Active Virus Warnings In Windows Security Trojans, Worms, Hijack

Ok here is the combofix log

Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.13
HijackThis version: 2.0.4

 

and here is the hijack log.

I am getting an error when attempting a hijack scan that mentions something about a registry file and asks if I want to alert hijack about it to help improve the program. It doesn't seem to effect the scan.

Please help us improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.13
HijackThis version: 2.0.4



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41, on 2010-05-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe "
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: winlob32 - winlob32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: M-Audio Series II MIDI Installer (ma_cmidi_installerservice) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 11043 bytes

 

Here is the combofix log. I did scan combofix first but the post didn't take.

ComboFix 10-05-02.01 - Gideon 2010-05-02 15:07:07.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1490 [GMT -7:00]
Running from: c:\documents and settings\Gideon\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Gideon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::a
"c:\docume~1\Gideon\LOCALS~1\Temp\Fadpu16E.sys "
"c:\windows\system32\47F0EAAE47.sys "
"c:\windows\system32\drivers\95439c1e.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate
c:\program files\WindowsUpdate\MuYQrwJG\GqvxLfoFBFXtakk.dtc
c:\windows\system32\47F0EAAE47.sys

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe --> c:\windows\system32\lsass.exe
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe --> c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FADPU16E
-------\Service_95439c1e
-------\Service_Fadpu16E


((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 21:54 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2010-05-02 21:54 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-04-30 22:52 . 2010-04-30 22:54 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-04-30 20:34 . 2010-04-30 20:34 65536 ----a-w- c:\windows\system32\winlob32.dll
2010-04-28 15:34 . 2010-04-28 15:34 -------- d-----w- c:\program files\MKVtoolnix
2010-04-28 02:27 . 2010-04-28 02:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-28 02:19 . 2010-04-28 02:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-04-27 21:46 . 2010-04-27 21:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\FileZilla
2010-04-27 21:43 . 2010-04-27 21:44 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-27 21:30 . 2010-04-27 21:44 -------- d-----w- c:\program files\Bullet Proof FTP Server
2010-04-27 21:15 . 2010-04-27 21:20 -------- d-----w- c:\documents and settings\Gideon\Application Data\Trillian
2010-04-27 21:14 . 2010-04-27 21:59 -------- d-----w- c:\program files\Trillian
2010-04-20 03:37 . 2008-12-05 04:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-20 03:37 . 2010-04-20 03:37 -------- d-----w- c:\program files\Xvid
2010-04-20 03:37 . 2008-12-05 04:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-20 03:30 . 2010-04-09 21:35 73728 ----a-w- c:\windows\system\vdremote.dll
2010-04-20 03:30 . 2010-04-09 21:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-04-20 02:59 . 2010-04-20 02:59 -------- d-----w- c:\documents and settings\Gideon\Local Settings\Application Data\PackageAware
2010-04-18 02:21 . 2010-04-18 02:21 -------- d-----r- C:\Sandbox
2010-04-18 02:20 . 2010-04-18 02:20 -------- d-----w- c:\program files\Sandboxie
2010-04-17 20:57 . 2010-04-17 20:57 -------- d-----w- c:\program files\AC3Filter
2010-04-14 21:15 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 21:13 . 2010-04-14 21:13 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-14 18:41 . 2010-04-14 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft
2010-04-14 18:33 . 2010-04-19 18:31 -------- d-----w- c:\program files\SlySoft
2010-04-13 21:09 . 2010-04-19 18:28 -------- d-----w- c:\program files\Avi2Dvd
2010-04-13 03:41 . 2010-04-18 00:51 -------- d-----w- C:\dvdsanta
2010-04-13 03:41 . 2010-04-13 03:41 -------- d-----w- C:\TempDVD
2010-04-13 03:41 . 2010-04-19 18:29 -------- d-----w- c:\program files\dvdSanta
2010-04-10 03:41 . 2010-04-10 03:41 -------- d-----w- c:\documents and settings\Gideon\Application Data\ImgBurn
2010-04-10 03:25 . 2010-04-10 03:25 -------- d-----w- c:\program files\ImgBurn
2010-04-06 15:20 . 2010-04-06 15:20 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2010-04-05 22:09 . 2010-04-05 22:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 18:20 . 2010-04-22 16:42 -------- d-----w- c:\documents and settings\Gideon\Local Settings\Application Data\Adobe
2010-04-05 16:53 . 2010-04-05 16:53 -------- d-----w- c:\documents and settings\Gideon\Application Data\Ubisoft
2010-04-05 04:27 . 2010-04-12 00:01 -------- d-----w- c:\program files\Steam
2010-04-04 17:59 . 2010-05-01 01:04 -------- d-----w- c:\documents and settings\Gideon\Application Data\BitTorrent
2010-04-04 17:59 . 2010-04-04 17:59 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 04:16 . 2007-08-25 16:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 17:08 . 2010-04-30 17:08 388096 ----a-r- c:\documents and settings\Gideon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-28 02:50 . 2007-06-03 15:39 -------- d-----w- c:\documents and settings\Gideon\Application Data\DivX
2010-04-28 02:29 . 2010-04-28 02:29 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-28 02:29 . 2010-04-28 02:29 56766 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-28 02:29 . 2007-06-03 15:37 -------- d-----w- c:\program files\DivX
2010-04-28 02:29 . 2010-04-28 02:29 56978 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 53600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 57679 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Player\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 84040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 57054 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54166 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 57532 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 56458 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54174 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54153 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:27 54128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Converter\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54629 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54101 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 57409 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 52963 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54073 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-28 02:22 . 2007-06-03 15:25 -------- d-----w- c:\program files\Google
2010-04-28 02:20 . 2010-04-28 02:20 144696 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-28 02:19 . 2010-04-28 02:29 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-04-28 02:19 . 2010-04-28 02:29 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-04-24 01:13 . 2010-03-26 22:38 -------- d-----w- c:\program files\SpeedFan
2010-04-19 18:30 . 2009-02-04 20:38 -------- d-----w- c:\program files\Red Kawa
2010-04-19 18:30 . 2008-07-22 15:42 -------- d-----w- c:\program files\M-Audio
2010-04-18 02:06 . 2009-02-10 04:56 -------- d-----w- c:\program files\AVS4YOU
2010-04-18 02:06 . 2007-06-30 14:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-17 23:34 . 2009-09-02 18:58 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-17 23:32 . 2007-05-07 03:58 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-16 02:39 . 2008-10-08 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 21:17 . 2004-08-04 12:00 505856 ----a-w- c:\windows\system32\winlogon.exe
2010-04-14 19:24 . 2007-05-07 01:17 52048 ----a-w- c:\documents and settings\Gideon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:20 . 2010-04-14 18:20 81920 ----a-w- c:\documents and settings\Gideon\Application Data\ezpinst.exe
2010-04-14 18:20 . 2010-04-14 18:20 81920 ----a-w- c:\documents and settings\Gideon\Application Data\ezpinst.exe
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Vso
2010-04-14 10:05 . 2010-01-19 16:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-04-13 21:10 . 2009-02-04 20:45 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-12 03:13 . 2007-06-30 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2010-04-12 02:25 . 2009-02-04 20:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Sony
2010-04-12 02:23 . 2006-12-27 05:57 -------- d-----w- c:\program files\Native Instruments
2010-04-12 02:23 . 2008-08-03 23:53 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-04-10 04:50 . 2006-09-02 10:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 15:18 . 2010-03-30 21:02 15 ----a-w- c:\windows\system32\nvModes.dat
2010-04-05 22:10 . 2010-04-05 22:10 61440 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-sse.dll
2010-04-05 22:10 . 2010-04-05 22:10 503808 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcp71.dll
2010-04-05 22:10 . 2010-04-05 22:10 499712 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\jmc.dll
2010-04-05 22:10 . 2010-04-05 22:10 348160 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcr71.dll
2010-04-05 22:10 . 2010-04-05 22:10 12800 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-d3d.dll
2010-04-05 22:09 . 2005-11-12 15:48 -------- d-----w- c:\program files\Java
2010-04-05 21:45 . 2005-11-12 15:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 19:00 . 2007-05-07 02:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2010-04-05 18:20 . 2005-11-12 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-31 03:06 . 2007-11-07 04:27 139152 ----a-w- c:\documents and settings\Gideon\Application Data\PnkBstrK.sys
2010-03-31 03:06 . 2007-11-07 04:27 139152 ----a-w- c:\documents and settings\Gideon\Application Data\PnkBstrK.sys
2010-03-31 03:05 . 2010-03-28 22:30 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-03-31 03:05 . 2007-05-07 03:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-31 01:58 . 2010-04-28 02:28 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-04-28 02:28 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-04-28 02:28 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-04-28 02:28 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-04-28 02:28 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-04-28 02:28 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 23:58 . 2007-05-24 18:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-30 18:15 . 2010-03-24 05:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-30 18:09 . 2010-03-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-03-30 07:46 . 2008-10-08 21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2008-10-08 21:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 22:06 . 2009-08-27 21:12 -------- d-----w- c:\program files\Electronic Arts
2010-03-26 17:33 . 2010-04-30 15:40 1496064 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 17:33 . 2010-04-30 15:40 43008 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 17:33 . 2010-04-30 15:40 339456 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 17:32 . 2010-04-30 15:40 346112 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-24 05:36 . 2009-03-23 16:48 -------- d-----w- c:\program files\Yahoo!
2010-03-24 05:35 . 2009-10-15 19:28 -------- d-----w- c:\program files\PokerStars
2010-03-16 10:37 . 2010-03-16 10:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37 . 2010-03-16 10:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37 . 2010-03-16 10:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37 . 2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37 . 2010-03-16 10:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37 . 2010-03-16 10:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 18:26 . 2007-05-07 01:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-07 17:46 . 2009-09-02 02:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2010-03-07 17:46 . 2010-03-07 17:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-07 17:45 . 2010-03-07 17:46 38784 ----a-w- c:\documents and settings\Gideon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-07 17:45 . 2010-03-07 17:46 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-22 17:51 . 2007-11-20 03:35 3296 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2010-04-14 . 6BDF6B80F3C6C37BEF59637FA8A652F2 . 505856 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]
"SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-12-19 76304]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Profiler "= "c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd "= "c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-10 126976]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-01-07 1657448]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlob32]
2010-04-30 20:34 65536 ----a-w- c:\windows\system32\winlob32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi2 "=ma_cmidn.dll
"midi7 "=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\rmiregistry.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\winver.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-06-29 4608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-16 717296]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-05-06 176384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-02-08 16640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-07-08 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2009-07-08 22304]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}]
2008-06-18 23:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]

2010-05-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 15:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7D01F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> 0x8a7d01f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582414
ParseProcedure -> 0x887451b0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582414
ParseProcedure -> 0x887451b0
NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cffba0
PacketIndicateHandler -> NDIS.sys @ 0xb7ceea0b
SendHandler -> NDIS.sys @ 0xb7d02b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\!caution! never delete or change any key*]
"?? "=hex:06,6a,34,8c,2c,ee,0c,df,81,f2,44,9c,83,04,9d,b9,ae,11,19,28,ea,cf,84,
08,4f,c4,9b,d6,da,49,5a,4e,98,bb,65,1b,68,82,00,5f,3f,4e,d9,96,b1,d0,cc,67,\
"?? "=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\License information*]
"datasecu "=hex:b4,7c,02,9a,a8,fd,49,1e,71,20,25,04,4f,b9,9e,8c,9e,74,ad,88,b0,
ae,93,a0,e7,c7,99,f5,24,5a,47,33,11,15,77,ac,01,d8,43,54,01,6e,7d,7b,af,b0,\
"rkeysecu "=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\winlob32.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\WININET.dll
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-05-02 16:05:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-02 23:05
ComboFix2.txt 2010-04-30 17:54
ComboFix3.txt 2008-10-08 22:13
ComboFix4.txt 2008-10-08 21:50

Pre-Run: 22,538,866,688 bytes free
Post-Run: 23,603,216,384 bytes free

- - End Of File - - 86DB27760D915E8B03F6FD1F7E62B560

 

I ran gmer today twice but it froze up at the save point both times. In the morning I will try without the devices checked and then try safe mode if that doesn't work.

 

here is the gmer log. It worked this time with the devices box unchecked.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 13:05:49
Windows 5.1.2600 Service Pack 2
Running: kh9omvh1.exe; Driver: C:\DOCUME~1\Gideon\LOCALS~1\Temp\awpcrkoc.sys


---- System - GMER 1.0.15 ----

SSDT spmr.sys ZwCreateKey [0xB7EA80E0]
SSDT spmr.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spmr.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT spmr.sys ZwOpenKey [0xB7EA80C0]
SSDT spmr.sys ZwQueryKey [0xB7EC7108]
SSDT spmr.sys ZwQueryValueKey [0xB7EC6F88]
SSDT spmr.sys ZwSetValueKey [0xB7EC719A]

INT 0x62 ? 8A7A4BF8
INT 0x63 ? 8A813BF8
INT 0x73 ? 8A813BF8
INT 0x73 ? 8A6C4F00
INT 0x73 ? 8A813BF8
INT 0xA4 ? 8A6C4F00
INT 0xB4 ? 8A813BF8

Code 88769CEC ZwRequestPort
Code 88769D8C ZwRequestWaitReplyPort
Code 88769C4C ZwTraceEvent
Code 88769CEB NtRequestPort
Code 88769D8B NtRequestWaitReplyPort
Code 88769C4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 80534374 5 Bytes JMP 88769C50
PAGE ntkrnlpa.exe!NtRequestPort 805A1520 5 Bytes JMP 88769CF0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A184C 5 Bytes JMP 88769D90
? spmr.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B7C7C62C 5 Bytes JMP 8A6C44E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70D9380, 0x566465, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8084A5 5 Bytes JMP 887694D0
.text win32k.sys!EngFreeUserMem + 5B9B BF80EFF5 5 Bytes JMP 88769430
.text win32k.sys!EngPaint + 4F1 BF825557 5 Bytes JMP 88769610
.text win32k.sys!CLIPOBJ_bEnum + 2982 BF8314B8 5 Bytes JMP 88769750
.text win32k.sys!EngUnmapFontFileFD + F669 BF841ADB 5 Bytes JMP 887696B0
.text win32k.sys!FONTOBJ_pxoGetXform + D226 BF85B57E 5 Bytes JMP 88769A70
.text win32k.sys!XLATEOBJ_iXlate + 3A46 BF871662 5 Bytes JMP 88769570
.text win32k.sys!EngStretchBltROP + 34B9 BF8BA19B 5 Bytes JMP 88769930
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3275 5 Bytes JMP 887697F0
.text win32k.sys!PATHOBJ_vGetBounds + 74F9 BF8F01A6 5 Bytes JMP 887699D0
.text win32k.sys!EngCreateClip + 19C1 BF912FBD 5 Bytes JMP 88769B10
.text win32k.sys!EngCreateClip + 1F51 BF91354D 5 Bytes JMP 88769BB0
.text win32k.sys!EngCreateClip + 2597 BF913B93 5 Bytes JMP 88769890

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B4000C
.rsrc C:\WINDOWS\system32\winlogon.exe[892] C:\WINDOWS\system32\winlogon.exe section is executable [0x01076000, 0xB000, 0x60000060]
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0097000A
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0096000C
.text C:\WINDOWS\System32\svchost.exe[1448] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0260000A
.text C:\WINDOWS\System32\svchost.exe[1448] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 01E6000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spmr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spmr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spmr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spmr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spmr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spmr.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xF6 0x1C 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xF6 0x1C 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

 

Deleted combofix and here is the new log as requested.

ComboFix 10-05-06.05 - Gideon 2010-05-07 10:21:28.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1562 [GMT -7:00]
Running from: c:\documents and settings\Gideon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gideon\Application Data\ezpinst.exe
c:\documents and settings\Gideon\Application Data\PnkBstrK.sys
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-04 15:38 . 2010-05-04 15:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-03 17:57 . 2010-05-03 17:57 -------- d-----w- c:\documents and settings\Gideon\Application Data\Search Settings
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\program files\Application Updater
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\custom matrices
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\C2MP
2010-05-02 21:54 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2010-05-02 21:54 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-04-30 22:52 . 2010-04-30 22:54 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-04-30 20:34 . 2010-04-30 20:34 65536 ----a-w- c:\windows\system32\winlob32.dll
2010-04-30 17:08 . 2010-04-30 17:08 388096 ----a-r- c:\documents and settings\Gideon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-30 15:40 . 2010-03-26 17:33 1496064 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-30 15:40 . 2010-03-26 17:33 43008 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-30 15:40 . 2010-03-26 17:33 339456 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-30 15:40 . 2010-03-26 17:32 346112 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-28 15:34 . 2010-04-28 15:34 -------- d-----w- c:\program files\MKVtoolnix
2010-04-28 02:29 . 2010-04-28 02:29 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-28 02:29 . 2010-04-28 02:19 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-04-28 02:29 . 2010-04-28 02:19 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-04-28 02:29 . 2010-04-28 02:29 56766 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 56978 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 53600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 57679 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Player\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54629 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54101 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 57409 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 52963 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54073 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-28 02:27 . 2010-04-28 02:27 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-28 02:20 . 2010-04-28 02:20 144696 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-28 02:19 . 2010-04-28 02:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-04-27 21:46 . 2010-04-27 21:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\FileZilla
2010-04-27 21:43 . 2010-04-27 21:44 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-27 21:30 . 2010-04-27 21:44 -------- d-----w- c:\program files\Bullet Proof FTP Server
2010-04-27 21:15 . 2010-04-27 21:20 -------- d-----w- c:\documents and settings\Gideon\Application Data\Trillian
2010-04-27 21:14 . 2010-04-27 21:59 -------- d-----w- c:\program files\Trillian
2010-04-20 03:37 . 2010-04-20 03:37 -------- d-----w- c:\program files\Xvid
2010-04-20 03:30 . 2010-04-09 21:35 73728 ----a-w- c:\windows\system\vdremote.dll
2010-04-20 03:30 . 2010-04-09 21:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-04-20 02:59 . 2010-04-20 02:59 -------- d-----w- c:\documents and settings\Gideon\Local Settings\Application Data\PackageAware
2010-04-18 02:21 . 2010-04-18 02:21 -------- d-----r- C:\Sandbox
2010-04-18 02:20 . 2010-04-18 02:20 -------- d-----w- c:\program files\Sandboxie
2010-04-17 20:57 . 2010-04-17 20:57 -------- d-----w- c:\program files\AC3Filter
2010-04-14 21:15 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 21:13 . 2010-04-14 21:13 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-14 18:41 . 2010-04-14 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft
2010-04-14 18:33 . 2010-04-19 18:31 -------- d-----w- c:\program files\SlySoft
2010-04-13 21:09 . 2010-04-19 18:28 -------- d-----w- c:\program files\Avi2Dvd
2010-04-13 03:41 . 2010-04-18 00:51 -------- d-----w- C:\dvdsanta
2010-04-13 03:41 . 2010-04-13 03:41 -------- d-----w- C:\TempDVD
2010-04-13 03:41 . 2010-04-19 18:29 -------- d-----w- c:\program files\dvdSanta
2010-04-10 03:41 . 2010-04-10 03:41 -------- d-----w- c:\documents and settings\Gideon\Application Data\ImgBurn
2010-04-10 03:25 . 2010-04-10 03:25 -------- d-----w- c:\program files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 02:04 . 2007-08-25 16:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 15:38 . 2010-04-04 17:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\BitTorrent
2010-05-04 00:00 . 2010-03-30 21:02 15 ----a-w- c:\windows\system32\nvModes.dat
2010-04-28 02:50 . 2007-06-03 15:39 -------- d-----w- c:\documents and settings\Gideon\Application Data\DivX
2010-04-28 02:29 . 2007-06-03 15:37 -------- d-----w- c:\program files\DivX
2010-04-28 02:28 . 2010-04-28 02:28 84040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 57054 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54166 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 57532 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 56458 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54174 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54153 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:27 54128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Converter\Uninstaller.exe
2010-04-28 02:22 . 2007-06-03 15:25 -------- d-----w- c:\program files\Google
2010-04-24 01:13 . 2010-03-26 22:38 -------- d-----w- c:\program files\SpeedFan
2010-04-19 18:30 . 2009-02-04 20:38 -------- d-----w- c:\program files\Red Kawa
2010-04-19 18:30 . 2008-07-22 15:42 -------- d-----w- c:\program files\M-Audio
2010-04-18 02:06 . 2009-02-10 04:56 -------- d-----w- c:\program files\AVS4YOU
2010-04-18 02:06 . 2007-06-30 14:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-17 23:34 . 2009-09-02 18:58 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-17 23:32 . 2007-05-07 03:58 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-16 02:39 . 2008-10-08 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 21:17 . 2004-08-04 12:00 505856 ----a-w- c:\windows\system32\winlogon.exe
2010-04-14 19:24 . 2007-05-07 01:17 52048 ----a-w- c:\documents and settings\Gideon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Vso
2010-04-14 10:05 . 2010-01-19 16:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-04-13 21:10 . 2009-02-04 20:45 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-12 03:13 . 2007-06-30 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2010-04-12 02:25 . 2009-02-04 20:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Sony
2010-04-12 02:23 . 2006-12-27 05:57 -------- d-----w- c:\program files\Native Instruments
2010-04-12 02:23 . 2008-08-03 23:53 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-04-12 00:01 . 2010-04-05 04:27 -------- d-----w- c:\program files\Steam
2010-04-10 04:50 . 2006-09-02 10:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 15:20 . 2010-04-06 15:20 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2010-04-05 22:10 . 2010-04-05 22:10 61440 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-sse.dll
2010-04-05 22:10 . 2010-04-05 22:10 503808 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcp71.dll
2010-04-05 22:10 . 2010-04-05 22:10 499712 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\jmc.dll
2010-04-05 22:10 . 2010-04-05 22:10 348160 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcr71.dll
2010-04-05 22:10 . 2010-04-05 22:10 12800 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-d3d.dll
2010-04-05 22:09 . 2010-04-05 22:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 22:09 . 2005-11-12 15:48 -------- d-----w- c:\program files\Java
2010-04-05 21:45 . 2005-11-12 15:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 19:00 . 2007-05-07 02:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2010-04-05 18:20 . 2005-11-12 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 16:53 . 2010-04-05 16:53 -------- d-----w- c:\documents and settings\Gideon\Application Data\Ubisoft
2010-04-04 17:59 . 2010-04-04 17:59 -------- d-----w- c:\program files\BitTorrent
2010-03-31 03:05 . 2010-03-28 22:30 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-03-31 03:05 . 2007-05-07 03:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-31 01:58 . 2010-04-28 02:28 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-04-28 02:28 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-04-28 02:28 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-04-28 02:28 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-04-28 02:28 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-04-28 02:28 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 23:58 . 2007-05-24 18:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-30 18:15 . 2010-03-24 05:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-30 18:09 . 2010-03-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-03-30 07:46 . 2008-10-08 21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2008-10-08 21:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 22:06 . 2009-08-27 21:12 -------- d-----w- c:\program files\Electronic Arts
2010-03-24 05:36 . 2009-03-23 16:48 -------- d-----w- c:\program files\Yahoo!
2010-03-24 05:35 . 2009-10-15 19:28 -------- d-----w- c:\program files\PokerStars
2010-03-16 10:37 . 2010-03-16 10:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37 . 2010-03-16 10:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37 . 2010-03-16 10:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37 . 2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37 . 2010-03-16 10:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37 . 2010-03-16 10:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 18:26 . 2007-05-07 01:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 17:45 . 2010-03-07 17:46 38784 ----a-w- c:\documents and settings\Gideon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-07 17:45 . 2010-03-07 17:46 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-07-20 09:41 . 2006-01-14 04:51 8192 --sha-w- c:\program files\Thumbs.db
2006-07-20 09:35 . 2006-07-20 09:29 19270946 ----a-w- c:\program files\Themes.7z
2006-06-19 08:48 . 2006-06-19 08:48 251 ----a-w- c:\program files\wt3d.ini
.

------- Sigcheck -------

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2010-04-14 . 6BDF6B80F3C6C37BEF59637FA8A652F2 . 505856 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-02_22.57.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-07 17:16 . 2010-05-07 17:16 16384 c:\windows\temp\Perflib_Perfdata_580.dat
+ 2010-05-07 17:16 . 2010-05-07 17:16 16384 c:\windows\temp\Perflib_Perfdata_220.dat
+ 2008-06-08 22:58 . 2008-06-08 22:58 60273 c:\windows\system32\pthreadGC2.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 80384 c:\windows\system32\mkzlib.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 24576 c:\windows\system32\mkunicode.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 85504 c:\windows\system32\ff_vfw.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 97792 c:\windows\system32\ff_unrar.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 57344 c:\windows\system32\dpv11.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 90112 c:\windows\system32\dpl100.dll
- 2007-05-07 01:13 . 2010-04-30 20:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-07 01:13 . 2010-05-06 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-05 05:49 . 2010-05-05 05:49 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2010-05-06 20:20 . 2010-05-06 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010050620100507\index.dat
+ 2010-05-05 05:49 . 2010-05-05 05:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010050420100505\index.dat
- 2007-05-07 01:13 . 2010-04-30 20:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-07 01:13 . 2010-05-06 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-03 01:33 . 2010-05-06 20:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-25 14:39 . 2008-05-25 14:39 13824 c:\windows\system32\C2MP\StatsReader.exe
+ 2002-12-12 00:14 . 2002-12-12 00:14 13312 c:\windows\system32\C2MP\msdmo.dll
+ 2002-06-12 16:52 . 2002-06-12 16:52 23040 c:\windows\system32\C2MP\MiniCalc.exe
+ 2009-11-14 00:46 . 2009-11-14 00:46 69632 c:\windows\system32\C2MP\DivXConfig.exe
+ 2007-02-01 23:19 . 2007-02-01 23:19 28088 c:\windows\system32\bass_wv.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 18888 c:\windows\system32\bass_mpc.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 23616 c:\windows\system32\bass_flac.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 33240 c:\windows\system32\bass_ape.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 12784 c:\windows\system32\bass_alac.dll
+ 2007-02-01 23:19 . 2007-02-01 23:19 92728 c:\windows\system32\bass.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 93184 c:\windows\system32\avss.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 97792 c:\windows\system32\avs.dll
+ 2009-08-11 21:21 . 2009-08-11 21:21 87552 c:\windows\system32\ac3config.exe
+ 2010-05-03 15:36 . 2010-05-03 15:36 10134 c:\windows\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe
+ 2003-12-26 19:26 . 2003-12-26 19:26 9216 c:\windows\system32\C2MP\OGMCalc.exe
+ 2004-03-04 20:00 . 2004-03-04 20:00 6144 c:\windows\system32\C2MP\AviC.exe
+ 2007-02-01 23:19 . 2007-02-01 23:19 8664 c:\windows\system32\bass_tta.dll
- 2010-04-20 03:37 . 2008-12-05 04:46 180224 c:\windows\system32\xvidvfw.dll
+ 2009-06-07 16:24 . 2009-06-07 16:24 180224 c:\windows\system32\xvidvfw.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 882688 c:\windows\system32\xvidcore.dll
+ 2008-08-26 22:11 . 2008-08-26 22:11 987136 c:\windows\system32\VSFilter.dll
+ 2004-12-10 09:03 . 2004-12-10 09:03 438272 c:\windows\system32\vp6vfw.dll
+ 2009-11-14 18:37 . 2009-11-14 18:37 154112 c:\windows\system32\ts.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 324096 c:\windows\system32\TomsMoComp_ff.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 200704 c:\windows\system32\ssldivx.dll
+ 2004-04-20 22:00 . 2004-04-20 22:00 172032 c:\windows\system32\OptimFROG.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 123392 c:\windows\system32\ogm.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 141824 c:\windows\system32\mp4.dll
+ 2009-01-10 22:15 . 2009-01-10 22:15 159744 c:\windows\system32\mmfinfo.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 150016 c:\windows\system32\mkx.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 136704 c:\windows\system32\mkv2vfr.exe
+ 2010-03-03 00:00 . 2010-03-03 00:00 556491 c:\windows\system32\libmplayer.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 145408 c:\windows\system32\libmpeg2_ff.dll
+ 2007-07-05 01:33 . 2007-07-05 01:33 892928 c:\windows\system32\iconv.dll
+ 2009-11-14 18:33 . 2009-11-14 18:33 357888 c:\windows\system32\gdsmux.exe
+ 2010-03-03 00:00 . 2010-03-03 00:00 877385 c:\windows\system32\ff_x264.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 100864 c:\windows\system32\ff_wmv9.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 116736 c:\windows\system32\ff_tremor.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 169984 c:\windows\system32\ff_samplerate.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 151552 c:\windows\system32\ff_libmad.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 336384 c:\windows\system32\ff_libfaad2.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 216576 c:\windows\system32\ff_libdts.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 121856 c:\windows\system32\ff_liba52.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 248320 c:\windows\system32\ff_kernelDeint.dll
+ 2009-11-14 18:33 . 2009-11-14 18:33 249856 c:\windows\system32\dxr.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 196608 c:\windows\system32\dtu100.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 113152 c:\windows\system32\dsmux.exe
+ 2008-08-05 21:59 . 2008-08-05 21:59 344064 c:\windows\system32\dpus11.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 593920 c:\windows\system32\dpuGUI11.dll
+ 2008-08-05 21:59 . 2008-08-05 21:59 294912 c:\windows\system32\dpu11.dll
+ 2009-11-14 00:49 . 2009-11-14 00:49 532480 c:\windows\system32\DivXsm.exe
+ 2009-11-14 00:47 . 2009-11-14 00:47 696320 c:\windows\system32\DivX.dll
+ 2010-03-10 22:55 . 2010-03-10 22:55 241428 c:\windows\system32\C2MP\Uninst.exe
+ 2010-03-10 22:54 . 2010-03-10 22:54 239055 c:\windows\system32\C2MP\Un_Parts.exe
+ 2010-03-10 22:55 . 2010-03-10 22:55 241621 c:\windows\system32\C2MP\Set_Defaults.exe
+ 2007-02-19 15:28 . 2007-02-19 15:28 117974 c:\windows\system32\C2MP\GSpot27.dat
+ 2007-02-22 20:08 . 2007-02-22 20:08 925696 c:\windows\system32\C2MP\GSpot.exe
+ 2007-02-01 23:19 . 2007-02-01 23:19 150520 c:\windows\system32\bass_aac.dll
+ 2009-11-14 18:11 . 2009-11-14 18:11 109568 c:\windows\system32\avi.dll
+ 2008-11-06 16:37 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 1044480 c:\windows\system32\libdivx.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 4555278 c:\windows\system32\libavcodec.dll
+ 2010-03-03 00:00 . 2010-03-03 00:00 1449935 c:\windows\system32\ffmpegmt.dll
+ 2010-05-03 15:36 . 2010-05-03 15:36 1715200 c:\windows\Installer\3410629.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]
"SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-12-19 76304]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Profiler "= "c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd "= "c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-10 126976]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-01-07 1657448]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlob32]
2010-04-30 20:34 65536 ----a-w- c:\windows\system32\winlob32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi2 "=ma_cmidn.dll
"midi7 "=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\rmiregistry.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\winver.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-06-29 4608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-05-06 176384]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2009-07-08 22304]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-16 717296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-02-08 16640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-07-08 13504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}]
2008-06-18 23:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - component: c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 10:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\!caution! never delete or change any key*]
"?? "=hex:06,6a,34,8c,2c,ee,0c,df,81,f2,44,9c,83,04,9d,b9,ae,11,19,28,ea,cf,84,
08,4f,c4,9b,d6,da,49,5a,4e,98,bb,65,1b,68,82,00,5f,3f,4e,d9,96,b1,d0,cc,67,\
"?? "=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\License information*]
"datasecu "=hex:b4,7c,02,9a,a8,fd,49,1e,71,20,25,04,4f,b9,9e,8c,9e,74,ad,88,b0,
ae,93,a0,e7,c7,99,f5,24,5a,47,33,11,15,77,ac,01,d8,43,54,01,6e,7d,7b,af,b0,\
"rkeysecu "=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\WININET.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\winlob32.dll

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\WININET.dll
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-05-07 10:37:07
ComboFix-quarantined-files.txt 2010-05-07 17:37

Pre-Run: 12,545,716,224 bytes free
Post-Run: 12,628,213,760 bytes free

- - End Of File - - 9DDC732418174C56E265886AAF9A8210

 

Ok here is the combofix log as requested. this machine is running somewhat better. I seem to be able to browse through windows with a little more speed and ease and as of the last day or so I don't seem to be having the redirecting problem I was having when using the internet. I am also not getting the constant warnings about viruses with the security pop ups.

ComboFix 10-05-09.01 - Gideon 2010-05-09 18:31:16.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1531 [GMT -7:00]
Running from: c:\documents and settings\Gideon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gideon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point

FILE ::
"c:\windows\ALCMTR.EXE "
"c:\windows\system32\winlob32.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gideon\Application Data\Search Settings
c:\documents and settings\Gideon\Application Data\Search Settings\kb130\temp\ws-14733.log
c:\documents and settings\Gideon\Application Data\Search Settings\kb130\temp\ws-14734.log
c:\documents and settings\Gideon\Application Data\Search Settings\kb130\temp\ws-14735.log
c:\documents and settings\Gideon\Application Data\Search Settings\kb130\temp\ws-14736.log
c:\windows\ALCMTR.EXE
c:\windows\system32\winlob32.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-09 09:12 . 2010-05-09 09:12 36352 ----a-w- c:\windows\system32\drivers\rzliixwa.sys
2010-05-09 08:54 . 2010-05-09 08:54 36352 ----a-w- c:\windows\system32\drivers\DISK.SYS
2010-05-05 05:49 . 2010-05-05 05:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Search Settings
2010-05-05 05:49 . 2010-05-05 05:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Dealio
2010-05-04 15:38 . 2010-05-04 15:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\program files\Application Updater
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\custom matrices
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\C2MP
2010-05-02 21:54 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2010-05-02 21:54 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-04-30 22:52 . 2010-04-30 22:54 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-04-28 15:34 . 2010-04-28 15:34 -------- d-----w- c:\program files\MKVtoolnix
2010-04-28 02:27 . 2010-04-28 02:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-28 02:19 . 2010-04-28 02:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-04-27 21:46 . 2010-04-27 21:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\FileZilla
2010-04-27 21:43 . 2010-04-27 21:44 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-27 21:30 . 2010-04-27 21:44 -------- d-----w- c:\program files\Bullet Proof FTP Server
2010-04-27 21:15 . 2010-04-27 21:20 -------- d-----w- c:\documents and settings\Gideon\Application Data\Trillian
2010-04-27 21:14 . 2010-04-27 21:59 -------- d-----w- c:\program files\Trillian
2010-04-20 03:37 . 2010-04-20 03:37 -------- d-----w- c:\program files\Xvid
2010-04-20 03:30 . 2010-04-09 21:35 73728 ----a-w- c:\windows\system\vdremote.dll
2010-04-20 03:30 . 2010-04-09 21:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-04-20 02:59 . 2010-04-20 02:59 -------- d-----w- c:\documents and settings\Gideon\Local Settings\Application Data\PackageAware
2010-04-18 02:21 . 2010-04-18 02:21 -------- d-----r- C:\Sandbox
2010-04-18 02:20 . 2010-04-18 02:20 -------- d-----w- c:\program files\Sandboxie
2010-04-17 20:57 . 2010-04-17 20:57 -------- d-----w- c:\program files\AC3Filter
2010-04-14 21:15 . 2010-02-24 17:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 21:13 . 2010-04-14 21:13 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-14 18:41 . 2010-04-14 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft
2010-04-14 18:33 . 2010-04-19 18:31 -------- d-----w- c:\program files\SlySoft
2010-04-13 21:09 . 2010-04-19 18:28 -------- d-----w- c:\program files\Avi2Dvd
2010-04-13 03:41 . 2010-04-18 00:51 -------- d-----w- C:\dvdsanta
2010-04-13 03:41 . 2010-04-13 03:41 -------- d-----w- C:\TempDVD
2010-04-13 03:41 . 2010-04-19 18:29 -------- d-----w- c:\program files\dvdSanta
2010-04-10 03:41 . 2010-04-10 03:41 -------- d-----w- c:\documents and settings\Gideon\Application Data\ImgBurn
2010-04-10 03:25 . 2010-04-10 03:25 -------- d-----w- c:\program files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 00:08 . 2010-04-04 17:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\BitTorrent
2010-05-07 02:04 . 2007-08-25 16:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-04 00:00 . 2010-03-30 21:02 15 ----a-w- c:\windows\system32\nvModes.dat
2010-04-30 17:08 . 2010-04-30 17:08 388096 ----a-r- c:\documents and settings\Gideon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-28 02:50 . 2007-06-03 15:39 -------- d-----w- c:\documents and settings\Gideon\Application Data\DivX
2010-04-28 02:29 . 2010-04-28 02:29 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-28 02:29 . 2010-04-28 02:29 56766 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-28 02:29 . 2007-06-03 15:37 -------- d-----w- c:\program files\DivX
2010-04-28 02:29 . 2010-04-28 02:29 56978 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 53600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
2010-04-28 02:29 . 2010-04-28 02:29 57679 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Player\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 84040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 57054 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54166 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 57532 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 56458 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54174 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:28 54153 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-28 02:28 . 2010-04-28 02:27 54128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Converter\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54629 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54101 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 57409 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 52963 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 54073 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-28 02:27 . 2010-04-28 02:27 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-28 02:22 . 2007-06-03 15:25 -------- d-----w- c:\program files\Google
2010-04-28 02:20 . 2010-04-28 02:20 144696 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-28 02:19 . 2010-04-28 02:29 754984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-04-28 02:19 . 2010-04-28 02:29 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-04-24 01:13 . 2010-03-26 22:38 -------- d-----w- c:\program files\SpeedFan
2010-04-19 18:30 . 2009-02-04 20:38 -------- d-----w- c:\program files\Red Kawa
2010-04-19 18:30 . 2008-07-22 15:42 -------- d-----w- c:\program files\M-Audio
2010-04-18 02:06 . 2009-02-10 04:56 -------- d-----w- c:\program files\AVS4YOU
2010-04-18 02:06 . 2007-06-30 14:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-17 23:34 . 2009-09-02 18:58 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-17 23:32 . 2007-05-07 03:58 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-16 02:39 . 2008-10-08 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 21:17 . 2004-08-04 12:00 505856 ----a-w- c:\windows\system32\winlogon.exe
2010-04-14 19:24 . 2007-05-07 01:17 52048 ----a-w- c:\documents and settings\Gideon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Vso
2010-04-14 10:05 . 2010-01-19 16:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-04-13 21:10 . 2009-02-04 20:45 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-12 03:13 . 2007-06-30 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2010-04-12 02:25 . 2009-02-04 20:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Sony
2010-04-12 02:23 . 2006-12-27 05:57 -------- d-----w- c:\program files\Native Instruments
2010-04-12 02:23 . 2008-08-03 23:53 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-04-12 00:01 . 2010-04-05 04:27 -------- d-----w- c:\program files\Steam
2010-04-10 04:50 . 2006-09-02 10:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 15:20 . 2010-04-06 15:20 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2010-04-05 22:10 . 2010-04-05 22:10 61440 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-sse.dll
2010-04-05 22:10 . 2010-04-05 22:10 503808 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcp71.dll
2010-04-05 22:10 . 2010-04-05 22:10 499712 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\jmc.dll
2010-04-05 22:10 . 2010-04-05 22:10 348160 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcr71.dll
2010-04-05 22:10 . 2010-04-05 22:10 12800 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-d3d.dll
2010-04-05 22:09 . 2010-04-05 22:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 22:09 . 2005-11-12 15:48 -------- d-----w- c:\program files\Java
2010-04-05 21:45 . 2005-11-12 15:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 19:00 . 2007-05-07 02:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2010-04-05 18:20 . 2005-11-12 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 16:53 . 2010-04-05 16:53 -------- d-----w- c:\documents and settings\Gideon\Application Data\Ubisoft
2010-04-04 17:59 . 2010-04-04 17:59 -------- d-----w- c:\program files\BitTorrent
2010-03-31 03:05 . 2010-03-28 22:30 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-03-31 03:05 . 2007-05-07 03:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-31 01:58 . 2010-04-28 02:28 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-04-28 02:28 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-04-28 02:28 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-04-28 02:28 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-04-28 02:28 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-04-28 02:28 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-30 23:58 . 2007-05-24 18:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-30 18:15 . 2010-03-24 05:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-30 18:09 . 2010-03-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-03-30 07:46 . 2008-10-08 21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2008-10-08 21:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 22:06 . 2009-08-27 21:12 -------- d-----w- c:\program files\Electronic Arts
2010-03-26 17:33 . 2010-04-30 15:40 1496064 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 17:33 . 2010-04-30 15:40 43008 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 17:33 . 2010-04-30 15:40 339456 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 17:32 . 2010-04-30 15:40 346112 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-24 05:36 . 2009-03-23 16:48 -------- d-----w- c:\program files\Yahoo!
2010-03-24 05:35 . 2009-10-15 19:28 -------- d-----w- c:\program files\PokerStars
2010-03-16 10:37 . 2010-03-16 10:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37 . 2010-03-16 10:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37 . 2010-03-16 10:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37 . 2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37 . 2010-03-16 10:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37 . 2010-03-16 10:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 18:26 . 2007-05-07 01:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 17:45 . 2010-03-07 17:46 38784 ----a-w- c:\documents and settings\Gideon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
.

------- Sigcheck -------

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2010-04-14 . 6BDF6B80F3C6C37BEF59637FA8A652F2 . 505856 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]
"SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-12-19 76304]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Profiler "= "c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd "= "c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-10 126976]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-01-07 1657448]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi2 "=ma_cmidn.dll
"midi7 "=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\rmiregistry.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\winver.exe "=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-06-29 4608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-16 717296]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-05-06 176384]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2009-07-08 22304]
S1 MpKslcb21d3e3;MpKslcb21d3e3;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-02-08 16640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-07-08 13504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}]
2008-06-18 23:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - component: c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 18:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS DISK.SYS ACPI.sys hal.dll >>UNKNOWN [0x8A7A41F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> 0x8a7a41f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582414
ParseProcedure -> 0x888f61b0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582414
ParseProcedure -> 0x888f61b0
NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xb7cffba0
PacketIndicateHandler -> NDIS.sys @ 0xb7ceea0b
SendHandler -> NDIS.sys @ 0xb7d02b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\!caution! never delete or change any key*]
"?? "=hex:06,6a,34,8c,2c,ee,0c,df,81,f2,44,9c,83,04,9d,b9,ae,11,19,28,ea,cf,84,
08,4f,c4,9b,d6,da,49,5a,4e,98,bb,65,1b,68,82,00,5f,3f,4e,d9,96,b1,d0,cc,67,\
"?? "=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\License information*]
"datasecu "=hex:b4,7c,02,9a,a8,fd,49,1e,71,20,25,04,4f,b9,9e,8c,9e,74,ad,88,b0,
ae,93,a0,e7,c7,99,f5,24,5a,47,33,11,15,77,ac,01,d8,43,54,01,6e,7d,7b,af,b0,\
"rkeysecu "=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mmfinfo.dll
c:\windows\system32\mkunicode.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-05-09 18:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 01:48
ComboFix2.txt 2010-05-07 17:37

Pre-Run: 12,495,110,144 bytes free
Post-Run: 12,528,500,736 bytes free

- - End Of File - - 0CE27876FA82FAE9B7AB814A2F9484B9

 

Here is the hijack this log as requested. Btw, on the weekends I'm am usually unable to attend to personal matters as I have obligations, so I am sorry about the lack of response Sat-Sun. I do appreciate all the time you have been dedicating to my issues.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:49, on 2010-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe "
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4-5.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: M-Audio Series II MIDI Installer (ma_cmidi_installerservice) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 10839 bytes

 

Here is the gmer log as requested. The scan, including devices, went through without incident. Browsing windows has become much faster and easier as well as internet browsing.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-11 15:01:12
Windows 5.1.2600 Service Pack 2
Running: 8i7vq4e8.exe; Driver: C:\DOCUME~1\Gideon\LOCALS~1\Temp\ffdcipow.sys


---- System - GMER 1.0.15 ----

SSDT spgh.sys ZwCreateKey [0xB7EA80E0]
SSDT spgh.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spgh.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT spgh.sys ZwOpenKey [0xB7EA80C0]
SSDT spgh.sys ZwQueryKey [0xB7EC7108]
SSDT spgh.sys ZwQueryValueKey [0xB7EC6F88]
SSDT spgh.sys ZwSetValueKey [0xB7EC719A]

INT 0x62 ? 8A7A4BF8
INT 0x63 ? 8A813BF8
INT 0x73 ? 8A813BF8
INT 0x73 ? 8A71AF00
INT 0x73 ? 8A813BF8
INT 0xA4 ? 8A71AF00
INT 0xB4 ? 8A813BF8

Code 887C2CEC ZwRequestPort
Code 887C2D8C ZwRequestWaitReplyPort
Code 887C2C4C ZwTraceEvent
Code 887C2CEB NtRequestPort
Code 887C2D8B NtRequestWaitReplyPort
Code 887C2C4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 80534374 5 Bytes JMP 887C2C50
PAGE ntkrnlpa.exe!NtRequestPort 805A1520 5 Bytes JMP 887C2CF0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A184C 5 Bytes JMP 887C2D90
? spgh.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B7C7C62C 5 Bytes JMP 8A71A4E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70D9380, 0x566465, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8084A5 5 Bytes JMP 887C24D0
.text win32k.sys!EngFreeUserMem + 5B9B BF80EFF5 5 Bytes JMP 887C2430
.text win32k.sys!EngPaint + 4F1 BF825557 5 Bytes JMP 887C2610
.text win32k.sys!CLIPOBJ_bEnum + 2982 BF8314B8 5 Bytes JMP 887C2750
.text win32k.sys!EngUnmapFontFileFD + F669 BF841ADB 5 Bytes JMP 887C26B0
.text win32k.sys!FONTOBJ_pxoGetXform + D226 BF85B57E 5 Bytes JMP 887C2A70
.text win32k.sys!XLATEOBJ_iXlate + 3A46 BF871662 5 Bytes JMP 887C2570
.text win32k.sys!EngStretchBltROP + 34B9 BF8BA19B 5 Bytes JMP 887C2930
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3275 5 Bytes JMP 887C27F0
.text win32k.sys!PATHOBJ_vGetBounds + 74F9 BF8F01A6 5 Bytes JMP 887C29D0
.text win32k.sys!EngCreateClip + 19C1 BF912FBD 5 Bytes JMP 887C2B10
.text win32k.sys!EngCreateClip + 1F51 BF91354D 5 Bytes JMP 887C2BB0
.text win32k.sys!EngCreateClip + 2597 BF913B93 2 Bytes JMP 887C2890
.text win32k.sys!EngCreateClip + 259A BF913B96 2 Bytes JMP EECF6EC8

---- User code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\winlogon.exe[892] C:\WINDOWS\system32\winlogon.exe section is executable [0x01076000, 0xB000, 0x60000060]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spgh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spgh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spgh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spgh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spgh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spgh.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8121F8
Device \FileSystem\Fastfat \FatCdrom 88C271F8

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B7E8E3C2-06FC-4316-AC66-DF285A784897} 892CC1F8
Device \Driver\usbohci \Device\USBPDO-0 8A6E6500
Device \Driver\usbehci \Device\USBPDO-1 8A7191F8

AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8141F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8141F8
Device \Driver\Cdrom \Device\CdRom0 8A7311F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8141F8
Device \Driver\atapi \Device\Ide\IdePort0 8A7A41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A7A41F8
Device \Driver\atapi \Device\Ide\IdePort1 8A7A41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A7A41F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8141F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A8141F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{798DB375-F44C-44E9-963B-B440498B0073} 892CC1F8
Device \Driver\nvata \Device\00000077 8A8131F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 892CC1F8
Device \Driver\USBSTOR \Device\00000083 88BF11F8
Device \Driver\nvata \Device\00000078 8A8131F8
Device \Driver\NetBT \Device\NetbiosSmb 892CC1F8
Device \Driver\USBSTOR \Device\00000085 88BF11F8
Device \Driver\USBSTOR \Device\00000086 88BF11F8
Device \Driver\USBSTOR \Device\00000087 88BF11F8
Device \Driver\USBSTOR \Device\00000088 88BF11F8
Device \Driver\usbohci \Device\USBFDO-0 8A6E6500
Device \Driver\usbehci \Device\USBFDO-1 8A7191F8
Device \Driver\nvata \Device\NvAta0 8A8131F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88C2E1F8
Device \Driver\nvata \Device\NvAta1 8A8131F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88C2E1F8
Device \Driver\nvata \Device\NvAta2 8A8131F8
Device \Driver\Ftdisk \Device\FtControl 8A8141F8
Device \FileSystem\Fastfat \Fat 88C271F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 88B841F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

 

Here is the new combofix log.


ComboFix 10-05-13.01 - Gideon 2010-05-13 11:00:03.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1336 [GMT -7:00]
Running from: c:\documents and settings\Gideon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\windows\system32\config\systemprofile\Application Data\Dealio\res\widgets.xml
c:\windows\system32\config\systemprofile\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml

.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\C2MP
2010-05-02 21:54 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2010-05-02 21:54 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2010-04-30 22:52 . 2010-04-30 22:54 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-04-28 15:34 . 2010-04-28 15:34 -------- d-----w- c:\program files\MKVtoolnix
2010-04-28 02:19 . 2010-05-10 19:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-04-27 21:46 . 2010-04-27 21:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\FileZilla
2010-04-27 21:43 . 2010-04-27 21:44 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-27 21:30 . 2010-04-27 21:44 -------- d-----w- c:\program files\Bullet Proof FTP Server
2010-04-27 21:15 . 2010-04-27 21:20 -------- d-----w- c:\documents and settings\Gideon\Application Data\Trillian
2010-04-27 21:14 . 2010-04-27 21:59 -------- d-----w- c:\program files\Trillian
2010-04-20 03:37 . 2010-04-20 03:37 -------- d-----w- c:\program files\Xvid
2010-04-20 03:30 . 2010-04-09 21:35 73728 ----a-w- c:\windows\system\vdremote.dll
2010-04-20 03:30 . 2010-04-09 21:34 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-04-20 02:59 . 2010-04-20 02:59 -------- d-----w- c:\documents and settings\Gideon\Local Settings\Application Data\PackageAware
2010-04-18 02:21 . 2010-04-18 02:21 -------- d-----r- C:\Sandbox
2010-04-18 02:20 . 2010-04-18 02:20 -------- d-----w- c:\program files\Sandboxie
2010-04-17 20:57 . 2010-04-17 20:57 -------- d-----w- c:\program files\AC3Filter
2010-04-14 21:15 . 2010-05-06 17:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 21:13 . 2010-04-14 21:13 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-14 18:41 . 2010-04-14 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft
2010-04-14 18:33 . 2010-04-19 18:31 -------- d-----w- c:\program files\SlySoft
2010-04-13 21:09 . 2010-04-19 18:28 -------- d-----w- c:\program files\Avi2Dvd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 04:34 . 2010-05-13 04:33 47283 ----a-w- c:\windows\system32\unins000.dat
2010-05-13 04:33 . 2010-05-13 04:33 1195091 ----a-w- c:\windows\system32\unins000.exe
2010-05-13 04:30 . 2010-04-04 17:59 -------- d-----w- c:\documents and settings\Gideon\Application Data\BitTorrent
2010-05-12 10:01 . 2010-01-19 16:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-05-10 19:27 . 2010-04-28 02:29 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-10 19:25 . 2007-06-03 15:37 -------- d-----w- c:\program files\DivX
2010-05-10 03:21 . 2010-05-10 03:21 -------- d-----w- c:\program files\DVD Decrypter
2010-05-09 09:12 . 2010-05-09 09:12 36352 ----a-w- c:\windows\system32\drivers\rzliixwa.sys
2010-05-09 08:54 . 2010-05-09 08:54 36352 ----a-w- c:\windows\system32\drivers\DISK.SYS
2010-05-08 08:00 . 2010-03-03 00:00 1556992 ----a-w- c:\windows\system32\ff_samplerate.dll
2010-05-08 02:10 . 2010-03-03 00:00 4999987 ----a-w- c:\windows\system32\libavcodec.dll
2010-05-07 02:04 . 2007-08-25 16:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-07 00:23 . 2010-03-03 00:00 962008 ----a-w- c:\windows\system32\ff_x264.dll
2010-05-07 00:23 . 2010-03-03 00:00 901509 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-07 00:23 . 2010-03-03 00:00 153502 ----a-w- c:\windows\system32\libmplayer.dll
2010-05-07 00:21 . 2010-03-03 00:00 1641487 ----a-w- c:\windows\system32\ffmpegmt.dll
2010-05-05 05:49 . 2010-05-05 05:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Search Settings
2010-05-04 15:38 . 2010-05-04 15:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-04 00:00 . 2010-03-30 21:02 15 ----a-w- c:\windows\system32\nvModes.dat
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-05-03 15:36 . 2010-05-03 15:36 -------- d-----w- c:\program files\Application Updater
2010-04-30 17:08 . 2010-04-30 17:08 388096 ----a-r- c:\documents and settings\Gideon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-28 02:50 . 2007-06-03 15:39 -------- d-----w- c:\documents and settings\Gideon\Application Data\DivX
2010-04-28 02:22 . 2007-06-03 15:25 -------- d-----w- c:\program files\Google
2010-04-28 02:19 . 2010-04-28 02:29 1180952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-04-27 21:15 . 2010-03-03 00:00 163328 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2010-04-24 01:13 . 2010-03-26 22:38 -------- d-----w- c:\program files\SpeedFan
2010-04-19 18:30 . 2009-02-04 20:38 -------- d-----w- c:\program files\Red Kawa
2010-04-19 18:30 . 2008-07-22 15:42 -------- d-----w- c:\program files\M-Audio
2010-04-19 18:29 . 2010-04-13 03:41 -------- d-----w- c:\program files\dvdSanta
2010-04-18 02:06 . 2009-02-10 04:56 -------- d-----w- c:\program files\AVS4YOU
2010-04-18 02:06 . 2007-06-30 14:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-17 23:34 . 2009-09-02 18:58 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-17 23:32 . 2007-05-07 03:58 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-16 02:39 . 2008-10-08 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 21:17 . 2004-08-04 12:00 505856 ----a-w- c:\windows\system32\winlogon.exe
2010-04-14 19:24 . 2007-05-07 01:17 52048 ----a-w- c:\documents and settings\Gideon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 47360 ----a-w- c:\documents and settings\Gideon\Application Data\pcouffin.sys
2010-04-14 18:20 . 2007-06-30 17:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Vso
2010-04-13 21:10 . 2009-02-04 20:45 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-12 03:13 . 2007-06-30 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2010-04-12 02:25 . 2009-02-04 20:25 -------- d-----w- c:\documents and settings\Gideon\Application Data\Sony
2010-04-12 02:23 . 2006-12-27 05:57 -------- d-----w- c:\program files\Native Instruments
2010-04-12 02:23 . 2008-08-03 23:53 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-04-12 00:01 . 2010-04-05 04:27 -------- d-----w- c:\program files\Steam
2010-04-10 04:50 . 2006-09-02 10:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 03:41 . 2010-04-10 03:41 -------- d-----w- c:\documents and settings\Gideon\Application Data\ImgBurn
2010-04-10 03:25 . 2010-04-10 03:25 -------- d-----w- c:\program files\ImgBurn
2010-04-06 15:20 . 2010-04-06 15:20 75 ----a-w- c:\windows\system32\nvUnsupRes.dat
2010-04-05 22:10 . 2010-04-05 22:10 61440 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-sse.dll
2010-04-05 22:10 . 2010-04-05 22:10 503808 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcp71.dll
2010-04-05 22:10 . 2010-04-05 22:10 499712 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\jmc.dll
2010-04-05 22:10 . 2010-04-05 22:10 348160 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-548934b4-n\msvcr71.dll
2010-04-05 22:10 . 2010-04-05 22:10 12800 ----a-w- c:\documents and settings\Gideon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4d7c46d2-n\decora-d3d.dll
2010-04-05 22:09 . 2010-04-05 22:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 22:09 . 2005-11-12 15:48 -------- d-----w- c:\program files\Java
2010-04-05 21:45 . 2005-11-12 15:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 19:00 . 2007-05-07 02:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2010-04-05 18:20 . 2005-11-12 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 16:53 . 2010-04-05 16:53 -------- d-----w- c:\documents and settings\Gideon\Application Data\Ubisoft
2010-04-04 17:59 . 2010-04-04 17:59 -------- d-----w- c:\program files\BitTorrent
2010-03-31 03:05 . 2010-03-28 22:30 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-03-31 03:05 . 2007-05-07 03:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-30 23:58 . 2007-05-24 18:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-30 18:15 . 2010-03-24 05:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-30 18:09 . 2010-03-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2010-03-30 07:46 . 2008-10-08 21:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2008-10-08 21:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 22:06 . 2009-08-27 21:12 -------- d-----w- c:\program files\Electronic Arts
2010-03-26 17:33 . 2010-04-30 15:40 1496064 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 17:33 . 2010-04-30 15:40 43008 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 17:33 . 2010-04-30 15:40 339456 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 17:32 . 2010-04-30 15:40 346112 ----a-w- c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-24 05:36 . 2009-03-23 16:48 -------- d-----w- c:\program files\Yahoo!
2010-03-24 05:35 . 2009-10-15 19:28 -------- d-----w- c:\program files\PokerStars
2010-03-16 10:37 . 2010-03-16 10:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 10:37 . 2010-03-16 10:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 10:37 . 2010-03-16 10:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 10:37 . 2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 10:37 . 2010-03-16 10:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 10:37 . 2010-03-16 10:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 18:26 . 2007-05-07 01:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 17:45 . 2010-03-07 17:46 38784 ----a-w- c:\documents and settings\Gideon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 04:08 . 2010-03-03 00:00 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2010-02-20 04:07 . 2010-03-03 00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-07-20 09:41 . 2006-01-14 04:51 8192 --sha-w- c:\program files\Thumbs.db
2006-07-20 09:35 . 2006-07-20 09:29 19270946 ----a-w- c:\program files\Themes.7z
2006-06-19 08:48 . 2006-06-19 08:48 251 ----a-w- c:\program files\wt3d.ini
.

------- Sigcheck -------

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2010-04-14 . 6BDF6B80F3C6C37BEF59637FA8A652F2 . 505856 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((( SnapShot_2010-05-07_17.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-13 17:44 . 2010-05-13 17:44 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat
+ 2010-05-13 17:44 . 2010-05-13 17:44 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat
+ 2010-01-19 16:39 . 2010-05-12 10:01 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-19 16:39 . 2010-05-12 10:01 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-19 16:39 . 2010-05-12 10:01 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-03-03 00:00 . 2010-03-03 00:00 324096 c:\windows\system32\TomsMoComp_ff.dll
+ 2010-03-03 00:00 . 2010-01-24 04:15 324096 c:\windows\system32\TomsMoComp_ff.dll
- 2007-05-07 01:07 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2007-05-07 01:07 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
+ 2010-03-03 00:00 . 2010-01-24 05:14 113152 c:\windows\system32\ff_unrar.dll
+ 2010-03-03 00:00 . 2010-01-24 05:13 146944 c:\windows\system32\ff_tremor.dll
+ 2010-03-03 00:00 . 2010-01-24 05:12 178688 c:\windows\system32\ff_libmad.dll
+ 2010-03-03 00:00 . 2010-01-24 05:12 484864 c:\windows\system32\ff_libfaad2.dll
+ 2010-03-03 00:00 . 2010-01-24 05:11 257024 c:\windows\system32\ff_libdts.dll
+ 2010-03-03 00:00 . 2010-01-24 05:11 142848 c:\windows\system32\ff_liba52.dll
+ 2010-03-03 00:00 . 2010-01-24 04:45 248320 c:\windows\system32\ff_kernelDeint.dll
- 2010-03-03 00:00 . 2010-03-03 00:00 248320 c:\windows\system32\ff_kernelDeint.dll
- 2007-05-07 01:07 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-05-07 01:07 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-19 16:39 . 2010-05-12 10:01 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-01-19 16:39 . 2010-05-12 10:01 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-19 16:39 . 2010-05-12 10:01 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-19 16:39 . 2010-04-14 10:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-19 16:39 . 2010-05-12 10:01 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2004-08-10 12:00 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\292b401.msp
- 2010-01-19 16:39 . 2010-04-14 10:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-19 16:39 . 2010-05-12 10:01 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-26 06:50 . 2008-08-26 06:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2007-05-07 01:41 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-12-19 76304]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Profiler "= "c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd "= "c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-10 126976]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-01-07 1657448]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi2 "=ma_cmidn.dll
"midi7 "=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2008-12-19 06:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 10:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\rmiregistry.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\winver.exe "=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-06-29 4608]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]
R3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-05-06 176384]
R3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2009-07-08 22304]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-16 717296]
S1 MpKslcb21d3e3;MpKslcb21d3e3;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-02-08 16640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-07-08 13504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}]
2008-06-18 23:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2010-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - component: c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 11:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\!caution! never delete or change any key*]
"?? "=hex:06,6a,34,8c,2c,ee,0c,df,81,f2,44,9c,83,04,9d,b9,ae,11,19,28,ea,cf,84,
08,4f,c4,9b,d6,da,49,5a,4e,98,bb,65,1b,68,82,00,5f,3f,4e,d9,96,b1,d0,cc,67,\
"?? "=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\License information*]
"datasecu "=hex:b4,7c,02,9a,a8,fd,49,1e,71,20,25,04,4f,b9,9e,8c,9e,74,ad,88,b0,
ae,93,a0,e7,c7,99,f5,24,5a,47,33,11,15,77,ac,01,d8,43,54,01,6e,7d,7b,af,b0,\
"rkeysecu "=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-05-13 11:17:46
ComboFix-quarantined-files.txt 2010-05-13 18:17
ComboFix2.txt 2010-05-12 18:15
ComboFix3.txt 2010-05-10 01:48
ComboFix4.txt 2010-05-07 17:37

Pre-Run: 10,446,147,584 bytes free
Post-Run: 10,414,460,928 bytes free

- - End Of File - - A358CA344565ADA2EC0632EBC5BFDD2B

 

OK Broni sorry about the long reply, I have had some internet connection issues with Time Warner and now am back online. The pc is running much better; browsing both internet and windows is holding at a faster rate and I am not getting any warnings. I have completed the first phase of your last instructions. The scan looks like it's going to take a while but I just wanted to get in touch with you and let you know I'm on it. I should have the scan to you by this evening or at least by tomorrow morning.