMonitor_X83.exe
2001-05-09 01:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 23:22 1,437 ----a-w c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"EPSON Stylus Photo R340 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"MSACM.MI-SC4 "= MI-SC4.acm
"VIDC.JPEG "= JpegCode.dll
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
backup=c:\windows\pss\Photo Explosion Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^stephen fischer.YOUR-5OLNB28OAO^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^stephen fischer.YOUR-5OLNB28OAO^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^stephen fischer^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk]
path=c:\documents and settings\stephen fischer\Start Menu\Programs\Startup\Corel Custom Photo Registration.lnk
backup=c:\windows\pss\Corel Custom Photo Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^stephen fischer^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\stephen fischer\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^stephen j fischer^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\stephen j fischer\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop]
wjview [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masifojeju

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2004-03-30 01:28 684032 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 1999-09-02 19:08 9728 c:\program files\Netscape\Communicator\Program\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-02-06 01:06 89024 c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_Program Files_WordPerfe3a]
--a------ 2003-02-13 10:43 57344 c:\program files\WordPerfect Office 11\Programs\CorUpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Custom Photo]
--------- 1999-08-22 16:26 192512 c:\windows\Corel\StpLnch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2005-11-09 16:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
--a------ 2002-07-22 10:44 145920 c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
--a------ 2002-08-05 13:46 122948 c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2003-04-11 12:24 53248 c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-07-13 11:00 28739 c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-07-28 23:27 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-07-28 23:27 131072 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2002-08-23 11:22 481264 c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 15:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-03-29 17:28 6815744 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2005-10-17 16:24 81920 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 15:26 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
--a------ 2003-07-09 08:07 77887 c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-13 08:41 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-05-14 11:47 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSI Loader]
--a------ 2001-07-11 13:00 32768 c:\program files\Common Files\Smith Micro Shared\Fax\SMLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 12:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-12-06 20:31 36975 c:\program files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-05-14 11:47 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-02-27 07:33 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 08:53 12288 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-19 19:34 3084288 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-08-17 22:36 86016 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee Firewall "=3 (0x3)
"McShield "=3 (0x3)
"AvSynMgr "=2 (0x2)
"BITS "=3 (0x3)
"NTService1 "=2 (0x2)
"Dcfssvc "=2 (0x2)
"MaxBackServiceInt "=2 (0x2)
"InCDsrvR "=2 (0x2)
"BMUService "=3 (0x3)
"aawservice "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Program Files\\JavaSoft\\JRE\\1.3.1_04\\bin\\javaw.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
"c:\\download\\cable uncap\\CableUnCap\\Cable\\tftpd\\tftpd32.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=

R0 xwsmovca;xwsmovca;c:\windows\system32\drivers\xwsmovca.sys [2001-08-29 23424]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys [2002-08-05 33280]
R4 A4S2;A4S2;c:\windows\system32\drivers\a4s2.sys [2002-11-17 13344]
R4 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [2001-12-06 25632]
S0 Winpw74;Winpw74;c:\windows\system32\Drivers\Winpw74.sys --> c:\windows\system32\Drivers\Winpw74.sys [?]
S1 DW;DW; [x]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2003-12-01 10368]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-12-08 23296]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2007-12-24 217600]
S3 TDKUSBDR;TDK MOJO USB driver;c:\windows\system32\drivers\tdkusbdr.sys [2004-12-19 16384]
S4 AvSynMgr;AVSync Manager;c:\program files\McAfee\McAfee VirusScan\Avsynmgr.exe [2002-08-05 196625]
S4 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2002-12-03 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa7e238c-f909-11dc-83b1-0040ca2a664d}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
.
- - - - ORPHANS REMOVED - - - -

BHO-{F0B5E3AA-B142-4DF8-94E4-5C811317E875} - c:\windows\system32\comcatk.dll
MSConfigStartUp-MSFox - c:\docume~1\STEPHE~1.YOU\LOCALS~1\Temp\a.exe
MSConfigStartUp-WebScan - c:\program files\Acceleration Software\Anti-Virus\defscangui.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: Download All Files by HiDownload - c:\progra~1\HIDOWN~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\HIDOWN~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 23:05:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:c8,28,51,af,b0,29,a3,98,33,30,a0,96,a1,
65,66,06,e2,63,26,f1,3f,c8,ff,68,d8,c6,63,6f,b8,6b,b0,fa,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:6a,9c,d6,61,af,45,84,18,f3,4b,ab,33,af,
28,88,d5,6a,9c,d6,61,af,45,84,18,97,3d,61,4f,07,a6,9d,f3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,7f,bb,ec,46,2f,
1d,52,6c,ff,7c,85,e0,43,d4,0e,fe,cf,68,7f,af,f6,c5,8c,01,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:86,8c,21,01,be,91,eb,e7,4c,6e,7d,56,50,
68,9e,1d,86,8c,21,01,be,91,eb,e7,63,d1,0e,03,18,5a,c3,6c,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:f5,1d,4d,73,a8,13,5c,05,86,10,6a,8f,c3,
9c,6b,8c,f5,1d,4d,73,a8,13,5c,05,00,d5,f4,e9,a7,97,36,ea,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:b0,18,ed,a7,3f,8d,37,a4,8a,6e,8f,63,85,
6d,ad,57,df,20,58,62,78,6b,cf,c8,ac,72,2b,cb,46,92,d9,0d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:31,77,e1,ba,b1,f8,68,02,ef,f5,da,4e,04,
8b,9d,3e,fb,a7,78,e6,12,2f,9a,ea,21,f1,10,cf,ed,56,31,fb,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:01,3a,48,fc,e8,04,4a,f1,bb,f2,c8,fc,1c,
2f,30,8b,01,3a,48,fc,e8,04,4a,f1,a6,16,1a,1b,21,41,ba,08,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:f6,0f,4e,58,98,5b,89,c9,f1,ea,4c,c5,99,
85,05,29,f6,0f,4e,58,98,5b,89,c9,6f,6f,46,1d,06,af,25,8a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:3d,ce,ea,26,2d,45,aa,78,a9,c8,43,1c,20,
fe,28,d8,3d,ce,ea,26,2d,45,aa,78,21,d7,2a,3b,93,b0,ae,46,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,90,f5,3d,03,e7,
ba,e2,ac,2a,b7,cc,b5,b9,7f,41,e7,88,d9,77,19,a9,34,5d,59,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:fa,ea,66,7f,d4,3b,6b,70,7c,f0,c4,12,69,
a2,90,ad,6c,43,2d,1e,aa,22,2f,9c,6f,29,9b,85,88,49,e5,16,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\eHome\Wireless G EH103\SiSWLSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-01-29 23:13:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-30 08:12:55

Pre-Run: 6,839,357,440 bytes free
Post-Run: 9,516,093,440 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

468 --- E O F --- 2009-01-14 18:04:19

pasterbill · 2009/02/03

mbam log ....

Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 3

1/30/2009 12:14:06 AM
mbam-log-2009-01-30 (00-14-06).txt

Scan type: Quick Scan
Objects scanned: 55141
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

noahdfear · 2009/02/03

Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

c:\windows\system32\drivers\xwsmovca.sys

Thanks!

pasterbill · 2009/02/03

xwsmovca.sys was created near the time of the infection ... it is also resistant to removal ...

noahdfear · 2009/02/03

The file comes up clean in scans, and oddly enough it contains the following information.

0000317E: CompanyName
00003198: Microsoft Corporation
000031CA: FileDescription
000031EC: Crash Dump Disk Driver
00003222: FileVersion
00003244: .2600.5512 (xpsp.080413-2108)
00003286: InternalName
000032A0: diskdump.
000032C2: LegalCopyright
000032E2: Microsoft Corporation. All rights reserved.
00003342: OriginalFilename
00003364: diskdump.

The legit Crash Dump Disk Driver is named diskdump.sys so I suspect it is a renamed patched driver. Please verify that you have the file c:\windows\system32\drivers\diskdump.sys before we go any further.

I would also like to do a rootkit scan. Download GMER Rootkit Scanner from here.

Extract the contents of the zipped file to desktop.

Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [Save..] button, and in the File name area, type in ark.txt

Save it where you can easily find it, such as your desktop then post the contents here.

**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries

pasterbill · 2009/02/03

I just tried a program called icesword ... it seemed to be able to delete the BHO and Browser settings values ... they no longer show in regedit ... I would like to know if you think I should delete xwsmovca.sys

noahdfear · 2009/02/03

I was hoping you would follow my instructions rather than attempt other things. I suspected that the driver was responsible for locking the keys, though there's no way to tell at this point. Please restart and see if the keys return. I have a solution already written up for you, was just awaiting the results of the gmer scan

pasterbill · 2009/02/03

i have the file c:\windows\system32\drivers\diskdump.sys

ark.txt on the way ....

pasterbill · 2009/02/03

sorry about the icesword ... I appreciate your time ... my mistake

for some reason the save button on GMERS disappears after the scan ... but I can tell you what the log file has ....

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IsDrv122.sys
device acpi.sys
... and then reg lines that appear to be the same as those in the "combofix.txt" file under "locked registry keys" ...
for example from above post ... "--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:c8,28,51,af,b0,29,a3,98,33,30,a0,96, a1,
65,66,06,e2,63,26,f1,3f,c8,ff,68,d8,c6,63,6f,b8,6b,b0,fa,e2,63,26,f1,3f,c8, "

pasterbill · 2009/02/03

on restart the registry keys still seem to be deleted

I tried GMERS again and it suddenly restarted my computer while scanning

noahdfear · 2009/02/03

Disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
c:\windows\system32\drivers\xwsmovca.sys
Rootkit::
c:\windows\system32\Drivers\Winpw74.sys
Driver::
xwsmovca
Winpw74
DW
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masifojeju]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "UserFaultCheck "=-
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted. <--------- IMPORTANT!!

pasterbill · 2009/02/03

thanks ....
new log file of combofix.txt .....

ComboFix 09-02-02.04 - step... 2009-02-03 8:37:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.538 [GMT -9:00]
Running from: c:\documents and settings\step....\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\step...\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\xwsmovca.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Application Data\inst.exe
c:\windows\system32\drivers\xwsmovca.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINPW74
-------\Legacy_XWSMOVCA
-------\Service_DW
-------\Service_Winpw74
-------\Service_xwsmovca

((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-02 22:40 . 2009-02-02 23:50 250 --a------ c:\windows\gmer.ini
2009-02-02 16:24 . 2009-02-02 16:24 <DIR> d-------- c:\program files\DVDFab 5
2009-02-01 20:59 . 2009-02-01 20:59 <DIR> d-------- c:\program files\Tracker Software
2009-02-01 20:26 . 2009-02-01 20:26 <DIR> d-------- c:\program files\PDFCreator
2009-01-29 19:56 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-01-29 19:56 . 2004-08-04 10:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-01-29 19:56 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-01-29 19:56 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-29 19:56 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-01-29 19:56 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-01-29 19:55 . 2001-08-17 13:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys
2009-01-29 19:55 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll
2009-01-29 19:55 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2009-01-29 19:54 . 2001-08-17 13:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys
2009-01-29 19:54 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-29 19:54 . 2001-08-17 12:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys
2009-01-29 19:54 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys
2009-01-29 19:54 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys
2009-01-29 19:54 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys
2009-01-29 19:53 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2009-01-29 19:53 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys
2009-01-29 19:53 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys
2009-01-29 19:53 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys
2009-01-29 19:53 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys
2009-01-29 19:53 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys
2009-01-29 19:53 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys
2009-01-29 19:52 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-01-29 19:52 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys
2009-01-29 19:52 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys
2009-01-29 19:52 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll
2009-01-29 19:52 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll
2009-01-29 19:52 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll
2009-01-29 19:52 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll
2009-01-29 19:52 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll
2009-01-29 19:51 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-01-29 19:51 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll
2009-01-29 19:51 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll
2009-01-29 19:51 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys
2009-01-29 19:51 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll
2009-01-29 19:51 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll
2009-01-29 19:51 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys
2009-01-29 19:51 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys
2009-01-29 19:51 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys
2009-01-29 19:50 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll
2009-01-29 19:50 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll
2009-01-29 19:50 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys
2009-01-29 19:50 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys
2009-01-29 19:50 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys
2009-01-29 19:50 . 2008-04-13 16:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2009-01-29 19:50 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll
2009-01-29 19:50 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys
2009-01-29 19:50 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll
2009-01-29 19:50 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys
2009-01-29 19:49 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-01-29 19:49 . 2008-04-13 10:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2009-01-29 19:49 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
2009-01-29 19:49 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
2009-01-29 19:49 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
2009-01-29 19:49 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
2009-01-29 19:49 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys
2009-01-29 19:49 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
2009-01-29 19:49 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
2009-01-29 19:48 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-01-29 19:48 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys
2009-01-29 19:48 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll
2009-01-29 19:48 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys
2009-01-29 19:48 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys
2009-01-29 19:48 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys
2009-01-29 19:48 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys
2009-01-29 19:48 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys
2009-01-29 19:48 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys
2009-01-29 19:48 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys
2009-01-29 19:47 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-01-29 19:47 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll
2009-01-29 19:47 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll
2009-01-29 19:47 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll
2009-01-29 19:47 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
2009-01-29 19:47 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll
2009-01-29 19:47 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys
2009-01-29 19:47 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll
2009-01-29 19:47 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll
2009-01-29 19:46 . 2004-08-04 10:00 143,422 --a--c--- c:\windows\system32\dllcache\softkey.dll
2009-01-29 19:46 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll
2009-01-29 19:46 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
2009-01-29 19:46 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-01-29 19:46 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
2009-01-29 19:46 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
2009-01-29 19:46 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
2009-01-29 19:46 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys
2009-01-29 19:46 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
2009-01-29 19:46 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys
2009-01-29 19:46 . 2008-04-13 10:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2009-01-29 19:45 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys
2009-01-29 19:44 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll
2009-01-29 19:44 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys
2009-01-29 19:44 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys
2009-01-29 19:44 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys
2009-01-29 19:43 . 2001-08-17 12:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys
2009-01-29 19:43 . 2002-08-28 21:59 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
2009-01-29 19:43 . 2001-08-17 22:36 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll
2009-01-29 19:43 . 2001-08-17 22:36 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll
2009-01-29 19:43 . 2001-08-17 22:36 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll
2009-01-29 19:43 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll
2009-01-29 19:43 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys
2009-01-29 19:43 . 2008-04-13 10:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2009-01-29 19:43 . 2008-04-13 10:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2009-01-29 19:43 . 2001-08-17 13:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys
2009-01-29 19:42 . 2001-08-17 14:56 252,032 --a--c--- c:\windows\system32\dllcache\sis300iv.dll
2009-01-29 19:42 . 2001-08-17 22:36 238,592 --a--c--- c:\windows\system32\dllcache\sisgrv.dll
2009-01-29 19:42 . 2001-08-17 14:56 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll
2009-01-29 19:42 . 2001-08-17 14:56 150,144 --a--c--- c:\windows\system32\dllcache\sis6306v.dll
2009-01-29 19:42 . 2001-08-17 12:50 104,064 --a--c--- c:\windows\system32\dllcache\sisgrp.sys
2009-01-29 19:42 . 2001-08-17 12:50 101,760 --a--c--- c:\windows\system32\dllcache\sis300ip.sys
2009-01-29 19:42 . 2001-08-17 12:12 94,698 --a--c--- c:\windows\system32\dllcache\sk98xwin.sys
2009-01-29 19:42 . 2001-08-17 12:50 68,608 --a--c--- c:\windows\system32\dllcache\sis6306p.sys
2009-01-29 19:42 . 2001-08-17 12:50 50,432 --a--c--- c:\windows\system32\dllcache\sisv.sys
2009-01-29 19:42 . 2004-08-03 21:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2009-01-29 19:41 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-01-29 19:41 . 2001-07-21 14:29 161,568 --a--c--- c:\windows\system32\dllcache\sgsmusb.sys
2009-01-29 19:41 . 2001-08-17 12:51 98,080 --a--c--- c:\windows\system32\dllcache\sgiulnt5.sys
2009-01-29 19:41 . 2001-08-17 12:19 36,480 --a--c--- c:\windows\system32\dllcache\sfmanm.sys
2009-01-29 19:41 . 2001-07-21 14:29 18,400 --a--c--- c:\windows\system32\dllcache\sgsmld.sys
2009-01-29 19:41 . 2001-08-17 13:48 17,664 --a--c--- c:\windows\system32\dllcache\sermouse.sys
2009-01-29 19:41 . 2001-08-17 13:53 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-01-29 19:40 . 2001-08-17 13:52 11,648 --a--c--- c:\windows\system32\dllcache\scsiprnt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-03 01:24 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-03 01:24 47,360 ----a-w c:\documents and settings\step.....YOUR-5OLNB28OAO\Application Data\pcouffin.sys
2009-02-03 01:24 --------- d-----w c:\documents and settings\step.....YOUR-5OLNB28OAO\Application Data\Vso
2009-01-31 19:14 --------- d-----w c:\program files\Google
2009-01-31 01:57 --------- d-----w c:\program files\EPSON
2009-01-30 21:46 --------- d-----w c:\program files\McAfee
2009-01-30 21:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 00:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-29 19:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-22 22:30 --------- d-----w c:\program files\ArcSoft
2009-01-15 01:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 01:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2006-11-12 19:42 147,136 ----a-w c:\documents and settings\step......YOUR-5OLNB28OAO\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2009-01-29_23.10.53.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 07:40:50 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 06:13:02 811,008 ----a-r c:\windows\gmer.exe
- 2009-01-30 01:32:02 34,225 ----a-w c:\windows\nsreg.dat
+ 2009-02-02 22:56:02 34,225 ----a-w c:\windows\nsreg.dat
+ 2009-02-03 07:40:50 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2003-06-19 21:05:04 130,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2003-06-19 21:05:04 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2002-04-23 02:54:34 457,600 ----a-w c:\windows\system32\spool\drivers\w32x86\AdobePS5.dll
+ 2002-04-23 02:54:36 135,680 ----a-w c:\windows\system32\spool\drivers\w32x86\AdobePSu.dll
+ 2003-06-19 21:05:04 130,048 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2003-06-19 21:05:04 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\pscript5.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"EPSON Stylus Photo R340 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"MSACM.MI-SC4 "= MI-SC4.acm
"VIDC.JPEG "= JpegCode.dll
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
backup=c:\windows\pss\Photo Explosion Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
backup=c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^step.....YOUR-5OLNB28OAO^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\step.....YOUR-5OLNB28OAO\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step......YOUR-5OLNB28OAO^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step....^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk]
path=c:\documents and settings\stephen fischer\Start Menu\Programs\Startup\Corel Custom Photo Registration.lnk
backup=c:\windows\pss\Corel Custom Photo Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step....^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\step......\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step2.....^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\step2....\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop]
wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2004-03-30 01:28 684032 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 1999-09-02 19:08 9728 c:\program files\Netscape\Communicator\Program\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-02-06 01:06 89024 c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_Program Files_WordPerfe3a]
--a------ 2003-02-13 10:43 57344 c:\program files\WordPerfect Office 11\Programs\CorUpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Custom Photo]
--------- 1999-08-22 16:26 192512 c:\windows\Corel\StpLnch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2005-11-09 16:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2003-04-11 12:24 53248 c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2000-07-13 11:00 28739 c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-07-28 23:27 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-07-28 23:27 131072 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2002-08-23 11:22 481264 c:\program files\Netscape\Netscape 6\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 15:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-03-29 17:28 6815744 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2005-10-17 16:24 81920 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 15:26 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
--a------ 2003-07-09 08:07 77887 c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-13 08:41 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-05-14 11:47 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSI Loader]
--a------ 2001-07-11 13:00 32768 c:\program files\Common Files\Smith Micro Shared\Fax\SMLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 12:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-05-14 11:47 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-02-27 07:33 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 08:53 12288 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-19 19:34 3084288 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-08-17 22:36 86016 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee Firewall "=3 (0x3)
"McShield "=3 (0x3)
"AvSynMgr "=2 (0x2)
"BITS "=3 (0x3)
"NTService1 "=2 (0x2)
"Dcfssvc "=2 (0x2)
"MaxBackServiceInt "=2 (0x2)
"InCDsrvR "=2 (0x2)
"BMUService "=3 (0x3)
"aawservice "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Program Files\\JavaSoft\\JRE\\1.3.1_04\\bin\\javaw.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
"c:\\download\\cable uncap\\CableUnCap\\Cable\\tftpd\\tftpd32.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=

R2 A4S2;A4S2;c:\windows\system32\drivers\a4s2.sys [2002-11-17 13344]
R2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [2001-12-06 25632]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2002-12-03 15104]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2003-12-01 10368]
S3 TDKUSBDR;TDK MOJO USB driver;c:\windows\system32\drivers\tdkusbdr.sys [2004-12-19 16384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - XWSMOVCA

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa7e238c-f909-11dc-83b1-0040ca2a664d}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-McAfee Guardian - c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
MSConfigStartUp-McAfee.InstantUpdate - c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: Download All Files by HiDownload - c:\progra~1\HIDOWN~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\HIDOWN~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 08:49:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2009-02-03 8:57:18 - machine was rebooted [step....]
ComboFix-quarantined-files.txt 2009-02-03 17:56:48
ComboFix2.txt 2009-01-30 08:13:33

Pre-Run: 9,088,892,928 bytes free
Post-Run: 9,219,219,456 bytes free

388 --- E O F --- 2009-01-14 18:04:19

noahdfear · 2009/02/03

Looks good. Recommend you do an online scan to be sure we haven't overlooked anything. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

Did you want to remove the disabled startup items?

pasterbill · 2009/02/04

Thanks again ...

yes I would like to remove the disabled startup items and

the kaspersky log ...

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 04, 2009 19:59:33
Records in database: 1745614
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 121037
Threat name: 13
Infected objects: 13
Suspicious objects: 6
Duration of the scan: 03:36:51

File name / Threat name / Threats count
C:\Documents and Settings\step.....YOUR-5OLNB28OAO\Local Settings\Application Data\Identities\{8E433FBA-6168-4855-B6DC-1671C56F9DE7}\Microsoft\Outlook Express\2006-07 inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\step......YOUR-5OLNB28OAO\Local Settings\Application Data\Identities\{8E433FBA-6168-4855-B6DC-1671C56F9DE7}\Microsoft\Outlook Express\2006-07 inbox.dbx Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Documents and Settings\step.....YOUR-5OLNB28OAO\Local Settings\Application Data\Identities\{8E433FBA-6168-4855-B6DC-1671C56F9DE7}\Microsoft\Outlook Express\2006-07 inbox.dbx Infected: Email-Worm.Win32.Bagle.gen 1
C:\Documents and Settings\step.....YOUR-5OLNB28OAO\Local Settings\Application Data\Identities\{8E433FBA-6168-4855-B6DC-1671C56F9DE7}\Microsoft\Outlook Express\2006-07 inbox.dbx Infected: Trojan.HTML.PCard.l 1
C:\Documents and Settings\step.....YOUR-5OLNB28OAO\Local Settings\Application Data\Identities\{8E433FBA-6168-4855-B6DC-1671C56F9DE7}\Microsoft\Outlook Express\2008 inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\download\hijackthis\hijackthis\backups\backup-20050512-223959-900.dll Infected: not-a-virus:AdWare.Win32.SideStep.c 1
C:\download\hijackthis\hijackthis\backups\backup-20050512-225319-797.dll Infected: not-a-virus:AdWare.Win32.SideStep.c 1
C:\download\hijackthis\hijackthis\backups\backup-20081109-123904-267.dll Infected: Trojan.Win32.BHO.hfc 1
C:\download\hijackthis\hijackthis\backups\backup-20090129-110450-435.dll Infected: Trojan.Win32.BHO.lfk 1
C:\download\hijackthis\hijackthis\backups\backup-20090129-110650-493.dll Infected: Trojan.Win32.BHO.lfk 1
C:\download\swf files\apec webflasher\Download_FlashCatcherSetup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.ai 1
C:\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs Infected: Trojan.JS.Loop 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.602 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_xwsmovca_.sys.zip Infected: Trojan.Win32.BHO.ext 1
C:\WINDOWS\Installer\{9b171cbf-5e0d-4e02-9fbe-2e1fa17871d5}\WinService.**** Infected: Trojan-Downloader.Win32.Agent.lsw 1
C:\WINDOWS\Installer\{e98fabc4-2450-4ea7-9481-2d5d15645d4d}\zip.**** Infected: Trojan-Dropper.Win32.Agent.qfy 1

The selected area was scanned.

noahdfear · 2009/02/10

Please accept my apologies for the long delay.

Delete the following two files. I don't know their exact name due to what appears the forum software has censored.

C:\WINDOWS\Installer\{9b171cbf-5e0d-4e02-9fbe-2e1fa17871d5}\WinService.****
C:\WINDOWS\Installer\{e98fabc4-2450-4ea7-9481-2d5d15645d4d}\zip.****

Now, once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:


File::
C:\download\hijackthis\hijackthis\backups\backup-20050512-223959-900.dll
C:\download\hijackthis\hijackthis\backups\backup-20050512-225319-797.dll
C:\download\hijackthis\hijackthis\backups\backup-20081109-123904-267.dll
C:\download\hijackthis\hijackthis\backups\backup-20090129-110450-435.dll
C:\download\hijackthis\hijackthis\backups\backup-20090129-110650-493.dll
c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup
c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup
c:\windows\pss\Desktop Application Director 9.LNKCommon Startup
c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
c:\windows\pss\KODAK Software Updater.lnkCommon Startup
c:\windows\pss\Microsoft Office.lnkCommon Startup
c:\windows\pss\NaturalColorLoad.lnkCommon Startup
c:\windows\pss\Photo Explosion Calendar Checker.lnkCommon Startup
c:\windows\pss\Wireless Connection Manager.lnkCommon Startup
c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
c:\windows\pss\AutoBackup Launcher.lnkStartup
c:\windows\pss\CorelCENTRAL Alarms.LNKStartup
c:\windows\pss\Desktop Application Director 9.LNKStartup
c:\windows\pss\Corel Custom Photo Registration.lnkStartup
c:\windows\pss\TextBridge Instant Access OCR.lnkStartup
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^step.....YOUR-5OLNB28OAO^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
[-HKLM\~\startupfolder\C:^Documents and Settings^step......YOUR-5OLNB28OAO^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
[-HKLM\~\startupfolder\C:^Documents and Settings^step....^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^step....^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^step2.....^Programs^Startup^AutoBackup Launcher.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_Program Files_WordPerfe3a]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Custom Photo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSI Loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
DirLook::
C:\WINDOWS\Installer\{9b171cbf-5e0d-4e02-9fbe-2e1fa17871d5}
C:\WINDOWS\Installer\{e98fabc4-2450-4ea7-9481-2d5d15645d4d}

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

pasterbill · 2009/02/11

Thanks ... I had already deleted the hjackthis logs ... so I left those lines out ... and did not notice you used a few (docs & settings) user names that I had obscured user names in previous logs ... my bad ... I'll fix those later
thanks ...

combofix log:

ComboFix 09-02-10.02 - ....... 2009-02-10 21:13:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.494 [GMT -9:00]
Running from: c:\documents and settings\step.....\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\step.....\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
c:\windows\pss\AutoBackup Launcher.lnkStartup
c:\windows\pss\Corel Custom Photo Registration.lnkStartup
c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup
c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup
c:\windows\pss\CorelCENTRAL Alarms.LNKStartup
c:\windows\pss\Desktop Application Director 9.LNKCommon Startup
c:\windows\pss\Desktop Application Director 9.LNKStartup
c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
c:\windows\pss\KODAK Software Updater.lnkCommon Startup
c:\windows\pss\Microsoft Office.lnkCommon Startup
c:\windows\pss\NaturalColorLoad.lnkCommon Startup
c:\windows\pss\Photo Explosion Calendar Checker.lnkCommon Startup
c:\windows\pss\TextBridge Instant Access OCR.lnkStartup
c:\windows\pss\Wireless Connection Manager.lnkCommon Startup
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
c:\windows\pss\AutoBackup Launcher.lnkStartup
c:\windows\pss\Corel Custom Photo Registration.lnkStartup
c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup
c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup
c:\windows\pss\CorelCENTRAL Alarms.LNKStartup
c:\windows\pss\Desktop Application Director 9.LNKCommon Startup
c:\windows\pss\Desktop Application Director 9.LNKStartup
c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
c:\windows\pss\KODAK Software Updater.lnkCommon Startup
c:\windows\pss\Microsoft Office.lnkCommon Startup
c:\windows\pss\NaturalColorLoad.lnkCommon Startup
c:\windows\pss\Photo Explosion Calendar Checker.lnkCommon Startup
c:\windows\pss\TextBridge Instant Access OCR.lnkStartup
c:\windows\pss\Wireless Connection Manager.lnkCommon Startup

.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-09 08:49 . 2009-02-09 08:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-09 08:48 . 2009-02-09 08:48 <DIR> d-------- c:\program files\Java
2009-02-06 13:26 . 2009-02-06 17:02 <DIR> d-------- C:\USB
2009-02-06 13:15 . 2009-02-06 13:15 41,672 --a------ c:\windows\system32\ieuinit.PNF
2009-02-06 13:15 . 2009-02-06 13:15 7,588 --a------ c:\windows\system32\$winnt$.PNF
2009-02-06 13:15 . 2009-02-06 13:15 5,860 --a------ c:\windows\system32\mmdriver.PNF
2009-02-06 13:15 . 2009-02-06 13:15 5,208 --a------ c:\windows\system32\pid.PNF
2009-02-06 13:15 . 2009-02-06 13:15 4,432 --a------ c:\windows\system32\INFCACHE.1
2009-02-06 13:15 . 2009-02-06 13:15 4,384 --a------ c:\windows\system32\mapisvc.PNF
2009-02-06 13:15 . 2009-02-06 13:15 4,336 --a------ c:\windows\system32\homepage.PNF
2009-02-06 13:15 . 2009-02-06 13:15 3,632 --a------ c:\windows\system32\$ncsp$.PNF
2009-02-06 12:20 . 2009-02-07 08:40 <DIR> d-------- c:\program files\Citrix
2009-02-05 22:00 . 2009-02-05 22:00 <DIR> d-------- c:\documents and settings\step......YOUR-5OLNB28OAO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-05 21:31 . 2009-02-05 21:31 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-05 21:09 . 2009-02-06 08:08 <DIR> d-------- c:\program files\NOS
2009-02-05 21:09 . 2009-02-06 08:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-04 10:06 . 2009-02-09 08:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-04 09:23 . 2009-02-06 17:07 447 --a------ c:\windows\EPSTPLOG.BAK
2009-02-02 22:40 . 2009-02-02 23:50 250 --a------ c:\windows\gmer.ini
2009-02-02 16:24 . 2009-02-02 16:24 <DIR> d-------- c:\program files\DVDFab 5
2009-02-01 20:59 . 2009-02-01 20:59 <DIR> d-------- c:\program files\Tracker Software
2009-02-01 20:26 . 2009-02-01 20:26 <DIR> d-------- c:\program files\PDFCreator
2009-01-29 19:56 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-01-29 19:56 . 2004-08-04 10:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-01-29 19:56 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-01-29 19:56 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-01-29 19:56 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-01-29 19:56 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-01-29 19:55 . 2001-08-17 13:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys
2009-01-29 19:55 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll
2009-01-29 19:55 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2009-01-29 19:54 . 2001-08-17 13:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys
2009-01-29 19:54 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-29 19:54 . 2001-08-17 12:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys
2009-01-29 19:54 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys
2009-01-29 19:54 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys
2009-01-29 19:54 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys
2009-01-29 19:53 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2009-01-29 19:53 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys
2009-01-29 19:53 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys
2009-01-29 19:53 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys
2009-01-29 19:53 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys
2009-01-29 19:53 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys
2009-01-29 19:53 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys
2009-01-29 19:52 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-01-29 19:52 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys
2009-01-29 19:52 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys
2009-01-29 19:52 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll
2009-01-29 19:52 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll
2009-01-29 19:52 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll
2009-01-29 19:52 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll
2009-01-29 19:52 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll
2009-01-29 19:51 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-01-29 19:51 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll
2009-01-29 19:51 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll
2009-01-29 19:51 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys
2009-01-29 19:51 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll
2009-01-29 19:51 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll
2009-01-29 19:51 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys
2009-01-29 19:51 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys
2009-01-29 19:51 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys
2009-01-29 19:50 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll
2009-01-29 19:50 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll
2009-01-29 19:50 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys
2009-01-29 19:50 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys
2009-01-29 19:50 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys
2009-01-29 19:50 . 2008-04-13 16:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2009-01-29 19:50 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll
2009-01-29 19:50 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys
2009-01-29 19:50 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll
2009-01-29 19:50 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys
2009-01-29 19:49 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2009-01-29 19:49 . 2008-04-13 10:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2009-01-29 19:49 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys
2009-01-29 19:49 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys
2009-01-29 19:49 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll
2009-01-29 19:49 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys
2009-01-29 19:49 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys
2009-01-29 19:49 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys
2009-01-29 19:49 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys
2009-01-29 19:48 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-01-29 19:48 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys
2009-01-29 19:48 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll
2009-01-29 19:48 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys
2009-01-29 19:48 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys
2009-01-29 19:48 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys
2009-01-29 19:48 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys
2009-01-29 19:48 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys
2009-01-29 19:48 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys
2009-01-29 19:48 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys
2009-01-29 19:47 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-01-29 19:47 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll
2009-01-29 19:47 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll
2009-01-29 19:47 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll
2009-01-29 19:47 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys
2009-01-29 19:47 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll
2009-01-29 19:47 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys
2009-01-29 19:47 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll
2009-01-29 19:47 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll
2009-01-29 19:46 . 2004-08-04 10:00 143,422 --a--c--- c:\windows\system32\dllcache\softkey.dll
2009-01-29 19:46 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll
2009-01-29 19:46 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll
2009-01-29 19:46 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-01-29 19:46 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys
2009-01-29 19:46 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys
2009-01-29 19:46 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll
2009-01-29 19:46 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys
2009-01-29 19:46 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys
2009-01-29 19:46 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys
2009-01-29 19:46 . 2008-04-13 10:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2009-01-29 19:45 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys
2009-01-29 19:44 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll
2009-01-29 19:44 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys
2009-01-29 19:44 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys
2009-01-29 19:44 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys
2009-01-29 19:43 . 2001-08-17 12:12 91,294 --a--c--- c:\windows\system32\dllcache\skfpwin.sys
2009-01-29 19:43 . 2002-08-28 21:59 63,547 --a--c--- c:\windows\system32\dllcache\sla30nd5.sys
2009-01-29 19:43 . 2001-08-17 22:36 45,568 --a--c--- c:\windows\system32\dllcache\smb3w.dll
2009-01-29 19:43 . 2001-08-17 22:36 33,792 --a--c--- c:\windows\system32\dllcache\smb0w.dll
2009-01-29 19:43 . 2001-08-17 22:36 28,672 --a--c--- c:\windows\system32\dllcache\sma0w.dll
2009-01-29 19:43 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\sm91w.dll
2009-01-29 19:43 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys
2009-01-29 19:43 . 2008-04-13 10:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2009-01-29 19:43 . 2008-04-13 10:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2009-01-29 19:43 . 2001-08-17 13:57 6,784 --a--c--- c:\windows\system32\dllcache\smbhc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-06 21:26 --------- d-----w c:\program files\EPSON
2009-02-06 21:20 66,360 ----a-w c:\windows\java\g2ax_customer_downloadhelper_win32_x86.exe
2009-02-06 06:29 --------- d-----w c:\program files\Common Files\Adobe
2009-02-03 01:24 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-03 01:24 47,360 ----a-w c:\documents and settings\step.....YOUR-5OLNB28OAO\Application Data\pcouffin.sys
2009-02-03 01:24 --------- d-----w c:\documents and settings\step.....YOUR-5OLNB28OAO\Application Data\Vso
2009-01-31 19:14 --------- d-----w c:\program files\Google
2009-01-30 21:46 --------- d-----w c:\program files\McAfee
2009-01-30 21:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 00:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-29 19:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-22 22:30 --------- d-----w c:\program files\ArcSoft
2009-01-15 01:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 01:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2006-11-12 19:42 147,136 ----a-w c:\documents and settings\step......YOUR-5OLNB28OAO\Application Data\GDIPFONTCACHEV1.DAT
2001-08-17 19:15 271,981 ----a-r c:\windows\inf\ALCXWDM.SYS
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\Installer\{9b171cbf-5e0d-4e02-9fbe-2e1fa17871d5} ----

c:\windows\Installer\{9b171cbf-5e0d-4e02-9fbe-2e1fa17871d5}\

---- Directory of c:\windows\Installer\{e98fabc4-2450-4ea7-9481-2d5d15645d4d} ----

c:\windows\Installer\{e98fabc4-2450-4ea7-9481-2d5d15645d4d}\

((((((((((((((((((((((((((((( snapshot@2009-01-29_23.10.53.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 07:40:50 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 06:13:02 811,008 ----a-r c:\windows\gmer.exe
+ 2007-12-13 00:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2009-01-30 01:32:02 34,225 ----a-w c:\windows\nsreg.dat
+ 2009-02-09 17:55:39 34,225 ----a-w c:\windows\nsreg.dat
- 2008-11-09 22:56:34 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-06 06:10:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-09 22:56:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-06 06:10:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-09 22:56:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-06 06:10:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-03-09 09:00:00 37,192 ----a-w c:\windows\system32\drivers\EPUSBST2.SYS
+ 2009-02-03 07:40:50 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2004-03-09 09:00:00 28,672 ----a-w c:\windows\system32\EPUBLUN2.EXE
- 2004-12-07 04:04:12 49,248 ----a-w c:\windows\system32\java.exe
+ 2009-02-09 17:49:01 144,792 ----a-w c:\windows\system32\java.exe
- 2004-12-07 04:04:20 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-09 17:49:01 144,792 ----a-w c:\windows\system32\javaw.exe
- 2004-12-07 05:31:50 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-09 17:49:01 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2003-06-19 21:05:04 130,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2003-06-19 21:05:04 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2002-04-23 02:54:34 457,600 ----a-w c:\windows\system32\spool\drivers\w32x86\AdobePS5.dll
+ 2002-04-23 02:54:36 135,680 ----a-w c:\windows\system32\spool\drivers\w32x86\AdobePSu.dll
- 2004-04-21 09:00:00 5,729 ----a-w c:\windows\system32\spool\drivers\w32x86\EPUPDATE.DAT
+ 2004-04-21 08:00:00 5,729 ----a-w c:\windows\system32\spool\drivers\w32x86\EPUPDATE.DAT
+ 2003-06-19 21:05:04 130,048 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2003-06-19 21:05:04 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\pscript5.dll
+ 2009-02-10 17:05:50 16,384 ----atw c:\windows\temp\Perflib_Perfdata_630.dat
+ 2006-12-02 07:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 07:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 07:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"EPSON Stylus Photo R340 Series "= "c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-13 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"MSACM.MI-SC4 "= MI-SC4.acm
"VIDC.JPEG "= JpegCode.dll
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^step.....YOUR-5OLNB28OAO^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step.....YOUR-5OLNB28OAO^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=c:\documents and settings\stephen fischer.YOUR-5OLNB28OAO\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step...^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk]
path=c:\documents and settings\stephen fischer\Start Menu\Programs\Startup\Corel Custom Photo Registration.lnk
backup=c:\windows\pss\Corel Custom Photo Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step....^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\stephen fischer\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^step...^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\stephen j fischer\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee Firewall "=3 (0x3)
"McShield "=3 (0x3)
"AvSynMgr "=2 (0x2)
"BITS "=2 (0x2)
"NTService1 "=2 (0x2)
"Dcfssvc "=2 (0x2)
"MaxBackServiceInt "=2 (0x2)
"InCDsrvR "=2 (0x2)
"BMUService "=3 (0x3)
"aawservice "=3 (0x3)
"getPlus(R) Helper "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
"c:\\download\\cable uncap\\CableUnCap\\Cable\\tftpd\\tftpd32.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=

R2 A4S2;A4S2;c:\windows\system32\drivers\a4s2.sys [2002-11-17 13344]
R2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [2001-12-06 25632]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2002-12-03 15104]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [2003-12-01 10368]
S3 TDKUSBDR;TDK MOJO USB driver;c:\windows\system32\drivers\tdkusbdr.sys [2004-12-19 16384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa7e238c-f909-11dc-83b1-0040ca2a664d}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download All Files by HiDownload - c:\progra~1\HIDOWN~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\HIDOWN~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:21:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2009-02-10 21:26:04
ComboFix-quarantined-files.txt 2009-02-11 06:24:46
ComboFix2.txt 2009-02-03 17:57:31
ComboFix3.txt 2009-01-30 08:13:33

Pre-Run: 8,776,044,544 bytes free
Post-Run: 9,104,838,656 bytes free

344 --- E O F --- 2009-01-14 18:04:19

noahdfear · 2009/02/12

You've got some infected emails in the Outlook Express 2006-07 inbox and one in the 2008 inbox, though the online scan did not identify which ones. I'd recommend poking through and removing anything that looks even remotely suspicous, or from unknown sender, etc. Only other thing I could suggest would be trying the Kaspersky Virus Removal Tool. Upon running the tool, you will be prompted to run it in safe mode, which should not be necessary so just click OK. Select Mail Databases from the Automatic Scan tab, then click Scan.
When the scan completes you will be given an option to Neutralize all threats or right click any threat for further options. After use, uninstall the tool and delete the setup file.

The following should finish cleaning up those disabled startup items. Highlight and copy the contents of the code box below.
Code:
@echo off
reg delete  "HKLM\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^stephen fischer.YOUR-5OLNB28OAO^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^stephen fischer.YOUR-5OLNB28OAO^Start Menu^Programs^Startup^Desktop Application Director 9.LNK" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^stephen fischer^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^stephen fischer^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk" /f
reg delete  "HKLM\software\microsoft\shared tools\startupfolder\C:^Documents and Settings^stephen j fischer^Programs^Startup^AutoBackup Launcher.lnk" /f
exit
cls
Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.

You can delete the following two empty remnant folders.

c:\windows\Installer\{9b171cbf-5e0d-4e02-9fbe-2e1fa17871d5}
c:\windows\Installer\{e98fabc4-2450-4ea7-9481-2d5d15645d4d}

Provided things are working normally again and no other malware related problems exist, we can clean up our tools. Let me know.

pasterbill · 2009/02/14

I found and removed the infected emails (by paring thru mail folders until kaspersky identified exact ones)
thanks

Log in or Sign up

Solved problem deleting registry keys

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

pasterbill Inactive Thread Starter

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

Share This Page

Log in or Sign up

Solved problem deleting registry keys

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

pasterbill Inactive Thread Starter

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

noahdfear Inactive

pasterbill Inactive Thread Starter

Share This Page

Useful Searches