1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Hey guys, I'm stumped!

Discussion in 'Malware and Virus Removal Archive' started by antagonist2012, 2008/11/07.

  1. 2008/11/07
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    Hey WindowsBBS, this is my first post, I've been reading for advice on related problems lately and thought someone would be able to help...
    I recently disconnected my firewall and allowed full connectivity of all programs and processes when trying a last-ditch effort to get internet signal through my router (which seems mysterious enough in itself, considering nobody should've been able to guess my WEP encription). I forgot, unfortunately, to resecure my PC when I downloaded some music via torrents, and all the processes have planted their roots in my system.
    I've got malware that currently is playing ads (usually phone company ads, but some others once in a while) every few minutes, sometimes much more rarely, sometimes so frequent I have to turn my speakers off. I mix and produce music as a side-project on this computer, and it is VERY frustrating to have to shut down my mixer and speakers because a crackly sample comes blaring through my studio monitors at an ear-peircingly (not to mention speaker-blowingly) loud volume. I've run a couple scans and detected the typical eight-random-letter named processes ( "mabidwe.exe" is one example). MSConfig confirmed my worries, so I ran MBAM (MalwareBytes' Anti-Malware) and after reboot, ran ComboFix, and also ran a HijackThis report after I'd finished. Unfortunately, it said all the necessary files had been deleted and that my system is clean, but within 20 minutes, I was mixing again and I heard about 8 consecutive mouse-click sounds (the default 'Folder Open' sound on Windows XP) and the vocal ad came on with a very deep voice (just high enough to evade an eviction notice HAH).
    My system runs on Windows XP SP3, AMD Athlon 64 X2 Dual Core Processor 5000+, 2.6GHz, 2GB RAM. Please notify if any other system info is needed,

    My MBAM log is as follows:

    Malwarebytes' Anti-Malware 1.30
    Database version: 1370
    Windows 5.1.2600 Service Pack 3

    11/6/2008 6:01:19 PM
    mbam-log-2008-11-06 (18-01-19).txt

    Scan type: Quick Scan
    Objects scanned: 49444
    Time elapsed: 2 minute(s), 35 second(s)

    Memory Processes Infected: 7
    Memory Modules Infected: 0
    Registry Keys Infected: 29
    Registry Values Infected: 4
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 15

    Memory Processes Infected:
    C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1585ba04-c5a5-4a44-b294-99ab006c6c0b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1585ba04-c5a5-4a44-b294-99ab006c6c0b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd289204-0f23-42e5-b8d8-8ce824e41e21} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dd289204-0f23-42e5-b8d8-8ce824e41e21} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eab15366-0e81-476d-83cc-1052fdf017c8} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\hemrqy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\VMT5A41C\3077ahntdksr[1].dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnioed.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMe371a2fa.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMe371a2fa.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    My ComboFix log is as follows:

    ComboFix 08-11-05.02 - Dan 2008-11-07 2:50:47.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1346 [GMT -8:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Install.txt
    c:\windows\system32\afisicx.exe
    c:\windows\system32\comsa32.sys
    c:\windows\system32\mabidwe.exe
    c:\windows\system32\noytcyr.exe
    c:\windows\system32\roytctm.exe
    c:\windows\system32\soxpeca.exe
    c:\windows\system32\tdydowkc.exe
    c:\windows\system32\tpszxyd.sys
    c:\windows\system32\wsldoekd.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFISICX
    -------\Legacy_MABIDWE
    -------\Legacy_NOYTCYR
    -------\Legacy_ROYTCTM
    -------\Legacy_SOXPECA
    -------\Legacy_TDYDOWKC
    -------\Legacy_WSLDOEKD
    -------\Service_afisicx
    -------\Service_mabidwe
    -------\Service_noytcyr
    -------\Service_roytctm
    -------\Service_soxpeca
    -------\Service_tdydowkc
    -------\Service_wsldoekd


    ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
    .

    2008-11-07 00:33 . 2008-11-07 00:33 61,952 --a------ c:\windows\system32\msnioed.exe
    2008-11-06 20:07 . 2008-11-06 20:07 <DIR> d-------- c:\program files\Belarc
    2008-11-06 20:07 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
    2008-11-06 13:47 . 2008-11-06 17:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Dan\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 13:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iTunes
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iPod
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 17:33 . 2008-11-05 17:33 <DIR> d-------- c:\program files\QuickTime
    2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\Bonjour
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\Dan\Application Data\Ableton
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
    2008-10-28 13:44 . 2007-07-15 14:03 1,060,864 --a------ c:\windows\system32\MFC71.dll
    2008-10-28 13:43 . 2008-10-28 13:43 <DIR> d-------- c:\program files\Ableton
    2008-10-24 11:57 . 2008-10-24 11:57 <DIR> d-------- c:\program files\CME
    2008-10-15 15:00 . 2008-10-15 15:01 <DIR> d-------- c:\program files\Virtual Earth 3D
    2008-10-13 08:14 . 2008-10-25 10:28 <DIR> d-------- c:\program files\MySpace
    2008-10-13 08:14 . 2008-10-13 08:14 <DIR> d-------- c:\documents and settings\Dan\Application Data\MySpace
    2008-10-09 20:12 . 2001-08-17 21:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
    2008-10-09 20:12 . 2001-08-17 21:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
    2008-10-09 20:12 . 2001-08-17 21:36 8,192 --a------ c:\windows\system32\kbdkor.dll
    2008-10-09 20:12 . 2001-08-17 21:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
    2008-10-09 20:12 . 2008-04-13 16:09 6,144 --a------ c:\windows\system32\kbd106.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101c.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101b.dll
    2008-10-09 20:12 . 2008-04-13 16:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
    2008-10-09 20:12 . 2001-08-17 13:55 5,632 --a------ c:\windows\system32\kbd103.dll
    2008-10-09 20:12 . 2001-08-17 13:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-06 02:09 --------- d-----w c:\program files\Apple Software Update
    2008-11-06 01:33 --------- d-----w c:\program files\Common Files\Apple
    2008-11-05 06:38 --------- d-----w c:\documents and settings\Dan\Application Data\uTorrent
    2008-10-31 05:30 --------- d-----w c:\documents and settings\Dan\Application Data\dvdcss
    2008-10-25 17:18 --------- d-----w c:\program files\M-Audio
    2008-10-10 17:34 --------- d-----w c:\program files\Propellerhead
    2008-10-10 17:34 --------- d-----w c:\documents and settings\Dan\Application Data\Propellerhead Software
    2008-10-10 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
    2008-10-01 21:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2008-09-30 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2008-09-30 01:51 --------- d-----w c:\program files\uTorrent
    2008-09-29 04:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-09-23 07:17 --------- d-----w c:\documents and settings\Dan\Application Data\Sony
    2008-09-23 06:36 --------- d-----w c:\program files\PowerISO
    2008-09-16 04:53 --------- d-----w c:\documents and settings\Dan\Application Data\Publish Providers
    2008-09-16 04:42 --------- d-----w c:\program files\Vstplugins
    2008-09-16 04:42 --------- d-----w c:\program files\Sony
    2008-09-16 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
    2008-09-16 04:41 --------- d-----w c:\program files\Sony Setup
    2008-09-16 01:49 --------- d-----w c:\program files\TechSmith
    2008-09-16 01:49 --------- d-----w c:\program files\Common Files\TechSmith Shared
    2008-09-16 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
    2008-09-07 18:17 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-08-29 18:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-08-29 17:53 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-05-29 04:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-06_18.14.35.10 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-29 05:31:33 64,088 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-11-07 02:38:45 66,936 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2008-05-29 05:31:33 223,800 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-11-07 02:38:40 226,656 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2003-07-15 05:43:20 87,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
    + 2003-07-15 05:57:34 38,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
    + 2003-07-15 05:53:06 94,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
    + 2003-07-15 10:14:28 350,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
    + 2003-07-15 10:18:12 47,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
    + 2003-07-26 01:57:20 75,832 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
    + 2003-07-15 05:56:54 14,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
    + 2003-07-15 05:57:14 98,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
    + 2003-07-31 22:19:52 131,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
    + 2003-08-13 09:34:38 10,073,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
    + 2003-07-15 05:41:44 13,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
    + 2003-08-03 17:56:16 1,146,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
    + 2003-07-24 06:01:40 1,949,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
    + 2003-07-15 06:36:14 186,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
    + 2003-07-15 05:40:12 179,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
    + 2003-07-15 05:40:12 165,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
    + 2003-07-26 02:00:16 1,157,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
    + 2003-07-26 02:14:50 799,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
    + 2003-07-15 06:11:42 2,139,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
    + 2003-07-15 05:57:44 87,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
    + 2003-07-15 05:53:50 161,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
    + 2003-07-24 05:32:32 121,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
    + 2003-06-19 00:31:44 758,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
    + 2003-06-19 00:31:10 252,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
    + 2003-06-19 00:31:48 17,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
    + 2003-06-19 00:31:48 18,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
    + 2003-06-19 00:31:46 35,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
    + 2003-06-19 00:31:34 443,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
    + 2003-07-15 05:46:08 176,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
    + 2003-07-15 05:58:04 230,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
    + 2003-07-15 05:51:50 116,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
    + 2002-12-18 02:08:50 359,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
    + 2002-12-18 02:08:54 1,383,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
    + 2003-07-15 05:51:44 87,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
    + 2002-04-10 03:14:36 187,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
    + 2003-07-15 05:52:52 17,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
    + 2003-08-08 07:23:16 12,172,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
    + 2003-07-15 05:57:16 120,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
    + 2003-07-15 10:14:18 106,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
    + 2003-07-24 05:35:26 127,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
    + 2003-07-15 05:52:52 27,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
    + 2003-07-15 05:44:06 25,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
    + 2003-07-15 05:52:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
    + 2002-12-18 02:09:24 2,071,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
    + 2003-07-15 10:18:52 376,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
    + 2003-07-15 05:52:54 28,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
    + 2003-07-15 05:52:52 35,896 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
    + 2003-07-15 05:53:20 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
    + 2003-07-15 05:46:16 42,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
    + 2003-07-15 05:45:12 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
    + 2003-07-15 05:45:12 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
    + 2003-06-19 00:31:24 1,033,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
    + 2003-06-19 00:31:50 16,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
    + 2003-07-28 19:24:40 5,677,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
    + 2003-06-19 23:05:50 364,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
    + 2003-07-15 05:52:58 41,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
    + 2003-07-15 06:02:14 627,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
    + 2003-07-15 05:56:24 124,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
    + 2003-07-24 05:40:00 482,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
    + 2003-07-15 06:00:54 145,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
    + 2003-07-15 05:57:10 56,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
    + 2003-07-15 05:56:52 13,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
    + 2008-05-29 05:31:33 223,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
    + 2003-07-15 10:14:26 283,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
    + 2003-07-15 10:14:26 828,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
    + 2003-07-15 10:14:26 27,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
    + 2003-07-15 10:14:26 242,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
    + 2003-07-15 06:05:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
    + 2003-07-15 05:41:56 24,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
    + 2003-07-15 05:44:34 102,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
    + 2003-08-10 06:06:42 7,522,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
    + 2003-07-15 05:44:32 88,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
    + 2003-07-15 05:45:18 196,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
    + 2003-07-15 05:43:48 139,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
    + 2003-07-15 05:43:18 64,056 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
    + 2003-07-15 05:43:16 49,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
    + 2003-08-04 20:19:34 7,330,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
    + 2003-08-01 22:09:04 8,086,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
    + 2003-07-30 19:40:40 6,133,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
    + 2003-07-15 10:18:54 430,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
    + 2003-07-15 10:18:44 93,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
    + 2003-07-31 22:21:08 1,782,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
    + 2003-07-15 05:40:26 130,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
    + 2003-07-15 05:51:12 604,728 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
    + 2003-07-15 05:50:26 551,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
    + 2003-07-15 05:40:16 51,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
    + 2003-07-15 05:42:26 37,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
    + 2003-05-09 04:54:00 77,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
    + 2003-07-15 05:57:08 40,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
    + 2003-07-15 05:43:30 74,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
    + 2003-07-21 18:46:38 390,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
    + 2003-07-15 05:44:16 66,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
    + 2003-07-15 05:57:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
    + 2003-07-15 05:53:14 11,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
    + 2003-08-03 17:52:32 2,808,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
    + 2003-07-15 06:00:22 99,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
    + 2003-07-03 22:19:36 2,502,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
    + 2008-05-29 05:31:33 64,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
    + 2003-08-06 20:24:20 12,037,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
    - 2008-07-13 18:52:19 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-11-07 02:39:14 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-07-13 18:52:19 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-11-07 02:39:14 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-07-13 18:52:19 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-11-07 02:39:14 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-07-13 18:52:19 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-11-07 02:39:14 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-07-13 18:52:19 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-11-07 02:39:14 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-07-13 18:52:19 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-11-07 02:39:14 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-07-13 18:52:19 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-11-07 02:39:14 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-07-13 18:52:19 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-11-07 02:39:14 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-07-13 18:52:19 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-11-07 02:39:14 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-07-13 18:52:19 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-11-07 02:39:14 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-07-13 18:52:19 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-11-07 02:39:14 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-07-13 18:52:19 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-11-07 02:39:14 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-07-13 18:52:19 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-11-07 02:39:14 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2008-11-07 02:12:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-11-07 10:53:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-11-07 02:12:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-11-07 10:53:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-11-07 02:23:51 61,952 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\msusp[1].bin
    + 2008-11-07 08:33:52 61,952 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\msusp[1].bin
    - 2008-11-07 02:12:37 180,224 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-07 10:53:45 262,144 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2003-08-03 17:56:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL
    + 2007-06-06 18:53:34 1,195,888 ----a-w c:\windows\system32\FM20.DLL
    - 2003-07-15 05:57:04 32,584 ----a-w c:\windows\system32\FM20ENU.DLL
    + 2007-03-23 03:17:04 35,440 ----a-w c:\windows\system32\FM20ENU.DLL
    - 2008-07-23 16:47:35 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2008-11-07 10:53:25 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
    - 2003-06-19 00:31:48 17,920 ----a-w c:\windows\system32\mdimon.dll
    + 2007-04-09 21:23:54 28,040 ----a-w c:\windows\system32\mdimon.dll
    - 2008-11-06 06:39:06 64,402 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-07 10:49:02 64,402 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-06 06:39:06 406,584 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-07 10:49:02 406,584 ----a-w c:\windows\system32\perfh009.dat
    - 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
    + 2007-04-09 21:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
    - 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
    + 2007-04-09 21:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
    - 2003-06-19 00:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
    + 2007-04-09 21:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
    - 2003-06-19 00:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
    + 2007-04-09 21:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
    - 2003-06-19 00:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    + 2007-04-09 21:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-07 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-04-09 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]
    "nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix "= "shell32" [X]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-09-07 10:17 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1 "= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wsldoekd "=2 (0x2)
    "tdydowkc "=2 (0x2)
    "soxpeca "=2 (0x2)
    "roytctm "=2 (0x2)
    "noytcyr "=2 (0x2)
    "mabidwe "=2 (0x2)
    "afisicx "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

    S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2005-10-19 22432]
    S3 EVOLUSB;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\evolusb.sys [ ]
    S3 MA_CMIDI;M-Audio USB Driver;c:\windows\system32\drivers\ma_cmidi.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bd15b4-2d45-11dd-8870-806d6172696f}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\izg8ra5h.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-07 02:53:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-07 2:55:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-07 10:55:51
    ComboFix2.txt 2008-11-07 02:14:52

    Pre-Run: 360,718,249,984 bytes free
    Post-Run: 360,677,703,680 bytes free

    365 --- E O F --- 2008-11-07 02:39:31

    Finally, my HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:26:10 PM, on 11/6/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20815)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msnioed.exe
    C:\WINDOWS\system32\tpszxyd.sys
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\noytcyr.exe
    C:\WINDOWS\system32\wsldoekd.exe
    C:\WINDOWS\system32\afisicx.exe
    C:\WINDOWS\system32\roytctm.exe
    C:\WINDOWS\system32\tdydowkc.exe
    C:\WINDOWS\system32\mabidwe.exe
    C:\WINDOWS\system32\soxpeca.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\udxfytw.sys
    C:\Documents and Settings\Dan\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1212034108265
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212034104062
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://shawsecure.ca/ols/fscax.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
    O23 - Service: Windows File Manager Services (mscbcosd) - Unknown owner - C:\WINDOWS\system32\mscbco.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
    O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
    O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
    O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

    --
    End of file - 7167 bytes

    I’m confident someone will be of some help, it just seems like I took the correct steps, but it’s also been a while since I’ve battled malware, so maybe I’ve missed some key steps on the way. Thanks in advance!
     
  2. 2008/11/07
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    I'll leave it to the professionals to look at your logs but I must point out WEP is easily cracked with no need for guessing. If your router and wireless devices support it use WPA.
     

  3. to hide this advert.

  4. 2008/11/07
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    Well thanks for the tip, do you know if there's also a way to stop the router from connecting wirelessly altogether? (at the time being, all 4 of my wireless devices are close enough to be wired, yet I don't want to go out and buy Ethernet cables and still have a leeched signal...for now I'm just using a cable modem with my studio computer, rendering my 2 other computers and PS3 useless for online features.)
    Thanks again!
     
  5. 2008/11/07
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    It would help if I knew what router you have. ;) Most (if not all) will allow wireless to be turned off.

    As this is a completely independant issue to your still ongoing malware query you may wish to post in the networking forum regarding this.
     
  6. 2008/11/07
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    Hey wildfire, my apologies for the double-topic post. I didn't intend to search for help on the router, right now I'm solely trying to get my workstation computer running smoothly again. I was indicating my problems with the router to explain how my computer's security was compromised leading to this infection.

    Needless to say, the help is never unappreciated, and I'm glad to get a response at all. I'm not going to start a thread in networking quite yet, as my router is not priority for me right now, but if you'd feel like doing an extra deed today and sending me a PM with your thoughts on the issue, that'd be great. The router is by D-Link and the model number is WBR-1310, if that helps.

    Sorry about that, lets keep this thread to fixing those nasty background samples I'm still running in circles to catch.
     
  7. 2008/11/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    It's best to keep help topics in the open forum as opposed to PM, so that others might benefit and/or add their thoughts as well. ;)

    Hi antagonist2012! Sorry for the delay ..... let's see what we can do to get you cleaned up! I agree that you should hold off doing anything with the router just yet. ;)

    Please run ComboFix again, allowing it to update when prompted. Post the new log here for review.
     
  8. 2008/11/07
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    sounds good, sorry I'm new to forums again haven't posted on any for years, so I'm glad to oblige to any forum etiquette.
    My new ComboFix log is as follows.

    ComboFix 08-11-07.01 - Dan 2008-11-07 21:12:48.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1452 [GMT -8:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Install.txt
    c:\windows\system32\afisicx.exe
    c:\windows\system32\comsa32.sys
    c:\windows\system32\mabidwe.exe
    c:\windows\system32\noytcyr.exe
    c:\windows\system32\roytctm.exe
    c:\windows\system32\soxpeca.exe
    c:\windows\system32\tdydowkc.exe
    c:\windows\system32\tpszxyd.sys
    c:\windows\system32\wsldoekd.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFISICX
    -------\Legacy_MABIDWE
    -------\Legacy_NOYTCYR
    -------\Legacy_ROYTCTM
    -------\Legacy_SOXPECA
    -------\Legacy_TDYDOWKC
    -------\Legacy_WSLDOEKD
    -------\Service_afisicx
    -------\Service_mabidwe
    -------\Service_noytcyr
    -------\Service_roytctm
    -------\Service_soxpeca
    -------\Service_tdydowkc
    -------\Service_wsldoekd


    ((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
    .

    2008-11-07 09:15 . 2008-11-07 15:25 61,952 --a------ c:\windows\system32\msnioed.exe
    2008-11-06 20:07 . 2008-11-06 20:07 <DIR> d-------- c:\program files\Belarc
    2008-11-06 20:07 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
    2008-11-06 13:47 . 2008-11-06 17:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Dan\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 13:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iTunes
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iPod
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 17:33 . 2008-11-05 17:33 <DIR> d-------- c:\program files\QuickTime
    2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\Bonjour
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\Dan\Application Data\Ableton
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
    2008-10-28 13:44 . 2007-07-15 14:03 1,060,864 --a------ c:\windows\system32\MFC71.dll
    2008-10-28 13:43 . 2008-10-28 13:43 <DIR> d-------- c:\program files\Ableton
    2008-10-24 11:57 . 2008-10-24 11:57 <DIR> d-------- c:\program files\CME
    2008-10-15 15:00 . 2008-10-15 15:01 <DIR> d-------- c:\program files\Virtual Earth 3D
    2008-10-13 08:14 . 2008-10-25 10:28 <DIR> d-------- c:\program files\MySpace
    2008-10-13 08:14 . 2008-10-13 08:14 <DIR> d-------- c:\documents and settings\Dan\Application Data\MySpace
    2008-10-09 20:12 . 2001-08-17 21:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
    2008-10-09 20:12 . 2001-08-17 21:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
    2008-10-09 20:12 . 2001-08-17 21:36 8,192 --a------ c:\windows\system32\kbdkor.dll
    2008-10-09 20:12 . 2001-08-17 21:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
    2008-10-09 20:12 . 2008-04-13 16:09 6,144 --a------ c:\windows\system32\kbd106.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101c.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a------ c:\windows\system32\kbd101b.dll
    2008-10-09 20:12 . 2008-04-13 16:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
    2008-10-09 20:12 . 2001-08-17 13:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
    2008-10-09 20:12 . 2001-08-17 13:55 5,632 --a------ c:\windows\system32\kbd103.dll
    2008-10-09 20:12 . 2001-08-17 13:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-06 02:09 --------- d-----w c:\program files\Apple Software Update
    2008-11-06 01:33 --------- d-----w c:\program files\Common Files\Apple
    2008-11-05 06:38 --------- d-----w c:\documents and settings\Dan\Application Data\uTorrent
    2008-10-31 05:30 --------- d-----w c:\documents and settings\Dan\Application Data\dvdcss
    2008-10-25 17:18 --------- d-----w c:\program files\M-Audio
    2008-10-10 17:34 --------- d-----w c:\program files\Propellerhead
    2008-10-10 17:34 --------- d-----w c:\documents and settings\Dan\Application Data\Propellerhead Software
    2008-10-10 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
    2008-10-01 21:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2008-09-30 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2008-09-30 01:51 --------- d-----w c:\program files\uTorrent
    2008-09-29 04:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-09-23 07:17 --------- d-----w c:\documents and settings\Dan\Application Data\Sony
    2008-09-23 06:36 --------- d-----w c:\program files\PowerISO
    2008-09-16 04:53 --------- d-----w c:\documents and settings\Dan\Application Data\Publish Providers
    2008-09-16 04:42 --------- d-----w c:\program files\Vstplugins
    2008-09-16 04:42 --------- d-----w c:\program files\Sony
    2008-09-16 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
    2008-09-16 04:41 --------- d-----w c:\program files\Sony Setup
    2008-09-16 01:49 --------- d-----w c:\program files\TechSmith
    2008-09-16 01:49 --------- d-----w c:\program files\Common Files\TechSmith Shared
    2008-09-16 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
    2008-08-29 18:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-08-29 17:53 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-05-29 04:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-07_ 2.55.37.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-07 10:53:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-11-08 05:15:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-11-07 10:53:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-11-08 05:15:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-11-07 17:15:07 61,952 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\msusp[1].bin
    + 2008-11-07 11:06:02 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\ro[1].bin
    + 2008-11-07 11:05:07 274,944 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\w[1].bin
    - 2008-11-07 02:23:51 61,952 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\msusp[1].bin
    + 2008-11-07 11:05:06 61,952 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\msusp[1].bin
    + 2008-11-07 11:06:02 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\td[1].bin
    + 2008-11-07 11:06:01 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ws[1].bin
    + 2008-11-07 11:06:01 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\af[1].bin
    + 2008-11-07 11:06:03 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\ma[1].bin
    + 2008-11-07 11:06:00 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\no[1].bin
    - 2008-11-07 10:53:45 262,144 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-08 05:15:47 344,064 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-07 11:06:03 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\so[1].bin
    + 2008-11-08 05:15:50 1,821 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\wpad[1].dat
    - 2008-11-07 10:49:02 64,402 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-07 10:57:46 64,402 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-07 10:49:02 406,584 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-07 10:57:46 406,584 ----a-w c:\windows\system32\perfh009.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-07 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-04-09 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]
    "nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix "= "shell32" [X]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-09-07 10:17 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1 "= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wsldoekd "=2 (0x2)
    "tdydowkc "=2 (0x2)
    "soxpeca "=2 (0x2)
    "roytctm "=2 (0x2)
    "noytcyr "=2 (0x2)
    "mabidwe "=2 (0x2)
    "afisicx "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

    S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2005-10-19 22432]
    S3 EVOLUSB;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\evolusb.sys [ ]
    S3 MA_CMIDI;M-Audio USB Driver;c:\windows\system32\drivers\ma_cmidi.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bd15b4-2d45-11dd-8870-806d6172696f}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\izg8ra5h.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-07 21:16:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-07 21:19:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-08 05:19:03
    ComboFix2.txt 2008-11-07 10:55:54
    ComboFix3.txt 2008-11-07 02:14:52

    Pre-Run: 360,702,095,360 bytes free
    Post-Run: 360,641,540,096 bytes free

    229 --- E O F --- 2008-11-07 02:39:31
     
  9. 2008/11/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    KillAll::
    Extra::
    File::
    c:\windows\system32\msnioed.exe
    Registry::
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
     "ShowDeskFix "=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
     "wsldoekd "=-
     "tdydowkc "=-
     "soxpeca "=-
     "roytctm "=-
     "noytcyr "=-
     "mabidwe "=-
     "afisicx "=-
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
  10. 2008/11/14
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    sorry for the delay, there! I wasn't sure what you meant by 'once again, disable any realtime protection applications', as you didn't ask me to before. I don't even think any of my anti-malware programs have realtime protection, anything free you'd suggest? I had AVG, but it found next to nothing in terms of real threats, I've been using MBAM and SuperAntiSpyware and that's been working better, but should I be using both? or looking for a different app?
    Either way, ran the CFScript.txt within ComboFix, and this was my log:

    ComboFix 08-11-12.02 - Dan 2008-11-14 3:16:57.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1610 [GMT -8:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\windows\system32\msnioed.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Install.txt
    c:\windows\system32\comsa32.sys
    c:\windows\system32\msnioed.exe
    c:\windows\system32\tpszxyd.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFISICX
    -------\Legacy_MABIDWE
    -------\Legacy_NOYTCYR
    -------\Legacy_ROYTCTM
    -------\Legacy_SOXPECA
    -------\Legacy_TDYDOWKC
    -------\Legacy_WSLDOEKD
    -------\Service_afisicx
    -------\Service_mabidwe
    -------\Service_noytcyr
    -------\Service_roytctm
    -------\Service_soxpeca
    -------\Service_tdydowkc
    -------\Service_wsldoekd


    ((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
    .

    2008-11-06 20:18 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-11-06 20:18 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-11-06 20:18 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-11-06 20:18 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-11-06 20:18 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
    2008-11-06 20:18 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2008-11-06 20:18 . 2008-07-07 12:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
    2008-11-06 20:18 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
    2008-11-06 20:18 . 2008-06-24 08:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
    2008-11-06 20:17 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
    2008-11-06 20:17 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2008-11-06 20:17 . 2008-05-01 06:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
    2008-11-06 20:07 . 2008-11-06 20:07 <DIR> d-------- c:\program files\Belarc
    2008-11-06 20:07 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
    2008-11-06 13:47 . 2008-11-06 17:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Dan\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 13:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iTunes
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iPod
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 17:33 . 2008-11-05 17:33 <DIR> d-------- c:\program files\QuickTime
    2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\Bonjour
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\Dan\Application Data\Ableton
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
    2008-10-28 13:44 . 2007-07-15 14:03 1,060,864 --a------ c:\windows\system32\MFC71.dll
    2008-10-28 13:43 . 2008-10-28 13:43 <DIR> d-------- c:\program files\Ableton
    2008-10-24 11:57 . 2008-10-24 11:57 <DIR> d-------- c:\program files\CME
    2008-10-15 15:00 . 2008-10-15 15:01 <DIR> d-------- c:\program files\Virtual Earth 3D

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-06 02:09 --------- d-----w c:\program files\Apple Software Update
    2008-11-06 01:33 --------- d-----w c:\program files\Common Files\Apple
    2008-11-05 06:38 --------- d-----w c:\documents and settings\Dan\Application Data\uTorrent
    2008-10-31 05:30 --------- d-----w c:\documents and settings\Dan\Application Data\dvdcss
    2008-10-25 18:28 --------- d-----w c:\program files\MySpace
    2008-10-25 17:18 --------- d-----w c:\program files\M-Audio
    2008-10-13 16:14 --------- d-----w c:\documents and settings\Dan\Application Data\MySpace
    2008-10-10 17:34 --------- d-----w c:\program files\Propellerhead
    2008-10-10 17:34 --------- d-----w c:\documents and settings\Dan\Application Data\Propellerhead Software
    2008-10-10 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
    2008-10-01 21:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2008-09-30 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2008-09-30 01:51 --------- d-----w c:\program files\uTorrent
    2008-09-29 04:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-09-23 07:17 --------- d-----w c:\documents and settings\Dan\Application Data\Sony
    2008-09-23 06:36 --------- d-----w c:\program files\PowerISO
    2008-09-16 04:53 --------- d-----w c:\documents and settings\Dan\Application Data\Publish Providers
    2008-09-16 04:42 --------- d-----w c:\program files\Vstplugins
    2008-09-16 04:42 --------- d-----w c:\program files\Sony
    2008-09-16 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
    2008-09-16 04:41 --------- d-----w c:\program files\Sony Setup
    2008-09-16 01:49 --------- d-----w c:\program files\TechSmith
    2008-09-16 01:49 --------- d-----w c:\program files\Common Files\TechSmith Shared
    2008-09-16 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
    2008-05-29 04:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-07_21.18.49.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-04-23 03:35:35 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
    + 2008-04-23 03:35:35 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
    + 2008-04-23 03:35:35 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
    + 2008-04-23 03:35:35 132,608 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
    + 2008-04-23 03:35:35 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
    + 2008-04-22 08:02:19 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
    + 2008-04-23 03:35:35 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
    + 2008-04-23 03:35:35 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
    + 2008-04-20 05:07:38 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
    + 2008-04-23 03:35:35 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
    + 2008-04-23 03:35:35 388,608 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
    + 2008-04-23 03:35:36 6,068,224 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
    + 2008-04-23 03:35:36 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
    + 2008-04-23 03:35:36 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
    + 2008-04-22 08:02:19 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
    + 2008-04-22 08:02:46 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
    + 2008-04-23 03:35:36 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
    + 2008-04-23 03:35:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
    + 2008-04-23 03:35:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
    + 2008-04-23 03:35:36 3,593,728 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    + 2008-04-23 03:35:36 478,208 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
    + 2008-04-23 03:35:36 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
    + 2008-04-23 03:35:36 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
    + 2008-04-23 03:35:36 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
    + 2008-04-23 03:35:36 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
    + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
    + 2008-04-23 03:35:36 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
    + 2008-04-23 03:35:36 1,162,752 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
    + 2008-04-23 03:35:36 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
    + 2008-04-23 03:35:36 827,392 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
    + 2007-03-23 03:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
    + 2007-03-23 03:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
    + 2007-04-19 21:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
    + 2007-05-31 21:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
    + 2007-04-19 22:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
    + 2007-04-19 21:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
    + 2007-04-19 21:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
    + 2007-06-19 01:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
    + 2007-05-10 21:35:04 6,747,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
    + 2007-05-31 21:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
    + 2007-04-19 21:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
    + 2007-05-31 21:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
    + 2007-04-19 21:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
    + 2007-04-19 21:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
    + 2007-05-31 21:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    + 2007-05-31 21:35:46 133,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
    + 2007-05-31 21:36:08 612,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
    + 2007-05-10 21:34:48 562,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
    + 2007-03-23 03:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
    + 2007-03-23 03:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
    + 2007-03-23 03:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
    + 2007-05-10 01:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
    + 2007-05-31 21:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
    - 2008-11-07 02:39:14 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-11-14 11:03:33 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-11-07 02:39:14 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-11-14 11:03:33 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-11-07 02:39:14 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-11-14 11:03:33 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-11-07 02:39:14 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-11-14 11:03:33 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-11-07 02:39:14 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-11-14 11:03:33 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-11-07 02:39:14 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-11-14 11:03:33 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-11-07 02:39:14 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-11-14 11:03:33 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-11-07 02:39:14 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-11-14 11:03:33 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-11-07 02:39:14 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-11-14 11:03:33 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-11-07 02:39:14 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-11-14 11:03:33 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-11-07 02:39:14 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-11-14 11:03:33 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-11-07 02:39:14 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-11-14 11:03:33 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-11-07 02:39:14 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-11-14 11:03:33 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2008-04-23 03:35:35 124,928 ----a-w c:\windows\system32\advpack.dll
    + 2008-08-26 09:08:35 124,928 ----a-w c:\windows\system32\advpack.dll
    - 2008-11-08 05:15:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-11-09 16:55:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-11-08 05:15:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-11-09 16:55:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-11-08 05:27:48 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\af[1].bin
    + 2008-11-08 05:27:50 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ro[1].bin
    + 2008-11-08 05:27:54 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\ma[2].bin
    + 2008-11-08 05:27:46 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\no[2].bin
    + 2008-11-08 05:27:52 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\td[1].bin
    + 2008-11-08 05:26:52 274,944 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\w[1].bin
    - 2008-11-08 05:15:47 344,064 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-09 16:55:59 344,064 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-08 05:27:55 46,592 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\so[2].bin
    + 2008-11-08 05:27:47 45,568 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\ws[1].bin
    - 2008-04-23 03:35:35 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
    + 2008-08-26 09:08:35 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
    - 2008-04-23 03:35:35 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-08-26 09:08:36 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
    - 2008-04-23 03:35:35 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
    + 2008-08-26 09:08:36 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
    - 2008-04-23 03:35:35 132,608 -c--a-w c:\windows\system32\dllcache\extmgr.dll
    + 2008-08-26 09:08:36 132,608 -c--a-w c:\windows\system32\dllcache\extmgr.dll
    - 2008-04-23 03:35:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
    + 2008-08-26 09:08:36 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
    - 2008-04-22 08:02:19 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-08-25 08:43:21 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
    - 2008-04-23 03:35:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
    + 2008-08-26 09:08:36 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
    - 2008-04-23 03:35:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
    + 2008-08-26 09:08:36 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
    - 2008-04-20 05:07:38 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
    + 2008-08-23 05:54:50 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
    - 2008-04-23 03:35:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
    + 2008-08-26 09:08:36 380,928 -c----w c:\windows\system32\dllcache\ieapfltr.dll
    - 2008-04-23 03:35:35 388,608 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-08-26 09:08:37 388,608 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-04-23 03:35:36 6,068,224 -c----w c:\windows\system32\dllcache\ieframe.dll
    + 2008-10-03 17:26:50 6,068,224 -c----w c:\windows\system32\dllcache\ieframe.dll
    - 2008-04-23 03:35:36 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
    + 2008-08-26 09:08:39 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
    - 2008-04-23 03:35:36 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
    + 2008-08-26 09:08:39 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
    - 2008-04-22 08:02:19 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
    + 2008-08-25 08:43:21 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
    - 2008-04-22 08:02:46 625,664 -c--a-w c:\windows\system32\dllcache\iexplore.exe
    + 2008-08-23 05:56:16 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
    - 2008-04-23 03:35:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
    + 2008-08-26 09:08:40 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
    - 2008-04-23 03:35:36 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
    + 2008-08-26 09:08:40 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
    - 2008-04-23 03:35:36 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-08-26 09:08:40 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-04-23 03:35:36 3,593,728 -c--a-w c:\windows\system32\dllcache\mshtml.dll
    + 2008-08-26 09:08:43 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
    - 2008-04-23 03:35:36 478,208 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
    + 2008-08-26 09:08:43 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
    - 2008-04-23 03:35:36 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
    + 2008-08-26 09:08:44 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
    - 2008-04-23 03:35:36 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
    + 2008-08-26 09:08:44 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
    - 2008-04-23 03:35:36 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
    + 2008-08-26 09:08:44 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
    - 2008-04-23 03:35:36 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
    + 2008-08-26 09:08:44 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
    - 2008-04-23 03:35:36 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
    + 2008-08-26 09:08:44 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
    - 2008-04-23 03:35:36 1,162,752 -c--a-w c:\windows\system32\dllcache\urlmon.dll
    + 2008-08-26 09:08:45 1,162,752 -c--a-w c:\windows\system32\dllcache\urlmon.dll
    - 2008-04-23 03:35:36 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
    + 2008-08-26 09:08:45 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
    - 2008-04-23 03:35:36 827,392 -c--a-w c:\windows\system32\dllcache\wininet.dll
    + 2008-08-26 09:08:45 827,904 -c--a-w c:\windows\system32\dllcache\wininet.dll
    - 2008-04-13 19:19:23 138,112 ----a-w c:\windows\system32\drivers\afd.sys
    + 2008-08-14 10:04:36 138,496 ----a-w c:\windows\system32\drivers\afd.sys
    - 2008-04-13 19:15:11 334,848 ----a-w c:\windows\system32\drivers\srv.sys
    + 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
    - 2008-04-23 03:35:35 347,136 ----a-w c:\windows\system32\dxtmsft.dll
    + 2008-08-26 09:08:36 347,136 ----a-w c:\windows\system32\dxtmsft.dll
    - 2008-04-23 03:35:35 214,528 ----a-w c:\windows\system32\dxtrans.dll
    + 2008-08-26 09:08:36 214,528 ----a-w c:\windows\system32\dxtrans.dll
    - 2008-04-14 00:11:53 246,272 ----a-w c:\windows\system32\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\system32\es.dll
    - 2008-04-23 03:35:35 132,608 ----a-w c:\windows\system32\extmgr.dll
    + 2008-08-26 09:08:36 132,608 ----a-w c:\windows\system32\extmgr.dll
    - 2008-11-07 10:53:25 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2008-11-14 00:58:26 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
    - 2008-04-23 03:35:35 63,488 ----a-w c:\windows\system32\icardie.dll
    + 2008-08-26 09:08:36 63,488 ----a-w c:\windows\system32\icardie.dll
    - 2008-04-22 08:02:19 70,656 ----a-w c:\windows\system32\ie4uinit.exe
    + 2008-08-25 08:43:21 70,656 ----a-w c:\windows\system32\ie4uinit.exe
    - 2008-04-23 03:35:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
    + 2008-08-26 09:08:36 153,088 ----a-w c:\windows\system32\ieakeng.dll
    - 2008-04-23 03:35:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
    + 2008-08-26 09:08:36 230,400 ----a-w c:\windows\system32\ieaksie.dll
    - 2008-04-20 05:07:38 161,792 ----a-w c:\windows\system32\ieakui.dll
    + 2008-08-23 05:54:50 161,792 ----a-w c:\windows\system32\ieakui.dll
    - 2008-04-23 03:35:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
    + 2008-08-26 09:08:36 380,928 ----a-w c:\windows\system32\ieapfltr.dll
    - 2008-04-23 03:35:35 388,608 ----a-w c:\windows\system32\iedkcs32.dll
    + 2008-08-26 09:08:37 388,608 ----a-w c:\windows\system32\iedkcs32.dll
    - 2008-04-23 03:35:36 6,068,224 ----a-w c:\windows\system32\ieframe.dll
    + 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\system32\ieframe.dll
    - 2008-04-23 03:35:36 44,544 ----a-w c:\windows\system32\iernonce.dll
    + 2008-08-26 09:08:39 44,544 ----a-w c:\windows\system32\iernonce.dll
    - 2008-04-23 03:35:36 267,776 ----a-w c:\windows\system32\iertutil.dll
    + 2008-08-26 09:08:39 267,776 ----a-w c:\windows\system32\iertutil.dll
    - 2008-04-22 08:02:19 13,824 ----a-w c:\windows\system32\ieudinit.exe
    + 2008-08-25 08:43:21 13,824 ----a-w c:\windows\system32\ieudinit.exe
    - 2008-04-14 00:11:54 691,712 ----a-w c:\windows\system32\inetcomm.dll
    + 2008-04-11 19:04:26 691,712 ----a-w c:\windows\system32\inetcomm.dll
    - 2008-04-23 03:35:36 27,648 ----a-w c:\windows\system32\jsproxy.dll
    + 2008-08-26 09:08:40 27,648 ----a-w c:\windows\system32\jsproxy.dll
    - 2008-04-14 00:11:58 73,728 ----a-w c:\windows\system32\mscms.dll
    + 2008-06-24 16:43:16 74,240 ----a-w c:\windows\system32\mscms.dll
    - 2008-04-23 03:35:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
    + 2008-08-26 09:08:40 459,264 ----a-w c:\windows\system32\msfeeds.dll
    - 2008-04-23 03:35:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
    + 2008-08-26 09:08:40 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
    - 2008-04-23 03:35:36 3,593,728 ----a-w c:\windows\system32\mshtml.dll
    + 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\system32\mshtml.dll
    - 2008-04-23 03:35:36 478,208 ----a-w c:\windows\system32\mshtmled.dll
    + 2008-08-26 09:08:43 477,696 ----a-w c:\windows\system32\mshtmled.dll
    - 2008-04-23 03:35:36 193,024 ----a-w c:\windows\system32\msrating.dll
    + 2008-08-26 09:08:44 193,024 ----a-w c:\windows\system32\msrating.dll
    - 2008-04-23 03:35:36 671,232 ----a-w c:\windows\system32\mstime.dll
    + 2008-08-26 09:08:44 671,232 ----a-w c:\windows\system32\mstime.dll
    - 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
    + 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
    - 2008-04-13 18:31:21 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
    + 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
    - 2008-04-13 19:24:37 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
    + 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
    - 2008-04-23 03:35:36 102,912 ----a-w c:\windows\system32\occache.dll
    + 2008-08-26 09:08:44 102,912 ----a-w c:\windows\system32\occache.dll
    - 2008-11-07 10:57:46 64,402 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-14 11:23:43 64,402 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-07 10:57:46 406,584 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-14 11:23:43 406,584 ----a-w c:\windows\system32\perfh009.dat
    - 2008-04-23 03:35:36 44,544 ----a-w c:\windows\system32\pngfilt.dll
    + 2008-08-26 09:08:44 44,544 ----a-w c:\windows\system32\pngfilt.dll
    - 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
    + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
    - 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ------w c:\windows\system32\tzchange.exe
    - 2008-04-23 03:35:36 105,984 ----a-w c:\windows\system32\url.dll
    + 2008-08-26 09:08:44 105,984 ----a-w c:\windows\system32\url.dll
    - 2008-04-23 03:35:36 1,162,752 ----a-w c:\windows\system32\urlmon.dll
    + 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\system32\urlmon.dll
    - 2008-04-23 03:35:36 233,472 ----a-w c:\windows\system32\webcheck.dll
    + 2008-08-26 09:08:45 233,472 ----a-w c:\windows\system32\webcheck.dll
    - 2008-04-13 19:30:10 1,845,632 ----a-w c:\windows\system32\win32k.sys
    + 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
    - 2008-04-23 03:35:36 827,392 ----a-w c:\windows\system32\wininet.dll
    + 2008-08-26 09:08:45 827,904 ----a-w c:\windows\system32\wininet.dll
    - 2007-04-16 20:40:08 295,936 ----a-w c:\windows\system32\wmpeffects.dll
    + 2008-06-25 02:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll
    + 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-07 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-04-09 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]
    "nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-09-07 10:17 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1 "= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

    S2 mscbcosd;Windows File Manager Services;c:\windows\system32\mscbco.exe [ ]
    S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2005-10-19 22432]
    S3 EVOLUSB;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\evolusb.sys [ ]
    S3 MA_CMIDI;M-Audio USB Driver;c:\windows\system32\drivers\ma_cmidi.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bd15b4-2d45-11dd-8870-806d6172696f}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\izg8ra5h.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-14 03:46:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-14 3:49:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-14 11:49:05
    ComboFix2.txt 2008-11-08 05:19:06
    ComboFix3.txt 2008-11-07 10:55:54
    ComboFix4.txt 2008-11-07 02:14:52

    Pre-Run: 360,050,302,976 bytes free
    Post-Run: 360,086,290,432 bytes free

    439 --- E O F --- 2008-11-14 11:03:35
     
  11. 2008/11/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Couple more to get. Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
    C:\WINDOWS\system32\udxfytw.sys
    c:\windows\system32\mscbco.exe
    Driver::
    mscbcosd
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a new RSIT log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.
     
  12. 2008/11/16
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    Thanks, here's the CF Log first...


    ComboFix 08-11-14.01 - Dan 2008-11-16 10:27:06.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1596 [GMT -8:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\windows\system32\mscbco.exe
    c:\windows\system32\udxfytw.sys
    .

    ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
    .

    2008-11-14 07:18 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2008-11-14 07:18 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-06 20:18 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-11-06 20:18 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-11-06 20:18 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-11-06 20:18 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-11-06 20:18 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
    2008-11-06 20:18 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2008-11-06 20:18 . 2008-07-07 12:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
    2008-11-06 20:18 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
    2008-11-06 20:18 . 2008-06-24 08:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
    2008-11-06 20:17 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
    2008-11-06 20:17 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2008-11-06 20:17 . 2008-05-01 06:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
    2008-11-06 20:07 . 2008-11-06 20:07 <DIR> d-------- c:\program files\Belarc
    2008-11-06 20:07 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
    2008-11-06 13:47 . 2008-11-06 17:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Dan\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 13:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iTunes
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iPod
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 17:33 . 2008-11-05 17:33 <DIR> d-------- c:\program files\QuickTime
    2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\Bonjour
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\Dan\Application Data\Ableton
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
    2008-10-28 13:44 . 2007-07-15 14:03 1,060,864 --a------ c:\windows\system32\MFC71.dll
    2008-10-28 13:43 . 2008-10-28 13:43 <DIR> d-------- c:\program files\Ableton
    2008-10-24 11:57 . 2008-10-24 11:57 <DIR> d-------- c:\program files\CME

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-06 02:09 --------- d-----w c:\program files\Apple Software Update
    2008-11-06 01:33 --------- d-----w c:\program files\Common Files\Apple
    2008-11-05 06:38 --------- d-----w c:\documents and settings\Dan\Application Data\uTorrent
    2008-10-31 05:30 --------- d-----w c:\documents and settings\Dan\Application Data\dvdcss
    2008-10-25 18:28 --------- d-----w c:\program files\MySpace
    2008-10-25 17:18 --------- d-----w c:\program files\M-Audio
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-15 23:01 --------- d-----w c:\program files\Virtual Earth 3D
    2008-10-13 16:14 --------- d-----w c:\documents and settings\Dan\Application Data\MySpace
    2008-10-10 17:34 --------- d-----w c:\program files\Propellerhead
    2008-10-10 17:34 --------- d-----w c:\documents and settings\Dan\Application Data\Propellerhead Software
    2008-10-10 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
    2008-10-01 21:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-30 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2008-09-30 01:51 --------- d-----w c:\program files\uTorrent
    2008-09-29 04:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-09-23 07:17 --------- d-----w c:\documents and settings\Dan\Application Data\Sony
    2008-09-23 06:36 --------- d-----w c:\program files\PowerISO
    2008-09-16 04:53 --------- d-----w c:\documents and settings\Dan\Application Data\Publish Providers
    2008-09-16 04:42 --------- d-----w c:\program files\Vstplugins
    2008-09-16 04:42 --------- d-----w c:\program files\Sony
    2008-09-16 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
    2008-09-16 04:41 --------- d-----w c:\program files\Sony Setup
    2008-09-16 01:49 --------- d-----w c:\program files\TechSmith
    2008-09-16 01:49 --------- d-----w c:\program files\Common Files\TechSmith Shared
    2008-09-16 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-08-29 18:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-08-29 17:53 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-08-26 09:08 827,904 ----a-w c:\windows\system32\wininet.dll
    2008-05-29 04:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-16_ 8.54.17.87 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-15 18:00:04 64,402 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-16 16:52:14 64,402 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-15 18:00:04 406,584 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-16 16:52:14 406,584 ----a-w c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-07 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-04-09 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]
    "nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-09-07 10:17 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1 "= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

    S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2008-07-08 22432]
    S3 EVOLUSB;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\evolusb.sys []
    S3 MA_CMIDI;M-Audio USB Driver;c:\windows\system32\drivers\ma_cmidi.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bd15b4-2d45-11dd-8870-806d6172696f}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-16 10:27:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-11-16 10:28:26
    ComboFix-quarantined-files.txt 2008-11-16 18:28:11
    ComboFix2.txt 2008-11-16 16:54:31
    ComboFix3.txt 2008-11-14 11:49:08
    ComboFix4.txt 2008-11-08 05:19:06
    ComboFix5.txt 2008-11-16 18:26:37

    Pre-Run: 359,919,960,064 bytes free
    Post-Run: 359,952,347,136 bytes free

    166 --- E O F --- 2008-11-15 11:02:58


    and here's the RSIT log...

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Dan at 2008-11-16 10:59:43
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 343 GB (72%) free of 477 GB
    Total RAM: 2047 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:54 AM, on 11/16/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Dan\Desktop\RSIT.exe
    C:\Documents and Settings\Dan\Desktop\Dan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1212034108265
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212034104062
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://shawsecure.ca/ols/fscax.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5812 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2007-04-09 16126464]
    "SkyTel "=C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
    "nwiz "=nwiz.exe /install []
    "NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "LVCOMS "=C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214]
    "PWRISOVM.EXE "=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-06-16 167936]
    "QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
    "iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "LightScribe Control Panel "=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]
    "SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-07 1576176]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-09-07 352256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-04-16 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives "=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=
    "NoDrives "=
    "NoDriveAutoRun "=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
    "C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
    "C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe "= "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:mad:xpsp3res.dll,-20000 "
    "C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bd15b4-2d45-11dd-8870-806d6172696f}]
    shell\AutoRun\command - E:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2008-11-16 10:59:43 ----D---- C:\rsit
    2008-11-16 10:28:27 ----D---- C:\WINDOWS\temp
    2008-11-16 10:28:26 ----A---- C:\ComboFix.txt
    2008-11-16 10:26:33 ----D---- C:\ComboFix
    2008-11-15 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-11-15 03:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-11-15 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2008-11-13 16:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-11-13 16:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-11-13 16:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-11-13 16:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-11-13 16:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-11-13 16:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-11-13 16:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-11-13 16:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-11-13 16:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-11-13 16:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-11-13 16:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-11-13 16:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-11-13 16:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-11-13 16:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-11-06 20:07:35 ----D---- C:\Program Files\Belarc
    2008-11-06 18:09:36 ----A---- C:\Boot.bak
    2008-11-06 18:09:32 ----RASHD---- C:\cmdcons
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\zip.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\VFIND.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\SWXCACLS.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\SWSC.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\SWREG.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\sed.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\NIRCMD.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\grep.exe
    2008-11-06 18:08:19 ----A---- C:\WINDOWS\fdsv.exe
    2008-11-06 18:08:17 ----D---- C:\WINDOWS\ERDNT
    2008-11-06 18:08:16 ----D---- C:\Qoobox
    2008-11-06 13:47:38 ----D---- C:\Documents and Settings\Dan\Application Data\Malwarebytes
    2008-11-06 13:47:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-06 13:47:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-11-05 17:34:29 ----D---- C:\Program Files\iPod
    2008-11-05 17:34:28 ----D---- C:\Program Files\iTunes
    2008-11-05 17:34:28 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 17:33:29 ----D---- C:\Program Files\QuickTime
    2008-11-05 17:29:38 ----D---- C:\Program Files\Bonjour
    2008-10-28 13:45:12 ----D---- C:\Documents and Settings\Dan\Application Data\Ableton
    2008-10-28 13:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\Ableton
    2008-10-28 13:44:27 ----A---- C:\WINDOWS\system32\MFC71.dll
    2008-10-28 13:43:51 ----D---- C:\Program Files\Ableton
    2008-10-24 11:57:15 ----D---- C:\Program Files\CME

    ======List of files/folders modified in the last 1 months======

    2008-11-16 10:58:06 ----D---- C:\WINDOWS\Prefetch
    2008-11-16 10:41:39 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-16 10:28:28 ----D---- C:\WINDOWS\system32
    2008-11-16 10:28:27 ----D---- C:\WINDOWS
    2008-11-16 10:27:43 ----A---- C:\WINDOWS\system.ini
    2008-11-16 10:27:28 ----D---- C:\WINDOWS\system32\drivers
    2008-11-16 10:27:27 ----D---- C:\WINDOWS\AppPatch
    2008-11-16 10:27:27 ----D---- C:\Program Files\Common Files
    2008-11-16 10:26:59 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-16 08:54:11 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-16 08:52:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-15 09:54:38 ----D---- C:\WINDOWS\system32\config
    2008-11-15 03:02:58 ----HD---- C:\WINDOWS\inf
    2008-11-15 03:02:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-11-15 03:02:56 ----HD---- C:\WINDOWS\$hf_mig$
    2008-11-15 03:02:54 ----SHD---- C:\WINDOWS\Installer
    2008-11-15 03:02:40 ----A---- C:\WINDOWS\imsins.BAK
    2008-11-15 03:02:07 ----D---- C:\WINDOWS\WinSxS
    2008-11-14 16:16:37 ----RD---- C:\Program Files
    2008-11-14 04:46:05 ----D---- C:\WINDOWS\system32\wbem
    2008-11-14 03:03:15 ----A---- C:\WINDOWS\win.ini
    2008-11-13 16:40:38 ----D---- C:\Program Files\Messenger
    2008-11-13 16:40:25 ----D---- C:\Program Files\Internet Explorer
    2008-11-09 08:51:06 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-11-06 18:39:18 ----RSD---- C:\WINDOWS\assembly
    2008-11-06 18:38:52 ----RSD---- C:\WINDOWS\Fonts
    2008-11-06 18:38:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-11-06 18:09:36 ----RASH---- C:\boot.ini
    2008-11-06 13:23:07 ----D---- C:\WINDOWS\pss
    2008-11-05 18:09:40 ----D---- C:\Program Files\Apple Software Update
    2008-11-05 17:35:18 ----SD---- C:\WINDOWS\Tasks
    2008-11-05 17:34:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-05 17:33:32 ----D---- C:\Program Files\Common Files\Apple
    2008-11-05 17:32:25 ----D---- C:\WINDOWS\system32\CatRoot
    2008-11-04 22:38:39 ----D---- C:\Documents and Settings\Dan\Application Data\uTorrent
    2008-10-30 21:30:24 ----D---- C:\Documents and Settings\Dan\Application Data\dvdcss
    2008-10-30 11:03:27 ----D---- C:\WINDOWS\Network Diagnostic
    2008-10-25 10:28:23 ----D---- C:\Program Files\MySpace
    2008-10-25 09:18:19 ----D---- C:\Program Files\M-Audio
    2008-10-25 08:43:51 ----D---- C:\WINDOWS\Registration

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
    R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-11 56108]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-04-16 62336]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-04-16 138752]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-11 5810]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-05 58752]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-05 19968]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 BCMIDI;BCMIDI; C:\WINDOWS\System32\Drivers\bcmidi2.sys [2005-10-19 22432]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 EVOLUSB;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\evolusb.sys []
    S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys []
    S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-04-16 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-16 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------



    curious, here... I ran RSIT the first time and it produced the 'log.txt' file, but also one titled 'info.txt' which contained removed programs, etc. I can attach this as needed, but didn't want to be a burden with a bunch of extra stuff that wasn't asked for. thanks again!
     
  13. 2008/11/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Sorry .... didn't see your reply right away. No need to post the info.txt .... your logs look good.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Now lets get an online scan to see if we've missed anything. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Post the Kaspersky log and let me know how the computer is behaving now.
     
  14. 2008/11/18
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    my computer is now free of audio ads and sound bytes (THANK YOU!!!:))
    The overall performance is substantially lower than usual, though, and the internet in particular is painfully slow. here is the kapersky log.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, November 18, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, November 18, 2008 05:48:13
    Records in database: 1390689
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Files scanned: 64098
    Threat name: 8
    Infected objects: 20
    Suspicious objects: 0
    Duration of the scan: 00:42:14


    File name / Threat name / Threats count
    C:\Qoobox\Quarantine\C\WINDOWS\system32\afisicx.exe.vir Infected: Trojan.Win32.Agent.amej 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\noytcyr.exe.vir Infected: Trojan.Win32.Agent.gpa 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\roytctm.exe.vir Infected: Trojan.Win32.Agent.gpc 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\soxpeca.exe.vir Infected: Trojan.Win32.Agent.amjf 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tdydowkc.exe.vir Infected: Trojan.Win32.Agent.gpd 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\udxfytw.sys.vir Infected: Trojan.Win32.Agent.amaz 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wsldoekd.exe.vir Infected: Trojan.Win32.Agent.gpe 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\af[1].bin Infected: Trojan.Win32.Agent.amej 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\ro[1].bin Infected: Trojan.Win32.Agent.gpc 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\msusp[1].bin Infected: Trojan.Win32.Agent.ambw 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ro[1].bin Infected: Trojan.Win32.Agent.gpc 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\td[1].bin Infected: Trojan.Win32.Agent.gpd 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ws[1].bin Infected: Trojan.Win32.Agent.gpe 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\af[1].bin Infected: Trojan.Win32.Agent.amej 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\no[1].bin Infected: Trojan.Win32.Agent.gpa 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\no[2].bin Infected: Trojan.Win32.Agent.gpa 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\td[1].bin Infected: Trojan.Win32.Agent.gpd 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\so[1].bin Infected: Trojan.Win32.Agent.amjf 1
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\ws[1].bin Infected: Trojan.Win32.Agent.gpe 1
    C:\WINDOWS\system32\tmpxr_587960331781.bk Infected: Trojan.Win32.Agent.amjf 1

    The selected area was scanned.
     
  15. 2008/11/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
    C:\WINDOWS\system32\tmpxr_587960331781.bk
    Folder::
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.
     
  16. 2008/11/20
    antagonist2012

    antagonist2012 Inactive Thread Starter

    Joined:
    2008/11/06
    Messages:
    8
    Likes Received:
    0
    This is the Combofix log this time.


    ComboFix 08-11-19.08 - Dan 2008-11-20 15:07:30.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1509 [GMT -8:00]
    Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\windows\system32\tmpxr_587960331781.bk
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\af[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\bullet[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\desktop.ini
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\dnserrordiagoff_webOC[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\httpErrorPagesScripts[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[1].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[10].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[11].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[2].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[3].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[4].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[5].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[6].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[7].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[8].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\jump2[9].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\ro[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1B28W9IC\w[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\background_gradient[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\desktop.ini
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\down[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ErrorPageTemplate[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\js[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[1].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[2].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[3].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[4].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[5].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[6].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[7].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[8].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\jump2[9].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\msusp[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ro[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\td[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZNOJ6TY\ws[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\ad[3].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\af[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\desktop.ini
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[1].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[10].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[11].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[2].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[3].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[4].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[5].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[6].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[7].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[8].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\jump2[9].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\ma[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\ma[2].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\no[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\no[2].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\td[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NTSW8D0\w[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\ad[1].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\desktop.ini
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\errorPageStrings[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\info_48[1]
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[1].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[10].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[2].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[3].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[4].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[5].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[6].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[7].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[8].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\jump2[9].htm
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\so[1].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\so[2].bin
    c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLZVGTI3\ws[1].bin
    c:\windows\system32\nsugyryt.ini
    c:\windows\system32\rabsxbeu.ini
    c:\windows\system32\tmpxr_587960331781.bk
    c:\windows\system32\weeiwbic.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
    .

    2008-11-17 17:50 . 2008-11-20 09:43 <DIR> d-------- c:\windows\LastGood
    2008-11-16 10:59 . 2008-11-16 10:59 <DIR> d-------- C:\rsit
    2008-11-14 07:18 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2008-11-14 07:18 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-06 20:18 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-11-06 20:18 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-11-06 20:18 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-11-06 20:18 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-11-06 20:18 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
    2008-11-06 20:18 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2008-11-06 20:18 . 2008-07-07 12:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
    2008-11-06 20:18 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
    2008-11-06 20:18 . 2008-06-24 08:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
    2008-11-06 20:17 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
    2008-11-06 20:17 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2008-11-06 20:17 . 2008-05-01 06:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
    2008-11-06 20:07 . 2008-11-06 20:07 <DIR> d-------- c:\program files\Belarc
    2008-11-06 20:07 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
    2008-11-06 13:47 . 2008-11-06 17:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Dan\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-06 13:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-06 13:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iTunes
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\program files\iPod
    2008-11-05 17:34 . 2008-11-05 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-05 17:33 . 2008-11-05 17:33 <DIR> d-------- c:\program files\QuickTime
    2008-11-05 17:29 . 2008-11-05 17:29 <DIR> d-------- c:\program files\Bonjour
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\Dan\Application Data\Ableton
    2008-10-28 13:45 . 2008-10-28 13:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
    2008-10-28 13:44 . 2007-07-15 14:03 1,060,864 --a------ c:\windows\system32\MFC71.dll
    2008-10-28 13:43 . 2008-10-28 13:43 <DIR> d-------- c:\program files\Ableton
    2008-10-24 11:57 . 2008-10-24 11:57 <DIR> d-------- c:\program files\CME

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-06 02:09 --------- d-----w c:\program files\Apple Software Update
    2008-11-06 01:33 --------- d-----w c:\program files\Common Files\Apple
    2008-11-05 06:38 --------- d-----w c:\documents and settings\Dan\Application Data\uTorrent
    2008-10-31 05:30 --------- d-----w c:\documents and settings\Dan\Application Data\dvdcss
    2008-10-25 18:28 --------- d-----w c:\program files\MySpace
    2008-10-25 17:18 --------- d-----w c:\program files\M-Audio
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-15 23:01 --------- d-----w c:\program files\Virtual Earth 3D
    2008-10-13 16:14 --------- d-----w c:\documents and settings\Dan\Application Data\MySpace
    2008-10-10 17:34 --------- d-----w c:\program files\Propellerhead
    2008-10-10 17:34 --------- d-----w c:\documents and settings\Dan\Application Data\Propellerhead Software
    2008-10-10 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
    2008-10-01 21:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-30 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
    2008-09-30 01:51 --------- d-----w c:\program files\uTorrent
    2008-09-29 04:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-09-23 07:17 --------- d-----w c:\documents and settings\Dan\Application Data\Sony
    2008-09-23 06:36 --------- d-----w c:\program files\PowerISO
    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-08-29 18:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
    2008-08-29 17:53 61,440 ----a-w c:\windows\system32\dnssd.dll
    2008-08-26 09:08 827,904 ----a-w c:\windows\system32\wininet.dll
    2008-05-29 04:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-16_ 8.54.17.87 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-07-31 02:19:20 92,504 ----a-w c:\windows\LastGood\system32\cdm.dll
    + 2007-07-31 02:19:10 271,224 ----a-w c:\windows\LastGood\system32\mucltui.dll
    + 2007-07-31 02:18:34 207,736 ----a-w c:\windows\LastGood\system32\muweb.dll
    + 2007-07-31 02:19:36 549,720 ----a-w c:\windows\LastGood\system32\wuapi.dll
    + 2007-07-31 02:19:16 53,080 ----a-w c:\windows\LastGood\system32\wuauclt.exe
    + 2007-07-31 02:19:42 1,712,984 ----a-w c:\windows\LastGood\system32\wuaueng.dll
    + 2007-07-31 02:19:32 325,976 ----a-w c:\windows\LastGood\system32\wucltui.dll
    + 2007-07-31 02:18:40 33,624 ----a-w c:\windows\LastGood\system32\wups.dll
    + 2007-07-31 02:19:12 43,352 ----a-w c:\windows\LastGood\system32\wups2.dll
    + 2007-07-31 02:19:46 203,096 ----a-w c:\windows\LastGood\system32\wuweb.dll
    - 2007-07-31 02:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-10-16 22:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
    - 2007-07-31 02:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    + 2008-10-16 22:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
    - 2007-07-31 02:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    + 2008-10-16 22:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
    - 2007-07-31 02:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    + 2008-10-16 22:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
    - 2007-07-31 02:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    + 2008-10-16 22:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
    - 2007-07-31 02:19:46 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 22:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    - 2007-07-31 02:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll
    + 2008-07-19 06:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
    - 2007-07-31 02:18:34 207,736 ----a-w c:\windows\system32\muweb.dll
    + 2008-07-19 06:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
    - 2008-11-15 18:00:04 64,402 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-17 02:20:21 64,402 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-15 18:00:04 406,584 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-17 02:20:21 406,584 ----a-w c:\windows\system32\perfh009.dat
    + 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-07 1576176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "LVCOMS "= "c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-04-09 c:\windows\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]
    "nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-09-07 10:17 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1 "= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

    S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2008-07-08 22432]
    S3 EVOLUSB;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\evolusb.sys []
    S3 MA_CMIDI;M-Audio USB Driver;c:\windows\system32\drivers\ma_cmidi.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bd15b4-2d45-11dd-8870-806d6172696f}]
    \Shell\AutoRun\command - E:\setupSNK.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-20 15:08:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-11-20 15:09:43
    ComboFix-quarantined-files.txt 2008-11-20 23:09:26
    ComboFix2.txt 2008-11-16 18:28:26
    ComboFix3.txt 2008-11-16 16:54:31
    ComboFix4.txt 2008-11-14 11:49:08
    ComboFix5.txt 2008-11-20 23:07:16

    Pre-Run: 359,940,198,400 bytes free
    Post-Run: 359,919,775,744 bytes free

    278 --- E O F --- 2008-11-15 11:02:58
     
  17. 2008/11/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. How's the behavior now?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.