Solved [DNS Changer detected]

Your router has been hijacked. You either need to reset it by using something small like a pencil lead or toothpick to press and hold the reset button located on the back of the router for at least ten seconds, or set static dns numbers. You can set it to use OpenDNS name servers, with the following addresses.

208.67.222.222 and 208.67.220.220

Prior to resetting or changing, update MBAM then physically disonnect your computer from the router. Run a full system scan and allow MBAM to remove whatever it finds, if anything. Reset the router whilst disconnected. If changing the router's name servers instead, disconnect the router from the internet and connect your computer after running MBAM, then make then change.

Do not reconnect to an active internet connection until router has been changed/reset and MBAM has been run.

When done, please run a new dds scan and post the log.

 

My computer can't update MBAM. It says "Update failed. Make sure you're connected to the Internet and your firewall is set to allow Malwarebytes' Anti-malware to access the internet ". When I am connected to the internet, and the firewall is set to allow MBAM.

EDIT: Ok, I managed to update MBAM by using a different mirror update. Will do instructions now.

 

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-04 04:30:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 123 GB (52%) free of 234 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:31:02, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [LXCDCATS] -rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {46C66BBD-E667-4DAD-9683-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {61A54BB0-F380-446F-8727-9AEA23711471} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189954522187
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00BFD8A4-0521-4CF9-BB5D-E62883A0DB27}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ABF8E89-B6CE-48E3-A0DE-158CC8596653}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{00BFD8A4-0521-4CF9-BB5D-E62883A0DB27}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{00BFD8A4-0521-4CF9-BB5D-E62883A0DB27}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{00BFD8A4-0521-4CF9-BB5D-E62883A0DB27}: NameServer = 208.67.220.220,208.67.222.222
O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe

--
End of file - 13325 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-22 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-12-17 1878872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-09-29 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-09-29 2554944]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCDCATS "=-rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll []
"BluetoothAuthenticationAgent "=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"AlcWzrd "=C:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"StartCCC "=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ATIPTA "=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation "=C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-16 181624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr "=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-09-08 3513344]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-12-17 2107224]
"Advanced SystemCare 3 "=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-21 2250256]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-22 1830128]
"MSMSGS "=C:\Program Files\Messenger\MSMSGS.EXE [2003-04-14 1498032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
C:\Program Files\filehippo.com\UpdateChecker.exe [2008-10-22 147968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-03 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-22 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-04-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=255
"NoSecurityTab "=1
"NoDriveAutoRun "=67108863
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch "=
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"C:\WINDOWS\system32\lxcdcoms.exe "= "C:\WINDOWS\system32\lxcdcoms.exe:*:Enabled:6300 Series Server "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcdPSWX.EXE "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcdPSWX.EXE:*:Enabled:6300 Series Printer Status "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe "= "C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\FrostWire\FrostWire.exe "= "C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire "
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe "= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Windows Media Player\wmplayer.exe "= "C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe "= "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe "= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "

======List of files/folders created in the last 3 months======

2009-01-04 01:05:21 ----D---- C:\Program Files\Safer Networking
2009-01-02 00:02:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-01 21:16:38 ----A---- C:\WINDOWS\setuplog.txt
2009-01-01 20:46:57 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-30 22:28:03 ----SHD---- C:\RECYCLER
2008-12-30 22:10:38 ----A---- C:\ComboFix.txt
2008-12-30 14:07:26 ----D---- C:\Documents and Settings\Owner\Application Data\GlarySoft
2008-12-30 13:54:44 ----D---- C:\Program Files\Glary Utilities
2008-12-30 13:50:14 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-29 06:47:06 ----A---- C:\WINDOWS\system32\TweakUI.exe
2008-12-29 06:34:49 ----D---- C:\Documents and Settings\Owner\Application Data\Software Informer
2008-12-26 18:36:33 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\zip.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\VFIND.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\SWSC.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\SWREG.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\sed.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\grep.exe
2008-12-26 17:51:31 ----A---- C:\WINDOWS\fdsv.exe
2008-12-26 17:50:17 ----D---- C:\WINDOWS\ERDNT
2008-12-26 17:50:17 ----D---- C:\Qoobox
2008-12-24 00:13:51 ----HDC---- C:\WINDOWS\ie8
2008-12-23 23:52:57 ----A---- C:\WINDOWS\imsins.BAK
2008-12-23 19:12:51 ----D---- C:\rsit
2008-12-23 01:34:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-23 01:22:25 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-08 12:55:09 ----D---- C:\My Music
2008-12-07 15:12:10 ----D---- C:\Documents and Settings\Owner\Application Data\IObit
2008-12-07 13:16:15 ----D---- C:\Program Files\AskBarDis
2008-12-06 02:51:20 ----D---- C:\Program Files\AskBarDis(2)
2008-12-05 13:05:34 ----D---- C:\Program Files\IObit
2008-12-01 19:53:16 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2008-12-01 19:53:07 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2008-12-01 19:50:36 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2008-11-30 20:20:58 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-30 20:20:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-30 20:20:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-26 12:47:58 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-11-22 20:33:04 ----A---- C:\WINDOWS\ATICIM.INI
2008-11-22 20:28:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-22 19:44:26 ----D---- C:\Documents and Settings\Owner\Application Data\Auslogics
2008-11-22 19:44:24 ----D---- C:\Program Files\Auslogics
2008-11-22 19:37:26 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-05 22:28:04 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2008-11-05 20:38:28 ----A---- C:\WINDOWS\WB.ini
2008-11-05 20:09:41 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 1
2008-11-04 13:56:23 ----D---- C:\Documents and Settings\Owner\Application Data\ShockWave_JanesRealty
2008-11-04 13:54:35 ----D---- C:\Program Files\Shockwave.com
2008-11-03 18:06:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-03 18:06:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-03 18:06:31 ----A---- C:\WINDOWS\system32\java.exe
2008-11-03 18:06:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-03 18:00:09 ----D---- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-03 17:52:57 ----D---- C:\WINDOWS\system32\Adobe
2008-11-03 10:42:38 ----D---- C:\Program Files\filehippo.com
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-22 21:42:01 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-22 18:42:45 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-22 18:41:44 ----D---- C:\MsgPlusDebug

======List of files/folders modified in the last 3 months======

2009-01-04 04:30:43 ----D---- C:\WINDOWS\Prefetch
2009-01-04 04:30:40 ----D---- C:\Program Files\Trend Micro
2009-01-04 04:26:22 ----D---- C:\Program Files\Mozilla Firefox
2009-01-04 04:20:08 ----D---- C:\WINDOWS\Temp
2009-01-04 04:18:20 ----D---- C:\WINDOWS
2009-01-04 04:17:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 04:17:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-04 01:05:21 ----RD---- C:\Program Files
2009-01-04 00:42:17 ----SHD---- C:\WINDOWS\Installer
2009-01-03 21:47:47 ----AD---- C:\WINDOWS\system32
2009-01-03 19:07:13 ----D---- C:\Documents and Settings\Owner\Application Data\FrostWire
2009-01-03 18:51:19 ----D---- C:\Program Files\Lx_cats
2009-01-02 11:15:07 ----D---- C:\Program Files\MioNet
2009-01-02 00:04:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-02 00:02:21 ----HD---- C:\WINDOWS\inf
2009-01-02 00:02:21 ----D---- C:\WINDOWS\SQLHotfix
2009-01-02 00:02:21 ----D---- C:\WINDOWS\EHome
2009-01-02 00:02:21 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-01-02 00:01:00 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-01-01 21:53:36 ----SD---- C:\WINDOWS\Tasks
2008-12-31 05:53:34 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-31 04:13:16 ----D---- C:\WINDOWS\Registration
2008-12-30 22:10:45 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 22:05:16 ----A---- C:\WINDOWS\system.ini
2008-12-30 22:02:52 ----D---- C:\WINDOWS\system32\config
2008-12-30 22:01:44 ----D---- C:\WINDOWS\AppPatch
2008-12-30 22:01:44 ----D---- C:\Program Files\Common Files
2008-12-30 22:01:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-30 21:57:37 ----D---- C:\Temp
2008-12-30 16:46:42 ----D---- C:\Program Files\FrostWire
2008-12-30 14:11:36 ----D---- C:\WINDOWS\SMINST
2008-12-30 14:11:33 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-12-30 14:11:33 ----D---- C:\Documents and Settings\Owner\Application Data\Azureus
2008-12-30 14:11:32 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-12-30 13:50:24 ----HD---- C:\Config.Msi
2008-12-30 13:50:13 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-30 04:16:43 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2008-12-24 00:53:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-24 00:21:45 ----D---- C:\WINDOWS\system32\en-us
2008-12-24 00:21:44 ----D---- C:\WINDOWS\Media
2008-12-24 00:21:43 ----D---- C:\WINDOWS\Help
2008-12-24 00:21:43 ----D---- C:\Program Files\Internet Explorer
2008-12-24 00:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-24 00:13:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-24 00:11:58 ----D---- C:\WINDOWS\Debug
2008-12-23 23:56:08 ----D---- C:\WINDOWS\ie8updates
2008-12-23 03:53:39 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-23 00:50:26 ----D---- C:\Program Files\CCleaner
2008-12-21 22:50:33 ----D---- C:\Program Files\Adobe
2008-12-17 16:45:08 ----D---- C:\WINDOWS\Minidump
2008-12-13 21:27:35 ----D---- C:\WINDOWS\network diagnostic
2008-12-07 19:00:05 ----D---- C:\Documents and Settings\Owner\Application Data\TeraCopy
2008-12-07 15:44:43 ----D---- C:\Program Files\WinRAR
2008-12-07 13:17:50 ----D---- C:\WINDOWS\system32\wbem
2008-12-03 20:46:14 ----D---- C:\Program Files\7-Zip
2008-12-02 18:48:40 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-01 20:52:52 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-01 20:51:31 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-01 20:46:17 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-12-01 20:41:02 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-12-01 20:40:49 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-12-01 20:40:41 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-12-01 20:40:32 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-12-01 20:40:14 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-12-01 20:38:42 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-12-01 20:37:21 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-12-01 20:27:53 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-12-01 20:19:53 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-01 20:11:54 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-01 19:57:33 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-12-01 19:53:36 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-12-01 19:52:12 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-12-01 19:52:02 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-12-01 19:50:52 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-12-01 19:45:32 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-01 14:35:00 ----A---- C:\WINDOWS\system32\ati2sgag.exe
2008-11-22 23:22:28 ----D---- C:\WINDOWS\pss
2008-11-22 22:45:47 ----D---- C:\Program Files\Alwil Software
2008-11-22 22:05:48 ----A---- C:\WINDOWS\wininit.ini
2008-11-22 20:46:12 ----D---- C:\Program Files\DivX
2008-11-22 20:40:47 ----D---- C:\Program Files\LimeWire
2008-11-22 20:37:12 ----RSD---- C:\WINDOWS\assembly
2008-11-22 20:32:44 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-22 20:31:57 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-22 20:31:57 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-22 20:31:26 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-22 19:37:46 ----D---- C:\Program Files\iTunes
2008-11-22 19:37:29 ----D---- C:\Program Files\iPod
2008-11-22 19:35:06 ----D---- C:\Program Files\QuickTime
2008-11-22 19:33:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-07 16:50:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-05 21:18:31 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-05 20:45:29 ----A---- C:\WINDOWS\win.ini
2008-11-05 13:03:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-05 10:09:15 ----D---- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-11-04 16:54:27 ----D---- C:\Program Files\MediaMonkey
2008-11-03 18:35:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-03 18:06:11 ----D---- C:\Program Files\Java
2008-11-03 18:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-03 18:00:08 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-11-03 17:57:03 ----D---- C:\Program Files\ATI Technologies
2008-11-02 16:24:39 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-10-29 21:20:51 ----D---- C:\Program Files\Thomson
2008-10-29 16:00:36 ----D---- C:\Netgear
2008-10-24 17:00:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 05:22:35 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-21 17:51:43 ----A---- C:\WINDOWS\system32\atibrtmon.exe
2008-10-20 21:07:03 ----D---- C:\Documents and Settings
2008-10-16 14:11:32 ----D---- C:\Program Files\Common Files\Stardock
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 PRISM_A00;Intersil PRISM 802.11a/g Driver; C:\WINDOWS\System32\DRIVERS\PCTELSAP.SYS [2004-01-29 350282]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-06 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-01-06 20520]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-04-20 711005]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-08-28 61600]
S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-08-28 9360]
S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-08-28 97184]
S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys [2006-08-28 88688]
S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS); C:\WINDOWS\system32\DRIVERS\se26nd5.sys [2006-08-28 18704]
S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-08-28 86560]
S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM); C:\WINDOWS\system32\DRIVERS\se26unic.sys [2006-08-28 90768]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 se46bus;Sony Ericsson Device 070 driver (WDM); C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-02-11 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
R2 PCTWPASV;SoftAP WPA Authenticator Service; C:\Program Files\Arcadyan Wireless\pctwpasv.exe [2004-01-30 204800]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 MioNet;MioNet Service; C:\Program Files\MioNet\MioNetManager.exe [2006-06-02 139264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-29 138680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 lxcd_device;lxcd_device; C:\WINDOWS\system32\lxcdcoms.exe [2005-06-21 491520]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

Just a couple of things I see to do. First, scan again with HijackThis and place a check next to the following entry.

O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)

Now click Fix Checked. Close HijackThis when compltete.


Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
 "Notification Packages "=hex(7):73,63,65,63,6c,69,00,00

Double click fix.reg and allow it to merge with the registry, then delete fix.reg.


Now, lets see if an online scan reveals anything else. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

Once I created "fix.reg" and double clicked on it and clicked yes to "add information bla bla" it came up with an error: Cannot import C:\Documents and Settings\Owner\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.

I tried adding it from Regedit.exe and I got this error: Cannot import C:\Documents and Settings\Owner\Desktop\fix.reg: The key selected is invalid.

I will do the Kaspersky Online Scanner once said fix.reg works.

 

My apologies. I left out the most important part. I've corrected my last post. Please right click fix.reg and select edit, then replace it's contents with the corrected contents of the code box. Close it and save the changes, then try merging again.

 

Sorry for the extremely late reply.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 7, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 06, 2009 19:07:02
Records in database: 1572693
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 151495
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:20:56

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

Looks great! If you're satisfied things are working normally again, lets cleanup now.

Open MBAM and remove any items quarantined. Do the same with your resident antivirus.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete RSIT.exe and the C:\rsit folder.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

 

Thanks for all your help. I done another scan with Avira and I got this:

Avira AntiVir Personal
Report file date: 07 January 2009 05:04

Scanning for 1153470 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-ZY8MP1S2R5

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 09:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 12:31:06
ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 02/01/2009 12:31:09
ANTIVIR3.VDF : 7.1.1.74 158208 Bytes 06/01/2009 04:56:10
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 04/01/2009 12:31:22
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 16:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 14:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 10:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 04/01/2009 12:31:20
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 04/01/2009 12:31:19
AEHELP.DLL : 8.1.2.0 119159 Bytes 04/01/2009 12:31:13
AEGEN.DLL : 8.1.1.8 323956 Bytes 04/01/2009 12:31:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 04/01/2009 12:31:11
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 13:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 07 January 2009 05:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Integrator.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'pctwpasv.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '68' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamyy.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49d238fd.qua'!
C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\AOL\Delicious2\en-US\delicious2.cab
[0] Archive type: CAB (Microsoft)
--> fmod.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP702\A0398409.exe
[DETECTION] Is the TR/Agent.ayed Trojan
[NOTE] The file was moved to '499742ef.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445325.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4998440f.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445326.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4998441d.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445332.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4998441f.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445334.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984421.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445335.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984422.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445336.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984424.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445337.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984425.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445338.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984427.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445339.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49984429.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445340.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4998442a.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445341.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4998442c.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445342.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4998442d.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445343.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984430.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445344.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa49.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445345.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984431.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445346.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa4a.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445347.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984433.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445348.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984432.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445349.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4819aa4b.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445350.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984434.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445351.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa4d.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445352.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa4c.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445353.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984435.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445354.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa4e.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445356.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49984437.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445357.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49984436.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445358.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa4f.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445359.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49984428.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP763\A0445360.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa40.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP807\A0480386.exe
[DETECTION] Is the TR/Agentbypass.2887936K Trojan
[NOTE] The file was moved to '499844e4.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480443.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '499844e7.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480444.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa90.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480450.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '499844e9.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480452.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa92.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480453.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844e8.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480454.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa91.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480455.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844ea.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480456.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844eb.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480457.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4819aa94.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480458.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844ed.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480459.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa96.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480460.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa93.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480461.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844ec.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480462.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa95.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480463.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844ee.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480464.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844ef.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480465.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa88.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480466.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa97.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480467.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '499844e0.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480468.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa99.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480469.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844e2.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480470.ax
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844f1.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480471.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa8a.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480472.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844f3.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480474.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa9b.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480475.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4819aa9d.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480476.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '499844e6.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480477.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4819aa9f.qua'!
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP808\A0480478.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4819aa8c.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 07 January 2009 06:18
Used time: 1:14:35 Hour(s)

The scan has been canceled!

14495 Scanning directories
688814 Files were scanned
60 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
61 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
688751 Files not concerned
8947 Archives were scanned
7 Warnings
61 Notes

Anyway, I'll do as you said, thank you.

 

C:\System Volume Information is where system restore points are stored. Uninstalling ComboFix should clear all of those out and create a new clean restore point.

 

Why is it always "restore" that holds all the Malware/viruses(for me at least)? It was the same as the last logs as well, every piece of Malware was in "restore" I think..

 

System restore ..... snapshots of your system. If the system is infected when the snapshot is taken, then the snapshot will be infected too. Those snapshots are pretty well protected, so most applications cannot get to them to clean them, nor is it safe in my opinion to clean them. Better to clean the system then purge the infected restore points.

 

Oh okay, thank you for the information. I'm going to do another SpyBot Search & Destroy scan and see if anything comes up, hopefully nothing will!

 

Everything is running good and well. Thank you for all the time, and the time you have spent! I hope this helps some other people(if they actually search for this topic) and I guess you can call this "Resolved ". Have a nice day.

 

Glad to hear it and happy to help.