1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive URL redirect problem

Discussion in 'Malware and Virus Removal Archive' started by cunners, 2009/12/30.

  1. 2009/12/30
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    [Inactive] URL redirect problem

    Hi. I see quite a few problems similar to the one I am experiencing, it is driving me nuts so any help would be really appreciated. I have tried running all the mentioned spyware programs but to no avail. (anti malware, kapersky, ad aware, super antispy etc.

    The specific problem is when I click on a google link in firefox or ie i get redirected to a dodgy website I did not request.

    I have a DDS log here:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by PC USER at 9:38:06.88 on Thu 31/12/2009
    Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1853 [GMT 11:00]

    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
    FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\CISVC.EXE
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Mozy\mozybackup.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Mozy\mozybackup.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\PC USER\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uInternet Settings,ProxyOverride = *.local
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\pcuser~1\appdata\roaming\mozilla\firefox\profiles\k1l4ektz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\users\pc user\appdata\roaming\mozilla\firefox\profiles\k1l4ektz.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
    FF - plugin: c:\program files\common-use signing interface\bin\npCsiPlugin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-29 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-29 130936]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-16 335240]
    R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2007-3-31 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-16 108552]
    R1 pctfw1;pctfw1;c:\windows\system32\drivers\pctfw1.sys [2007-3-30 100448]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-6-29 159600]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-16 297752]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-6-29 73840]
    R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2007-3-30 146800]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-29 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-28 92008]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2007-8-24 15872]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-7-25 95640]
    S2 gupdate1c8e7ee16d6fa9a;Google Update Service (gupdate1c8e7ee16d6fa9a);c:\program files\google\update\GoogleUpdate.exe [2008-7-18 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-3 1181328]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-27 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-4-10 40840]
    S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-4-10 66952]
    S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-4-10 81288]
    S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-4-8 42888]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-10 348752]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-10 1095560]
    S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [2008-8-9 37888]
    S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-9-20 11264]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

    =============== Created Last 30 ================

    2009-12-30 12:22:19 0 d-----w- C:\dell
    2009-12-30 07:41:54 0 d-----w- c:\program files\CleanUp!
    2009-12-30 07:35:12 0 d-----w- c:\program files\Trend Micro
    2009-12-30 03:37:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-30 03:37:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-30 03:37:32 0 d-----w- c:\program files\Malware
    2009-12-29 12:22:11 0 d-sh--w- C:\$RECYCLE.BIN
    2009-12-29 11:54:18 98816 ----a-w- c:\windows\sed.exe
    2009-12-29 11:54:18 77312 ----a-w- c:\windows\MBR.exe
    2009-12-29 11:54:18 261632 ----a-w- c:\windows\PEV.exe
    2009-12-29 11:54:18 161792 ----a-w- c:\windows\SWREG.exe
    2009-12-29 11:18:39 0 d-----w- c:\users\pcuser~1\appdata\roaming\QuickScan
    2009-12-29 10:46:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-29 10:46:10 0 d-----w- c:\users\pcuser~1\appdata\roaming\SUPERAntiSpyware.com
    2009-12-29 10:46:10 0 d-----w- c:\program files\SUPERAntiSpyware
    2009-12-29 10:41:33 0 d-----w- c:\users\pcuser~1\appdata\roaming\Malwarebytes
    2009-12-29 10:41:23 0 d-----w- c:\programdata\Malwarebytes
    2009-12-29 10:19:08 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-12-29 10:13:42 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2009-12-29 10:13:41 0 d-----w- c:\program files\Lavasoft
    2009-12-29 09:43:58 0 d-----w- c:\program files\Safer Networking
    2009-12-29 09:22:35 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-29 09:22:35 0 d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-28 02:31:39 28 ----a-w- c:\windows\Robota.INI
    2009-12-28 02:31:05 0 d-----w- c:\users\pcuser~1\appdata\roaming\MAGIX
    2009-12-28 02:23:36 0 d-----w- c:\programdata\MAGIX
    2009-12-28 02:22:51 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-12-28 02:22:31 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-12-28 02:22:31 6211 ----a-w- c:\windows\mgxoschk.ini
    2009-12-28 02:22:31 0 d-----w- c:\windows\system32\MAGIX
    2009-12-26 23:17:08 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2009-12-26 23:17:08 568832 ----a-w- c:\windows\system32\msvcp90.dll
    2009-12-26 23:17:08 1156600 ----a-w- c:\windows\system32\MFC90.dll
    2009-12-12 00:01:13 8192 ----a-w- c:\windows\system32\iisrstap.dll
    2009-12-12 00:01:13 14848 ----a-w- c:\windows\system32\iisreset.exe
    2009-12-12 00:01:12 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-12 00:01:12 153600 ----a-w- c:\windows\system32\iisRtl.dll
    2009-12-12 00:01:10 51712 ----a-w- c:\windows\system32\admwprox.dll
    2009-12-12 00:01:10 27136 ----a-w- c:\windows\system32\ahadmin.dll
    2009-12-12 00:01:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-12 00:01:09 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-12 00:01:08 10752 ----a-w- c:\windows\system32\wamregps.dll

    ==================== Find3M ====================

    2009-12-30 21:41:47 4867 ----a-w- c:\windows\bthservsdp.dat
    2009-12-30 12:23:01 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-30 12:23:01 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-12-30 12:23:01 143360 ----a-w- c:\windows\inf\infstor.dat
    2009-11-29 20:25:34 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-29 20:25:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-29 03:37:26 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
    2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-02 09:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-10 17:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-07 11:36:36 243712 ----a-w- c:\windows\system32\rastls.dll
    2008-09-20 12:17:08 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2008-03-29 21:59:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008033020080331\index.dat

    ============= FINISH: 9:40:04.17 ===============
     
    cunners,
    #1
  2. 2009/12/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Does it happen in Firefox only? Did you try another browser?

    Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/12/30
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    Hi broni,

    Thanks for your help.

    I am running the most recent versions of ff an ie and the problem is occurring in each. I have run gooredfix:

    GooredFix by jpshortstuff (28.12.09.1)
    Log created at 13:55 on 31/12/2009 (PC USER)
    Firefox version 3.5.6 (en-GB)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [02:25 30/12/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [03:04 30/12/2009]

    C:\Users\PC USER\Application Data\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\
    delicioustagbykeywords@pratikpoddar [02:52 30/12/2009]
    firebug@software.joehewitt.com [02:52 30/12/2009]
    yslow@yahoo-inc.com [02:52 30/12/2009]
    {20a82645-c095-46ed-80e3-08825760534b} [02:52 30/12/2009]
    {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [02:52 30/12/2009]
    {6AC85730-7D0F-4de0-B3FA-21142DD85326} [02:52 30/12/2009]
    {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [01:02 31/12/2009]
    {AE93811A-5C9A-4d34-8462-F7B864FC4696} [02:52 30/12/2009]
    {c45c406e-ab73-11d8-be73-000a95be3b12} [02:52 30/12/2009]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:52 12/08/2008]
    "{3f963a5b-e555-4543-90e2-c3908898db71} "= "C:\Program Files\AVG\AVG8\Firefox" [08:47 16/03/2009]
    "bkmrksync@nokia.com "= "C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [08:54 14/08/2009]

    -=E.O.F=-

    Thanks again.
     
    cunners,
    #3
  5. 2009/12/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #4
  6. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    Hi. HJT first
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:17:07 PM, on 31/12/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate1c8e7ee16d6fa9a) (gupdate1c8e7ee16d6fa9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MozyHome Backup Service (MozyBackup) - Mozy, Inc. - C:\Program Files\Mozy\mozybackup.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 7844 bytes
     
    cunners,
    #5
  7. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    Now Combofix:

    ComboFix 09-12-30.01 - PC USER 31/12/2009 17:54:14.4.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1396 [GMT 11:00]
    Running from: c:\users\PC USER\Desktop\ComboFix.exe
    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
    .

    ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
    .

    2009-12-31 07:06 . 2009-12-31 07:06 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-12-31 07:06 . 2009-12-31 07:06 -------- d-----w- c:\users\PC USER\AppData\Local\temp
    2009-12-31 07:06 . 2009-12-31 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-31 06:50 . 2009-12-31 06:52 -------- d-----w- C:\32788R22FWJFW
    2009-12-31 04:50 . 2009-12-16 03:42 43008 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-31 04:50 . 2009-12-16 03:42 340480 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-31 04:50 . 2009-12-16 03:41 346624 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-31 04:50 . 2009-12-16 03:42 872960 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-31 03:35 . 2009-12-31 04:50 -------- d-----w- c:\users\PC USER\AppData\Local\Google
    2009-12-30 21:44 . 2009-12-30 21:44 122872 ----a-w- c:\users\PC USER\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\users\PC USER\AppData\Local\Apps
    2009-12-30 12:22 . 2009-12-30 12:22 -------- d-----w- C:\dell
    2009-12-30 07:41 . 2009-12-30 21:39 -------- d-----w- c:\program files\CleanUp!
    2009-12-30 07:35 . 2009-12-30 07:35 -------- d-----w- c:\program files\Trend Micro
    2009-12-30 03:37 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-30 03:37 . 2009-12-30 03:39 -------- d-----w- c:\program files\Malware
    2009-12-30 03:37 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-30 02:52 . 2009-02-06 20:43 24576 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    2009-12-29 11:18 . 2009-12-29 11:21 -------- d-----w- c:\users\PC USER\AppData\Roaming\QuickScan
    2009-12-29 10:47 . 2009-12-29 10:47 52224 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-29 10:47 . 2009-12-29 10:47 117760 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\users\PC USER\AppData\Roaming\Malwarebytes
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-29 09:43 . 2009-12-29 09:55 -------- d-----w- c:\program files\Safer Networking
    2009-12-29 09:22 . 2009-12-31 06:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-29 09:22 . 2009-12-31 06:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-28 02:31 . 2009-12-28 02:31 -------- d-----w- c:\users\PC USER\AppData\Roaming\MAGIX
    2009-12-28 02:23 . 2009-12-29 00:08 -------- d-----w- c:\programdata\MAGIX
    2009-12-28 02:22 . 2007-04-26 22:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-12-28 02:22 . 2009-12-29 00:08 -------- d-----w- c:\windows\system32\MAGIX
    2009-12-28 02:22 . 2008-04-15 04:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-12-26 23:17 . 2007-11-06 14:19 1156600 ----a-w- c:\windows\system32\MFC90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 568832 ----a-w- c:\windows\system32\msvcp90.dll
    2009-12-12 00:01 . 2009-11-09 12:30 8192 ----a-w- c:\windows\system32\iisrstap.dll
    2009-12-12 00:01 . 2009-11-09 10:48 14848 ----a-w- c:\windows\system32\iisreset.exe
    2009-12-12 00:01 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-12 00:01 . 2009-11-09 12:30 153600 ----a-w- c:\windows\system32\iisRtl.dll
    2009-12-12 00:01 . 2009-11-09 12:28 27136 ----a-w- c:\windows\system32\ahadmin.dll
    2009-12-12 00:01 . 2009-11-09 12:28 51712 ----a-w- c:\windows\system32\admwprox.dll
    2009-12-12 00:01 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-12 00:01 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-12 00:01 . 2009-11-09 12:32 10752 ----a-w- c:\windows\system32\wamregps.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-30 23:15 . 2007-08-10 07:30 4867 ----a-w- c:\windows\bthservsdp.dat
    2009-12-30 23:12 . 2008-04-09 21:43 -------- d-----w- c:\programdata\Lavasoft
    2009-12-30 21:50 . 2007-04-15 07:26 -------- d-----w- c:\program files\BitComet
    2009-12-30 09:49 . 2008-12-03 09:54 -------- d-----w- c:\program files\Quicken
    2009-12-30 08:32 . 2008-04-09 21:42 -------- d-----w- c:\program files\Spyware Doctor
    2009-12-30 03:08 . 2007-03-30 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-30 03:04 . 2007-04-04 09:50 -------- d-----w- c:\program files\Java
    2009-12-29 10:43 . 2007-10-20 01:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-29 08:42 . 2007-03-30 22:37 -------- d-----w- c:\programdata\Google Updater
    2009-12-29 06:55 . 2008-04-14 20:41 165232 ---ha-w- c:\users\PC USER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2009-12-28 07:57 . 2008-11-27 06:57 -------- d-----w- c:\program files\Celtx
    2009-12-28 06:39 . 2007-03-29 05:22 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-28 06:36 . 2007-03-31 17:13 -------- d-----w- c:\users\PC USER\AppData\Roaming\Skype
    2009-12-28 05:49 . 2008-08-16 06:50 -------- d-----w- c:\programdata\Intuit
    2009-12-28 05:49 . 2007-06-13 12:02 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-28 05:09 . 2008-12-03 19:18 -------- d-----w- c:\users\PC USER\AppData\Roaming\skypePM
    2009-12-28 05:06 . 2008-01-18 23:36 -------- d-----w- c:\program files\Activision
    2009-12-19 15:13 . 2007-03-30 22:37 -------- d-----w- c:\program files\Google
    2009-12-11 09:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\Windows Portable Devices
    2009-11-29 20:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-29 20:25 . 2009-11-29 20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-11-27 07:57 . 2009-11-27 07:57 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-27 00:39 . 2008-03-17 11:26 -------- d-----w- c:\program files\Windows Live
    2009-11-27 00:36 . 2008-02-07 01:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-11-21 06:40 . 2009-12-10 04:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-10 04:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 06:34 . 2009-12-10 04:09 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 04:59 . 2009-12-10 04:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-16 01:46 . 2009-07-14 11:50 -------- d-----w- c:\program files\FileZilla FTP Client
    2009-11-13 11:51 . 2007-04-18 07:39 -------- d-----w- c:\users\PC USER\AppData\Roaming\Apple Computer
    2009-11-11 03:12 . 2009-11-11 03:12 300880 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
    2009-11-11 03:12 . 2009-11-11 03:12 358264 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_7.1.2.1_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
    2009-11-11 03:11 . 2008-03-27 10:55 -------- d-----w- c:\users\PC USER\AppData\Roaming\FileZilla
    2009-11-04 09:21 . 2009-11-04 09:20 -------- d-----w- c:\program files\iTunes
    2009-11-04 09:20 . 2009-11-04 09:20 -------- d-----w- c:\program files\iPod
    2009-11-04 09:20 . 2007-07-02 21:54 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-04 09:17 . 2009-11-04 09:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-02 09:42 . 2009-10-03 06:34 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-11-27 07:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-17 00:13 . 2008-08-14 08:24 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2009-10-17 00:13 . 2008-08-14 08:24 1722464 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
    2009-10-10 17:17 . 2009-01-06 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-08 21:08 . 2009-11-29 20:02 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:08 . 2009-11-29 20:02 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:07 . 2009-11-29 20:02 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-07 11:36 . 2009-12-10 04:09 243712 ----a-w- c:\windows\system32\rastls.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy2]
    @= "{747E722C-CB46-4a9d-BDFE-192AAD5099B1} "
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy3]
    @= "{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} "
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-06-23 745472]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SQL Prompt Query Analyzer Integration.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SQL Prompt Query Analyzer Integration.lnk
    backup=c:\windows\pss\SQL Prompt Query Analyzer Integration.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
    2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 09:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Subscription Center]
    2008-01-18 04:28 107544 ----a-w- c:\users\PC USER\AppData\Local\Microsoft\SubscriptionCenter\SubscriptionCenter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
    2009-06-23 01:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-03-27 00:03 13687328 ----a-w- c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-03-27 00:03 92704 ----a-w- c:\windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-06-25 05:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-06-26 05:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 05:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-10 17:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-12-16 05:26 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-03-30 22:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "RGSC "=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    "Sidebar "=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "ehTray.exe "=c:\windows\ehome\ehTray.exe
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe "
    "swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe "
    "00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    "Windows Defender "=c:\program files\Windows Defender\MSASCui.exe -hide
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe "
    "AVG8_TRAY "=c:\progra~1\AVG\AVG8\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):b8,13,a6,94,a8,70,ca,01

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [29/06/2009 12:38 AM 130936]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/03/2009 7:48 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/03/2009 7:48 PM 108552]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [29/06/2009 12:39 AM 159600]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/03/2009 7:47 PM 297752]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [29/06/2009 12:38 AM 73840]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2009 2:05 AM 92008]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24/08/2007 7:34 PM 15872]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [25/07/2009 12:09 PM 95640]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/01/2008 4:53 PM 721904]
    S2 gupdate1c8e7ee16d6fa9a;Google Update Service (gupdate1c8e7ee16d6fa9a);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2008 8:20 PM 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/09/2008 3:54 PM 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [27/11/2009 11:39 AM 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
    S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [8/04/2009 7:10 PM 42888]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 3:48 PM 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 3:48 PM 8320]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/04/2008 8:42 AM 348752]
    S3 SSDefrag;SSDefrag;c:\windows\System32\drivers\SSDefrag.sys [9/08/2008 3:19 PM 37888]
    S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [20/09/2008 3:54 PM 11264]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 11:28 AM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 4:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 4:23 AM 366936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 08:01]

    2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 08:01]

    2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{F4D0743F-C22D-4FF6-AF1C-4560B508966D}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    FF - ProfilePath - c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-31 18:06
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87B06841]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8d1a2d24
    \Driver\ACPI -> acpi.sys @ 0x80692d68
    \Driver\atapi -> ataport.SYS @ 0x807a8a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]
    "ImagePath "= "\ "c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(300)
    c:\program files\Mozy\mozyshell.dll
    .
    Completion time: 2009-12-31 18:12:19
    ComboFix-quarantined-files.txt 2009-12-31 07:12
    ComboFix2.txt 2009-12-30 23:41
    ComboFix3.txt 2009-12-29 12:21

    Pre-Run: 74,713,636,864 bytes free
    Post-Run: 74,628,452,352 bytes free

    - - End Of File - - 294E45FE368637EE6753BE57ED0305A2
     
    cunners,
    #6
  8. 2009/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can see, you ran Combofix before. I'd like to see those other logs (ComboFix2.txt, ComboFix3.txt).
     
    broni,
    #7
  9. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    Yeah I ran them before I contacted you to see if anything stood out.

    combofix.txt first:

    ComboFix 09-12-30.01 - PC USER 31/12/2009 17:54:14.4.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1396 [GMT 11:00]
    Running from: c:\users\PC USER\Desktop\ComboFix.exe
    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
    .

    ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
    .

    2009-12-31 07:06 . 2009-12-31 07:06 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-12-31 07:06 . 2009-12-31 07:06 -------- d-----w- c:\users\PC USER\AppData\Local\temp
    2009-12-31 07:06 . 2009-12-31 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-31 06:50 . 2009-12-31 06:52 -------- d-----w- C:\32788R22FWJFW
    2009-12-31 04:50 . 2009-12-16 03:42 43008 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-31 04:50 . 2009-12-16 03:42 340480 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-31 04:50 . 2009-12-16 03:41 346624 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-31 04:50 . 2009-12-16 03:42 872960 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-31 03:35 . 2009-12-31 04:50 -------- d-----w- c:\users\PC USER\AppData\Local\Google
    2009-12-30 21:44 . 2009-12-30 21:44 122872 ----a-w- c:\users\PC USER\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\users\PC USER\AppData\Local\Apps
    2009-12-30 12:22 . 2009-12-30 12:22 -------- d-----w- C:\dell
    2009-12-30 07:41 . 2009-12-30 21:39 -------- d-----w- c:\program files\CleanUp!
    2009-12-30 07:35 . 2009-12-30 07:35 -------- d-----w- c:\program files\Trend Micro
    2009-12-30 03:37 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-30 03:37 . 2009-12-30 03:39 -------- d-----w- c:\program files\Malware
    2009-12-30 03:37 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-30 02:52 . 2009-02-06 20:43 24576 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    2009-12-29 11:18 . 2009-12-29 11:21 -------- d-----w- c:\users\PC USER\AppData\Roaming\QuickScan
    2009-12-29 10:47 . 2009-12-29 10:47 52224 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-29 10:47 . 2009-12-29 10:47 117760 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\users\PC USER\AppData\Roaming\Malwarebytes
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-29 09:43 . 2009-12-29 09:55 -------- d-----w- c:\program files\Safer Networking
    2009-12-29 09:22 . 2009-12-31 06:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-29 09:22 . 2009-12-31 06:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-28 02:31 . 2009-12-28 02:31 -------- d-----w- c:\users\PC USER\AppData\Roaming\MAGIX
    2009-12-28 02:23 . 2009-12-29 00:08 -------- d-----w- c:\programdata\MAGIX
    2009-12-28 02:22 . 2007-04-26 22:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-12-28 02:22 . 2009-12-29 00:08 -------- d-----w- c:\windows\system32\MAGIX
    2009-12-28 02:22 . 2008-04-15 04:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-12-26 23:17 . 2007-11-06 14:19 1156600 ----a-w- c:\windows\system32\MFC90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 568832 ----a-w- c:\windows\system32\msvcp90.dll
    2009-12-12 00:01 . 2009-11-09 12:30 8192 ----a-w- c:\windows\system32\iisrstap.dll
    2009-12-12 00:01 . 2009-11-09 10:48 14848 ----a-w- c:\windows\system32\iisreset.exe
    2009-12-12 00:01 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-12 00:01 . 2009-11-09 12:30 153600 ----a-w- c:\windows\system32\iisRtl.dll
    2009-12-12 00:01 . 2009-11-09 12:28 27136 ----a-w- c:\windows\system32\ahadmin.dll
    2009-12-12 00:01 . 2009-11-09 12:28 51712 ----a-w- c:\windows\system32\admwprox.dll
    2009-12-12 00:01 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-12 00:01 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-12 00:01 . 2009-11-09 12:32 10752 ----a-w- c:\windows\system32\wamregps.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-30 23:15 . 2007-08-10 07:30 4867 ----a-w- c:\windows\bthservsdp.dat
    2009-12-30 23:12 . 2008-04-09 21:43 -------- d-----w- c:\programdata\Lavasoft
    2009-12-30 09:49 . 2008-12-03 09:54 -------- d-----w- c:\program files\Quicken
    2009-12-30 08:32 . 2008-04-09 21:42 -------- d-----w- c:\program files\Spyware Doctor
    2009-12-30 03:08 . 2007-03-30 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-30 03:04 . 2007-04-04 09:50 -------- d-----w- c:\program files\Java
    2009-12-29 10:43 . 2007-10-20 01:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-29 08:42 . 2007-03-30 22:37 -------- d-----w- c:\programdata\Google Updater
    2009-12-29 06:55 . 2008-04-14 20:41 165232 ---ha-w- c:\users\PC USER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2009-12-28 07:57 . 2008-11-27 06:57 -------- d-----w- c:\program files\Celtx
    2009-12-28 06:39 . 2007-03-29 05:22 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-28 06:36 . 2007-03-31 17:13 -------- d-----w- c:\users\PC USER\AppData\Roaming\Skype
    2009-12-28 05:49 . 2008-08-16 06:50 -------- d-----w- c:\programdata\Intuit
    2009-12-28 05:49 . 2007-06-13 12:02 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-28 05:09 . 2008-12-03 19:18 -------- d-----w- c:\users\PC USER\AppData\Roaming\skypePM
    2009-12-28 05:06 . 2008-01-18 23:36 -------- d-----w- c:\program files\Activision
    2009-12-19 15:13 . 2007-03-30 22:37 -------- d-----w- c:\program files\Google
    2009-12-11 09:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\Windows Portable Devices
    2009-11-29 20:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-29 20:25 . 2009-11-29 20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-11-27 07:57 . 2009-11-27 07:57 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-27 00:39 . 2008-03-17 11:26 -------- d-----w- c:\program files\Windows Live
    2009-11-27 00:36 . 2008-02-07 01:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-11-21 06:40 . 2009-12-10 04:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-10 04:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 06:34 . 2009-12-10 04:09 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 04:59 . 2009-12-10 04:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-16 01:46 . 2009-07-14 11:50 -------- d-----w- c:\program files\FileZilla FTP Client
    2009-11-13 11:51 . 2007-04-18 07:39 -------- d-----w- c:\users\PC USER\AppData\Roaming\Apple Computer
    2009-11-11 03:12 . 2009-11-11 03:12 300880 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
    2009-11-11 03:12 . 2009-11-11 03:12 358264 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_7.1.2.1_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
    2009-11-11 03:11 . 2008-03-27 10:55 -------- d-----w- c:\users\PC USER\AppData\Roaming\FileZilla
    2009-11-04 09:21 . 2009-11-04 09:20 -------- d-----w- c:\program files\iTunes
    2009-11-04 09:20 . 2009-11-04 09:20 -------- d-----w- c:\program files\iPod
    2009-11-04 09:20 . 2007-07-02 21:54 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-04 09:17 . 2009-11-04 09:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-02 09:42 . 2009-10-03 06:34 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-11-27 07:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-17 00:13 . 2008-08-14 08:24 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2009-10-17 00:13 . 2008-08-14 08:24 1722464 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
    2009-10-10 17:17 . 2009-01-06 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-08 21:08 . 2009-11-29 20:02 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:08 . 2009-11-29 20:02 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:07 . 2009-11-29 20:02 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-07 11:36 . 2009-12-10 04:09 243712 ----a-w- c:\windows\system32\rastls.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy2]
    @= "{747E722C-CB46-4a9d-BDFE-192AAD5099B1} "
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy3]
    @= "{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} "
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-06-23 745472]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SQL Prompt Query Analyzer Integration.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SQL Prompt Query Analyzer Integration.lnk
    backup=c:\windows\pss\SQL Prompt Query Analyzer Integration.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
    2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 09:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Subscription Center]
    2008-01-18 04:28 107544 ----a-w- c:\users\PC USER\AppData\Local\Microsoft\SubscriptionCenter\SubscriptionCenter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
    2009-06-23 01:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-03-27 00:03 13687328 ----a-w- c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-03-27 00:03 92704 ----a-w- c:\windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-06-25 05:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-06-26 05:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 05:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-10 17:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-12-16 05:26 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-03-30 22:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "RGSC "=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    "Sidebar "=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "ehTray.exe "=c:\windows\ehome\ehTray.exe
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe "
    "swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe "
    "00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    "Windows Defender "=c:\program files\Windows Defender\MSASCui.exe -hide
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe "
    "AVG8_TRAY "=c:\progra~1\AVG\AVG8\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):b8,13,a6,94,a8,70,ca,01

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [29/06/2009 12:38 AM 130936]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/03/2009 7:48 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/03/2009 7:48 PM 108552]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [29/06/2009 12:39 AM 159600]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/03/2009 7:47 PM 297752]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [29/06/2009 12:38 AM 73840]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2009 2:05 AM 92008]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24/08/2007 7:34 PM 15872]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [25/07/2009 12:09 PM 95640]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/01/2008 4:53 PM 721904]
    S2 gupdate1c8e7ee16d6fa9a;Google Update Service (gupdate1c8e7ee16d6fa9a);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2008 8:20 PM 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/09/2008 3:54 PM 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [27/11/2009 11:39 AM 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
    S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [8/04/2009 7:10 PM 42888]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 3:48 PM 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 3:48 PM 8320]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/04/2008 8:42 AM 348752]
    S3 SSDefrag;SSDefrag;c:\windows\System32\drivers\SSDefrag.sys [9/08/2008 3:19 PM 37888]
    S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [20/09/2008 3:54 PM 11264]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 11:28 AM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 4:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 4:23 AM 366936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 08:01]

    2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 08:01]

    2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{F4D0743F-C22D-4FF6-AF1C-4560B508966D}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    FF - ProfilePath - c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-31 18:06
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87B06841]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8d1a2d24
    \Driver\ACPI -> acpi.sys @ 0x80692d68
    \Driver\atapi -> ataport.SYS @ 0x807a8a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]
    "ImagePath "= "\ "c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(300)
    c:\program files\Mozy\mozyshell.dll
    .
    Completion time: 2009-12-31 18:12:19
    ComboFix-quarantined-files.txt 2009-12-31 07:12
    ComboFix2.txt 2009-12-30 23:41
    ComboFix3.txt 2009-12-29 12:21

    Pre-Run: 74,713,636,864 bytes free
    Post-Run: 74,628,452,352 bytes free

    - - End Of File - - 294E45FE368637EE6753BE57ED0305A2
     
    cunners,
    #8
  10. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    now combofix1.txt:

    ComboFix 09-12-29.06 - PC USER 31/12/2009 10:19:17.3.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1732 [GMT 11:00]
    Running from: c:\users\PC USER\Desktop\ComboFix.exe
    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
    .

    ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
    .

    2009-12-30 23:34 . 2009-12-30 23:34 -------- d-----w- c:\users\PC USER\AppData\Local\temp
    2009-12-30 23:34 . 2009-12-30 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-30 23:13 . 2009-12-30 23:14 -------- d-----w- C:\32788R22FWJFW
    2009-12-30 21:44 . 2009-12-30 21:44 122872 ----a-w- c:\users\PC USER\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-30 21:43 . 2009-12-30 21:43 -------- d-----w- c:\users\PC USER\AppData\Local\Apps
    2009-12-30 12:22 . 2009-12-30 12:22 -------- d-----w- C:\dell
    2009-12-30 07:41 . 2009-12-30 21:39 -------- d-----w- c:\program files\CleanUp!
    2009-12-30 07:35 . 2009-12-30 07:35 -------- d-----w- c:\program files\Trend Micro
    2009-12-30 03:37 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-30 03:37 . 2009-12-30 03:39 -------- d-----w- c:\program files\Malware
    2009-12-30 03:37 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-30 02:52 . 2009-02-06 20:43 24576 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    2009-12-29 11:18 . 2009-12-29 11:21 -------- d-----w- c:\users\PC USER\AppData\Roaming\QuickScan
    2009-12-29 10:47 . 2009-12-29 10:47 52224 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-29 10:47 . 2009-12-29 10:47 117760 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\users\PC USER\AppData\Roaming\Malwarebytes
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-29 09:43 . 2009-12-29 09:55 -------- d-----w- c:\program files\Safer Networking
    2009-12-29 09:22 . 2009-12-30 02:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-29 09:22 . 2009-12-29 09:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-28 02:31 . 2009-12-28 02:31 -------- d-----w- c:\users\PC USER\AppData\Roaming\MAGIX
    2009-12-28 02:23 . 2009-12-29 00:08 -------- d-----w- c:\programdata\MAGIX
    2009-12-28 02:22 . 2007-04-26 22:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-12-28 02:22 . 2009-12-29 00:08 -------- d-----w- c:\windows\system32\MAGIX
    2009-12-28 02:22 . 2008-04-15 04:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-12-26 23:17 . 2007-11-06 14:19 1156600 ----a-w- c:\windows\system32\MFC90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 568832 ----a-w- c:\windows\system32\msvcp90.dll
    2009-12-12 00:01 . 2009-11-09 12:30 8192 ----a-w- c:\windows\system32\iisrstap.dll
    2009-12-12 00:01 . 2009-11-09 10:48 14848 ----a-w- c:\windows\system32\iisreset.exe
    2009-12-12 00:01 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-12 00:01 . 2009-11-09 12:30 153600 ----a-w- c:\windows\system32\iisRtl.dll
    2009-12-12 00:01 . 2009-11-09 12:28 27136 ----a-w- c:\windows\system32\ahadmin.dll
    2009-12-12 00:01 . 2009-11-09 12:28 51712 ----a-w- c:\windows\system32\admwprox.dll
    2009-12-12 00:01 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-12 00:01 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-12 00:01 . 2009-11-09 12:32 10752 ----a-w- c:\windows\system32\wamregps.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-30 23:15 . 2007-08-10 07:30 4867 ----a-w- c:\windows\bthservsdp.dat
    2009-12-30 23:12 . 2008-04-09 21:43 -------- d-----w- c:\programdata\Lavasoft
    2009-12-30 09:49 . 2008-12-03 09:54 -------- d-----w- c:\program files\Quicken
    2009-12-30 08:32 . 2008-04-09 21:42 -------- d-----w- c:\program files\Spyware Doctor
    2009-12-30 03:08 . 2007-03-30 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-30 03:04 . 2007-04-04 09:50 -------- d-----w- c:\program files\Java
    2009-12-29 10:43 . 2007-10-20 01:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-29 08:42 . 2007-03-30 22:37 -------- d-----w- c:\programdata\Google Updater
    2009-12-29 06:55 . 2008-04-14 20:41 165232 ---ha-w- c:\users\PC USER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2009-12-28 07:57 . 2008-11-27 06:57 -------- d-----w- c:\program files\Celtx
    2009-12-28 06:39 . 2007-03-29 05:22 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-28 06:36 . 2007-03-31 17:13 -------- d-----w- c:\users\PC USER\AppData\Roaming\Skype
    2009-12-28 05:49 . 2008-08-16 06:50 -------- d-----w- c:\programdata\Intuit
    2009-12-28 05:49 . 2007-06-13 12:02 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-28 05:09 . 2008-12-03 19:18 -------- d-----w- c:\users\PC USER\AppData\Roaming\skypePM
    2009-12-28 05:06 . 2008-01-18 23:36 -------- d-----w- c:\program files\Activision
    2009-12-19 15:13 . 2007-03-30 22:37 -------- d-----w- c:\program files\Google
    2009-12-11 09:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\Windows Portable Devices
    2009-11-29 20:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-29 20:25 . 2009-11-29 20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-11-27 07:57 . 2009-11-27 07:57 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-27 00:39 . 2008-03-17 11:26 -------- d-----w- c:\program files\Windows Live
    2009-11-27 00:36 . 2008-02-07 01:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-11-21 06:40 . 2009-12-10 04:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-10 04:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 06:34 . 2009-12-10 04:09 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 04:59 . 2009-12-10 04:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-16 01:46 . 2009-07-14 11:50 -------- d-----w- c:\program files\FileZilla FTP Client
    2009-11-13 11:51 . 2007-04-18 07:39 -------- d-----w- c:\users\PC USER\AppData\Roaming\Apple Computer
    2009-11-11 03:12 . 2009-11-11 03:12 300880 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
    2009-11-11 03:12 . 2009-11-11 03:12 358264 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_7.1.2.1_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
    2009-11-11 03:11 . 2008-03-27 10:55 -------- d-----w- c:\users\PC USER\AppData\Roaming\FileZilla
    2009-11-04 09:21 . 2009-11-04 09:20 -------- d-----w- c:\program files\iTunes
    2009-11-04 09:20 . 2009-11-04 09:20 -------- d-----w- c:\program files\iPod
    2009-11-04 09:20 . 2007-07-02 21:54 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-04 09:17 . 2009-11-04 09:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-02 09:42 . 2009-10-03 06:34 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-11-27 07:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-17 00:13 . 2008-08-14 08:24 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2009-10-17 00:13 . 2008-08-14 08:24 1722464 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
    2009-10-10 17:17 . 2009-01-06 19:12 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-08 21:08 . 2009-11-29 20:02 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-10-08 21:08 . 2009-11-29 20:02 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-10-08 21:07 . 2009-11-29 20:02 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-10-07 11:36 . 2009-12-10 04:09 243712 ----a-w- c:\windows\system32\rastls.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy2]
    @= "{747E722C-CB46-4a9d-BDFE-192AAD5099B1} "
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy3]
    @= "{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} "
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-06-23 745472]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SQL Prompt Query Analyzer Integration.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SQL Prompt Query Analyzer Integration.lnk
    backup=c:\windows\pss\SQL Prompt Query Analyzer Integration.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
    2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 09:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Subscription Center]
    2008-01-18 04:28 107544 ----a-w- c:\users\PC USER\AppData\Local\Microsoft\SubscriptionCenter\SubscriptionCenter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
    2009-06-23 01:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-03-27 00:03 13687328 ----a-w- c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-03-27 00:03 92704 ----a-w- c:\windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-06-25 05:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-06-26 05:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 05:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-10 17:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-12-16 05:26 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-03-30 22:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "RGSC "=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    "Sidebar "=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "ehTray.exe "=c:\windows\ehome\ehTray.exe
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe "
    "swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe "
    "00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    "Windows Defender "=c:\program files\Windows Defender\MSASCui.exe -hide
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe "
    "AVG8_TRAY "=c:\progra~1\AVG\AVG8\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):b8,13,a6,94,a8,70,ca,01

    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [29/06/2009 12:38 AM 130936]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/03/2009 7:48 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/03/2009 7:48 PM 108552]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [29/06/2009 12:39 AM 159600]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/03/2009 7:47 PM 297752]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [29/06/2009 12:38 AM 73840]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29/12/2009 8:22 PM 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2009 2:05 AM 92008]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24/08/2007 7:34 PM 15872]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [25/07/2009 12:09 PM 95640]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/01/2008 4:53 PM 721904]
    S2 gupdate1c8e7ee16d6fa9a;Google Update Service (gupdate1c8e7ee16d6fa9a);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2008 8:20 PM 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/09/2008 3:54 PM 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [27/11/2009 11:39 AM 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
    S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [8/04/2009 7:10 PM 42888]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 3:48 PM 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 3:48 PM 8320]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/04/2008 8:42 AM 348752]
    S3 SSDefrag;SSDefrag;c:\windows\System32\drivers\SSDefrag.sys [9/08/2008 3:19 PM 37888]
    S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [20/09/2008 3:54 PM 11264]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 11:28 AM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 4:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 4:23 AM 366936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 08:01]

    2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-07-18 08:01]

    2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{F4D0743F-C22D-4FF6-AF1C-4560B508966D}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    FF - ProfilePath - c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\k1l4ektz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Google Update - c:\users\PC USER\AppData\Local\Google\Update\GoogleUpdate.exe
    AddRemove-Google Chrome - c:\users\PC USER\AppData\Local\Google\Chrome\Application\3.0.195.38\Installer\setup.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-31 10:34
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87B06841]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8d1a2d24
    \Driver\ACPI -> acpi.sys @ 0x80692d68
    \Driver\atapi -> ataport.SYS @ 0x807a8a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]
    "ImagePath "= "\ "c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2009-12-31 10:41:09
    ComboFix-quarantined-files.txt 2009-12-30 23:41
    ComboFix2.txt 2009-12-29 12:21

    Pre-Run: 76,063,772,672 bytes free
    Post-Run: 75,974,414,336 bytes free

    - - End Of File - - B681F2FADD0238764795EBA4939271FA
     
    cunners,
    #9
  11. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    sorry i didn't include this one before as i thought the other 2 were the older log files, here is combofix3.txt:

    ComboFix 09-12-28.05 - PC USER 29/12/2009 22:57:53.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1929 [GMT 11:00]
    Running from: c:\users\PC USER\Desktop\ComboFix.exe
    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\test.txt
    c:\users\PC USER\AppData\Roaming\inst.exe
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar\next_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif
    c:\windows\winhelp.ini

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
    .

    2009-12-29 12:14 . 2009-12-29 12:15 -------- d-----w- c:\users\PC USER\AppData\Local\temp
    2009-12-29 12:14 . 2009-12-29 12:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-29 11:47 . 2009-12-29 11:50 -------- d-----w- C:\32788R22FWJFW
    2009-12-29 11:34 . 2009-12-20 06:41 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2009-12-29 11:34 . 2009-12-29 11:34 -------- d-----w- c:\program files\VS Revo Group
    2009-12-29 11:18 . 2009-12-29 11:21 -------- d-----w- c:\users\PC USER\AppData\Roaming\QuickScan
    2009-12-29 11:18 . 2009-12-23 15:52 684032 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    2009-12-29 11:18 . 2009-12-23 15:52 776704 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2009-12-29 10:47 . 2009-12-29 10:47 52224 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2009-12-29 10:47 . 2009-12-29 10:47 117760 ----a-w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-29 10:46 . 2009-12-29 10:46 -------- d-----w- c:\users\PC USER\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\users\PC USER\AppData\Roaming\Malwarebytes
    2009-12-29 10:41 . 2009-12-03 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-29 10:41 . 2009-12-29 10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-29 10:41 . 2009-12-03 05:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-29 10:19 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-12-29 10:14 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
    2009-12-29 10:13 . 2009-12-29 10:14 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2009-12-29 10:13 . 2009-12-29 10:13 -------- d-----w- c:\program files\Lavasoft
    2009-12-29 09:43 . 2009-12-29 09:55 -------- d-----w- c:\program files\Safer Networking
    2009-12-29 09:22 . 2009-12-29 09:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-29 09:22 . 2009-12-29 09:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-28 02:31 . 2009-12-28 02:31 -------- d-----w- c:\users\PC USER\AppData\Roaming\MAGIX
    2009-12-28 02:23 . 2009-12-29 00:08 -------- d-----w- c:\programdata\MAGIX
    2009-12-28 02:22 . 2007-04-26 22:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-12-28 02:22 . 2009-12-29 00:08 -------- d-----w- c:\windows\system32\MAGIX
    2009-12-28 02:22 . 2008-04-15 04:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-12-26 23:17 . 2009-12-26 23:17 -------- d-----w- c:\users\PC USER\AppData\Local\Application Data
    2009-12-26 23:17 . 2007-11-06 14:19 1156600 ----a-w- c:\windows\system32\MFC90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2009-12-26 23:17 . 2007-11-06 14:19 568832 ----a-w- c:\windows\system32\msvcp90.dll
    2009-12-12 00:01 . 2009-11-09 12:30 8192 ----a-w- c:\windows\system32\iisrstap.dll
    2009-12-12 00:01 . 2009-11-09 10:48 14848 ----a-w- c:\windows\system32\iisreset.exe
    2009-12-12 00:01 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-12 00:01 . 2009-11-09 12:30 153600 ----a-w- c:\windows\system32\iisRtl.dll
    2009-12-12 00:01 . 2009-11-09 12:28 27136 ----a-w- c:\windows\system32\ahadmin.dll
    2009-12-12 00:01 . 2009-11-09 12:28 51712 ----a-w- c:\windows\system32\admwprox.dll
    2009-12-12 00:01 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-12 00:01 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-12 00:01 . 2009-11-09 12:32 10752 ----a-w- c:\windows\system32\wamregps.dll
    2009-12-01 01:04 . 2009-11-19 00:48 872960 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-01 01:04 . 2009-11-19 00:48 43008 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-01 01:04 . 2009-11-19 00:48 340480 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-01 01:04 . 2009-11-19 00:48 346624 ----a-w- c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-11-29 20:25 . 2009-11-29 20:25 -------- d-----w- c:\program files\Windows Portable Devices
    2009-11-29 20:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-11-29 20:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-11-29 20:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-11-29 20:03 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-11-29 20:03 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-11-29 20:03 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-11-29 20:03 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-11-29 20:03 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-11-29 20:03 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-11-29 20:03 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-11-29 20:03 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-11-29 20:03 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-11-29 20:03 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-11-29 20:03 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-11-29 20:03 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-11-29 20:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-11-29 20:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-11-29 20:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-11-29 19:59 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-11-29 19:59 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-29 11:51 . 2007-08-10 07:30 4867 ----a-w- c:\windows\bthservsdp.dat
    2009-12-29 10:47 . 2008-04-09 21:42 -------- d-----w- c:\program files\Spyware Doctor
    2009-12-29 10:43 . 2007-10-20 01:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-29 10:13 . 2008-04-09 21:43 -------- d-----w- c:\programdata\Lavasoft
    2009-12-29 09:38 . 2008-12-03 09:54 -------- d-----w- c:\program files\Quicken
    2009-12-29 08:42 . 2007-03-30 22:37 -------- d-----w- c:\programdata\Google Updater
    2009-12-29 06:55 . 2008-04-14 20:41 165232 ---ha-w- c:\users\PC USER\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2009-12-28 20:12 . 2007-03-29 05:19 122872 ----a-w- c:\users\PC USER\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-28 07:57 . 2008-11-27 06:57 -------- d-----w- c:\program files\Celtx
    2009-12-28 06:39 . 2007-03-29 05:22 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-28 06:36 . 2007-03-31 17:13 -------- d-----w- c:\users\PC USER\AppData\Roaming\Skype
    2009-12-28 05:49 . 2008-08-16 06:50 -------- d-----w- c:\programdata\Intuit
    2009-12-28 05:49 . 2007-06-13 12:02 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-28 05:09 . 2008-12-03 19:18 -------- d-----w- c:\users\PC USER\AppData\Roaming\skypePM
    2009-12-28 05:08 . 2007-03-30 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-28 05:06 . 2008-01-18 23:36 -------- d-----w- c:\program files\Activision
    2009-12-27 23:17 . 2007-04-15 07:26 -------- d-----w- c:\program files\BitComet
    2009-12-19 15:13 . 2007-03-30 22:37 -------- d-----w- c:\program files\Google
    2009-12-11 09:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-11-29 20:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-29 20:25 . 2009-11-29 20:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-11-29 03:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-11-27 07:57 . 2009-11-27 07:57 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-27 00:39 . 2008-03-17 11:26 -------- d-----w- c:\program files\Windows Live
    2009-11-27 00:36 . 2008-02-07 01:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-11-21 06:40 . 2009-12-10 04:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-10 04:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 06:34 . 2009-12-10 04:09 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 04:59 . 2009-12-10 04:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-16 01:46 . 2009-07-14 11:50 -------- d-----w- c:\program files\FileZilla FTP Client
    2009-11-15 03:59 . 2009-11-15 03:59 680 ----a-w- c:\users\PC USER\AppData\Local\d3d9caps.dat
    2009-11-13 11:51 . 2007-04-18 07:39 -------- d-----w- c:\users\PC USER\AppData\Roaming\Apple Computer
    2009-11-11 03:12 . 2009-11-11 03:12 300880 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
    2009-11-11 03:12 . 2009-11-11 03:12 358264 ----a-w- c:\users\PC USER\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_7.1.2.1_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
    2009-11-11 03:11 . 2008-03-27 10:55 -------- d-----w- c:\users\PC USER\AppData\Roaming\FileZilla
    2009-11-04 09:21 . 2009-11-04 09:20 -------- d-----w- c:\program files\iTunes
    2009-11-04 09:20 . 2009-11-04 09:20 -------- d-----w- c:\program files\iPod
    2009-11-04 09:20 . 2007-07-02 21:54 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-04 09:17 . 2009-11-04 09:17 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-02 09:42 . 2009-10-03 06:34 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-11-27 07:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-17 00:13 . 2008-08-14 08:24 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
    2009-10-17 00:13 . 2008-08-14 08:24 1722464 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
    2009-10-07 11:36 . 2009-12-10 04:09 243712 ----a-w- c:\windows\system32\rastls.dll
    2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy2]
    @= "{747E722C-CB46-4a9d-BDFE-192AAD5099B1} "
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Mozy3]
    @= "{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} "
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2009-06-24 05:03 2835256 ----a-w- c:\program files\Mozy\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-06-23 745472]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SQL Prompt Query Analyzer Integration.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SQL Prompt Query Analyzer Integration.lnk
    backup=c:\windows\pss\SQL Prompt Query Analyzer Integration.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 04:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
    2009-07-18 03:21 257440 ----a-w- c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-08-29 08:01 133104 ----atw- c:\users\PC USER\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-28 09:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Subscription Center]
    2008-01-18 04:28 107544 ----a-w- c:\users\PC USER\AppData\Local\Microsoft\SubscriptionCenter\SubscriptionCenter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
    2009-06-23 01:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-03-27 00:03 13687328 ----a-w- c:\windows\System32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-03-27 00:03 92704 ----a-w- c:\windows\System32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-06-25 05:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-06-26 05:56 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-03-30 22:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "RGSC "=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    "Sidebar "=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "ehTray.exe "=c:\windows\ehome\ehTray.exe
    "TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe "
    "swg "=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe "
    "00PCTFW "= "c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    "Windows Defender "=c:\program files\Windows Defender\MSASCui.exe -hide
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
    "ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe "
    "AVG8_TRAY "=c:\progra~1\AVG\AVG8\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):b8,13,a6,94,a8,70,ca,01

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [29/12/2009 9:19 PM 64288]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [29/06/2009 12:38 AM 130936]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/03/2009 7:48 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/03/2009 7:48 PM 108552]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [29/06/2009 12:39 AM 159600]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 4:26 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 4:26 PM 74480]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/03/2009 7:47 PM 297752]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/12/2009 12:19 AM 1181328]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [29/06/2009 12:38 AM 73840]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29/12/2009 8:22 PM 1153368]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/04/2008 8:42 AM 348752]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2009 2:05 AM 92008]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24/08/2007 7:34 PM 15872]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [25/07/2009 12:09 PM 95640]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/01/2008 4:53 PM 721904]
    S2 gupdate1c8e7ee16d6fa9a;Google Update Service (gupdate1c8e7ee16d6fa9a);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2008 8:20 PM 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/09/2008 3:54 PM 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [27/11/2009 11:39 AM 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [29/12/2009 9:41 PM 38224]
    S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [8/04/2009 7:10 PM 42888]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 3:48 PM 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 3:48 PM 8320]
    S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [29/12/2009 10:34 PM 27192]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 4:27 PM 7408]
    S3 SSDefrag;SSDefrag;c:\windows\System32\drivers\SSDefrag.sys [9/08/2008 3:19 PM 37888]
    S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [20/09/2008 3:54 PM 11264]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 11:28 AM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 4:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 4:23 AM 366936]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    FF - ProfilePath - c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&source=iglk
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    FF - component: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\PC USER\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\users\PC USER\AppData\Roaming\Mozilla\Firefox\Profiles\grtnsy2g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');.
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-29 23:14
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87B06841]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x8d1a1d24
    \Driver\ACPI -> acpi.sys @ 0x80693d68
    \Driver\atapi -> ataport.SYS @ 0x807a9a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]
    "ImagePath "= "\ "c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "FirefoxHTML "

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2009-12-29 23:21:49
    ComboFix-quarantined-files.txt 2009-12-29 12:21

    Pre-Run: 71,316,246,528 bytes free
    Post-Run: 70,463,709,184 bytes free

    - - End Of File - - 9C72060197A5B5373E3A4B51EA9552F7
     
    cunners,
    #10
  12. 2009/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ...and the other one?
     
    broni,
    #11
  13. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    Hi Broni,

    All 3 combofix log files are now included above.

    1) created at 31/12/2009 17:54:14.4.2
    2) created at 31/12/2009 10:19:17.3.2
    3) created at 29/12/2009 22:57:53.1.2

    Thanks
     
    cunners,
    #12
  14. 2009/12/31
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    Hi Broni,

    Not sure if my last post went through so here it is again.

    All 3 combofix log files are now included.

    1) created at 31/12/2009 17:54:14.4.2
    2) created at 31/12/2009 10:19:17.3.2
    3) created at 29/12/2009 22:57:53.1.2

    Thanks
     
    cunners,
    #13
  15. 2010/01/01
    cunners

    cunners Inactive Thread Starter

    Joined:
    2009/12/30
    Messages:
    10
    Likes Received:
    0
    hi broni,

    I bit the bullet and did a fresh restore of my PC. thanks anyway.
     
    cunners,
    #14
  16. 2010/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh, OK.
    Thanks for letting me know :)
    Happy New Year :)
     
    broni,
    #15

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...