Solved Slowing Internet,Slowing Computer,Google hijacked

[Resolved] Slowing Internet,Slowing Computer,Google hijacked

Cant Get RSIT,Combofix To Download!!!!... got hijack this but when i click hijack this nothing happens.

Does Anyone Have Any Mirror Links im starting to think the virus has like a keyword block that blocks me from going to anysite related to this software... almost 15 diffrent sites i tried all of them shot down.. anyone have any mirror links so that i may post logs

 

Welcome to WindowsBBS JusticeNY

Do you have access to another computer and a usb flash drive or cd to transfer some files with?

 

hmmm yea so ill try that

 

Great! Download ComboFix by sUBs from here, and transfer the file to your desktop. Rename it before you save it please. Something like grombo.exe will do well.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click the grombo.exe icon and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tony at 2008-12-14 22:35:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (8%) free of 73 GB
Total RAM: 1534 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AB551B99914E9185.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\tasks\vgdkrpwb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{206E52E0-D52E-11D4-AD54-0000E86C26F6}]
C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-14 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E}]
Nick Aracde Toolbar - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\nnnklmnN.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
IEHlprObj Class - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C439C296-B7AB-47C2-94A9-9AD62BAB5ACF}]
C:\WINDOWS\system32\cbXRKBtt.dll [2008-12-14 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
XBTBPos00 Class - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon "=C:\WINDOWS\system32\PELMICED.EXE [2001-01-12 73728]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-14 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32]
C:\Program Files\GetModule\GetModule32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
C:\WINDOWS\system32\drivers\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnklmnN]
C:\WINDOWS\system32\nnnklmnN.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} "=C:\WINDOWS\system32\nnnklmnN.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
nwprovau
C:\WINDOWS\system32\cbXRKBtt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\America's Army\System\ArmyOps.exe "= "C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\WINDOWS\SYSTEM32\Lexpps.exe "= "C:\WINDOWS\SYSTEM32\Lexpps.exe:*:Enabled:LEXPPS.EXE "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox "
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE "= "C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test "
"C:\Black III\uSED\mIRC\mirc.exe "= "C:\Black III\uSED\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\Windows Media Player\wmplayer.exe "= "C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\Program Files\Xfire\Xfire.exe "= "C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\MSN\MSNCoreFiles\msn.exe "= "C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Common Files\AOL\1154459043\ee\aolsoftware.exe "= "C:\Program Files\Common Files\AOL\1154459043\ee\aolsoftware.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\1154459043\ee\aim6.exe "= "C:\Program Files\Common Files\AOL\1154459043\ee\aim6.exe:*:Enabled:AIM "
"C:\Program Files\DAP\DAP.exe "= "C:\Program Files\DAP\DAP.exe:*:Enabledownload Accelerator Plus (DAP) "
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe "= "C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH "
"C:\Program Files\Ares\Ares.exe "= "C:\Program Files\Ares\Ares.exe:*:Enabled:Ares "
"C:\Program Files\Bohemia Interactive\ArmA Demo\ArmADemo.exe "= "C:\Program Files\Bohemia Interactive\ArmA Demo\ArmADemo.exe:*:Enabled:ArmA "
"C:\My Games\JEOPARDY!\JEOPARDY!.exe "= "C:\My Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY! "
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe "= "C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "
"C:\Program Files\BitTorrent_DNA\dna.exe "= "C:\Program Files\BitTorrent_DNA\dna.exe:*:EnabledNA "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\PlayLinc\PlayLincV.exe "= "C:\Program Files\PlayLinc\PlayLincV.exe:*:EnabledlayLinc Executable "
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe "= "C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC "
"C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe "= "C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine "
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe "= "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\WINDOWS\SYSTEM32\PnkBstrA.exe "= "C:\WINDOWS\SYSTEM32\PnkBstrA.exe:*:EnablednkBstrA "
"C:\WINDOWS\SYSTEM32\PnkBstrB.exe "= "C:\WINDOWS\SYSTEM32\PnkBstrB.exe:*:EnablednkBstrB "
"C:\Program Files\Tencent\QQ Games\QQGames.exe "= "C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games "
"C:\Program Files\America's Army\Americas Army\System\ArmyOps.exe "= "C:\Program Files\America's Army\Americas Army\System\ArmyOps.exe:*:Enabled:ArmyOps "
"C:\Program Files\BitComet\BitComet.exe "= "C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "
"C:\Program Files\eMule\emule.exe "= "C:\Program Files\eMule\emule.exe:*:Enabled:eMule "
"C:\Black III\zEBRA\MySpaceMp3Gopher\MySpaceMp3Gopher.exe "= "C:\Black III\zEBRA\MySpaceMp3Gopher\MySpaceMp3Gopher.exe:*:Enabled:MySpace Mp3 Gopher Application "
"C:\Black III\zEBRA\eMule-0.47c-VipeR-v6.2-bin\emule.exe "= "C:\Black III\zEBRA\eMule-0.47c-VipeR-v6.2-bin\emule.exe:*:Enabled:eMule "
"C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin "= "C:\Program Files\AeriaGames\ProjectTorque\ProjectTorque.bin:*:Enabledroject Torque "
"C:\Program Files\MZILLA\firefox.exe "= "C:\Program Files\MZILLA\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe "= "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary "
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe "= "C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary "
"C:\Program Files\Vuze\Azureus.exe "= "C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus "
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe "= "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager "
"C:\Nexon\Combat Arms\CombatArms.exe "= "C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "
"C:\Nexon\Combat Arms\Engine.exe "= "C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "
"C:\Nexon\Combat Arms\NMService.exe "= "C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe "= "C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient "
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe "= "C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe "= "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application "
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe "= "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component "
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe "= "C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*isabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Nexon\Combat Arms\CombatArms.exe "= "C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "
"C:\Nexon\Combat Arms\Engine.exe "= "C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe "= "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component "
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe "= "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application "

======File associations======

.reg - open - "regedit.exe" "%1 "

======List of files/folders created in the last 3 months======

2008-12-14 22:35:23 ----D---- C:\Program Files\trend micro
2008-12-14 22:35:22 ----D---- C:\rsit
2008-12-14 19:31:53 ----D---- C:\Documents and Settings\Tony\Application Data\Macromedia
2008-12-14 19:31:52 ----D---- C:\Documents and Settings\Tony\Application Data\Adobe
2008-12-14 19:29:26 ----D---- C:\Documents and Settings\Tony\Application Data\Mozilla
2008-12-14 19:27:23 ----ASH---- C:\Documents and Settings\Tony\Application Data\DESKTOP.INI
2008-12-14 19:27:12 ----SD---- C:\Documents and Settings\Tony\Application Data\Microsoft
2008-12-14 19:27:12 ----HD---- C:\Documents and Settings\Tony\Application Data\Gtek
2008-12-14 19:27:12 ----D---- C:\Documents and Settings\Tony\Application Data\Sun
2008-12-14 19:27:12 ----D---- C:\Documents and Settings\Tony\Application Data\Sonic
2008-12-14 19:27:12 ----D---- C:\Documents and Settings\Tony\Application Data\Jasc Software Inc
2008-12-14 19:27:12 ----D---- C:\Documents and Settings\Tony\Application Data\Identities
2008-12-14 16:25:58 ----D---- C:\Program Files\WinClamAVShield
2008-12-14 16:20:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-12-14 16:20:31 ----D---- C:\Program Files\Spyware Terminator
2008-12-14 13:58:43 ----A---- C:\WINDOWS\FAMEX.exe
2008-12-14 13:16:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-14 13:14:52 ----D---- C:\Program Files\AVG
2008-12-14 00:33:30 ----A---- C:\WINDOWS\system32\9b0c2189-.txt
2008-12-14 00:33:14 ----ASH---- C:\WINDOWS\system32\ttBKRXbc.ini2
2008-12-14 00:33:14 ----ASH---- C:\WINDOWS\system32\ttBKRXbc.ini
2008-12-14 00:33:12 ----A---- C:\WINDOWS\system32\cbXRKBtt.dll
2008-12-14 00:23:40 ----A---- C:\WINDOWS\system32\ddcBUmjh.dll
2008-12-14 00:23:31 ----A---- C:\WINDOWS\system32\nnnklmnN.dll
2008-12-14 00:23:12 ----A---- C:\WINDOWS\system32\~.exe
2008-12-11 19:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 19:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 19:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 19:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 22:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-12-10 22:11:17 ----D---- C:\Program Files\Rosetta Stone
2008-12-10 22:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-12-10 22:07:46 ----D---- C:\Program Files\Ashampoo
2008-12-08 23:51:56 ----A---- C:\WINDOWS\system32\TweakUI.exe
2008-12-08 23:44:43 ----D---- C:\Program Files\ToniArts
2008-11-21 22:25:37 ----D---- C:\Program Files\iPod
2008-11-21 22:25:33 ----D---- C:\Program Files\iTunes
2008-11-21 22:25:33 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-19 20:25:17 ----D---- C:\7d0604dbe2308f6474f6b68832ef
2008-11-19 20:24:56 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-19 20:15:27 ----D---- C:\cfc76d6c3f508b61e666ed36fb24b4f3
2008-11-19 20:15:23 ----RHD---- C:\AHCache
2008-11-19 20:15:21 ----D---- C:\89302b3a0486859f5de0
2008-11-19 20:10:59 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-11-15 22:55:24 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-12 13:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 13:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 13:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 19:25:57 ----D---- C:\Program Files\Safari
2008-11-06 01:12:23 ----D---- C:\Program Files\Common Files\GeoVid
2008-11-06 01:12:23 ----D---- C:\Documents and Settings\All Users\Application Data\GeoVid
2008-11-06 01:12:22 ----A---- C:\WINDOWS\system32\mfc71u.dll
2008-11-06 01:12:22 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-11-06 01:12:22 ----A---- C:\WINDOWS\system32\dsetup.dll
2008-11-06 01:12:21 ----D---- C:\Program Files\GeoVid
2008-11-02 15:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-11-02 15:39:51 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-10-29 13:36:40 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-29 13:34:42 ----D---- C:\Program Files\nHancer
2008-10-29 13:34:42 ----D---- C:\Documents and Settings\All Users\Application Data\nHancer
2008-10-29 00:12:14 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-29 00:12:14 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-29 00:12:14 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-29 00:12:13 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-29 00:12:13 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-29 00:12:13 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-29 00:12:12 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-29 00:12:12 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-29 00:12:12 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-29 00:12:11 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-29 00:12:11 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-29 00:12:11 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-29 00:12:10 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-29 00:12:10 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-29 00:12:09 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-29 00:12:09 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-29 00:12:09 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-29 00:12:08 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-29 00:12:08 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-29 00:12:08 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-29 00:12:06 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-29 00:12:06 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-29 00:12:02 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-29 00:11:57 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-29 00:11:12 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-29 00:10:57 ----D---- C:\WINDOWS\Logs
2008-10-28 23:46:47 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-10-24 09:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 14:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
2008-10-23 14:17:11 ----D---- C:\Program Files\America's Army Deploy Client
2008-10-20 16:26:32 ----A---- C:\WINDOWS\system32\WMAFile.dll
2008-10-20 16:26:32 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2008-10-20 16:26:31 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-10-20 16:26:31 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2008-10-20 16:26:31 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-10-20 16:26:31 ----A---- C:\WINDOWS\system32\inetfr.DLL
2008-10-20 16:26:31 ----A---- C:\WINDOWS\system32\AudFile.dll
2008-10-20 16:26:30 ----D---- C:\Program Files\Free Easy Burner
2008-10-20 16:26:30 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-10-20 16:26:30 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-10-20 16:18:58 ----A---- C:\WINDOWS\Apollo Audio DVD Creator.INI
2008-10-20 16:18:53 ----D---- C:\Program Files\Apollo Audio DVD Creator
2008-10-19 22:35:08 ----D---- C:\Program Files\VDOWNLOADER
2008-10-18 20:05:22 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-10-16 02:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 14:29:21 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-15 14:29:21 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-15 14:29:20 ----A---- C:\WINDOWS\system32\java.exe
2008-10-14 23:24:49 ----D---- C:\WINDOWS\system32\Adobe
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-23 20:24:26 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-09-23 20:19:08 ----A---- C:\WINDOWS\system32\atiadlxx.dll

======List of files/folders modified in the last 3 months======

2008-12-14 22:35:23 ----D---- C:\Program Files
2008-12-14 22:34:10 ----D---- C:\WINDOWS\Temp
2008-12-14 22:16:13 ----D---- C:\Program Files\MZILLA
2008-12-14 21:20:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 19:30:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 19:28:20 ----SHD---- C:\WINDOWS\Installer
2008-12-14 19:28:20 ----SHD---- C:\Config.Msi
2008-12-14 19:28:14 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-14 19:27:10 ----D---- C:\Documents and Settings
2008-12-14 19:12:28 ----D---- C:\WINDOWS
2008-12-14 19:09:22 ----D---- C:\Program Files\Viewpoint
2008-12-14 19:07:19 ----D---- C:\Program Files\Bonjour
2008-12-14 16:41:00 ----ASH---- C:\BOOT.INI
2008-12-14 16:41:00 ----A---- C:\WINDOWS\WIN.INI
2008-12-14 16:41:00 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-14 16:20:40 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-14 13:31:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-14 13:16:01 ----D---- C:\WINDOWS\SYSTEM32
2008-12-14 13:00:02 ----D---- C:\WINDOWS\Prefetch
2008-12-14 12:49:40 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-14 11:45:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 08:25:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-14 00:23:48 ----SD---- C:\WINDOWS\Tasks
2008-12-11 19:12:49 ----HD---- C:\WINDOWS\INF
2008-12-11 19:12:36 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 19:12:23 ----D---- C:\Program Files\Internet Explorer
2008-12-11 19:12:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 13:00:17 ----A---- C:\WINDOWS\dellstat.ini
2008-12-10 22:28:17 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 00:00:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-08 23:58:37 ----D---- C:\Program Files\Activision
2008-12-08 17:55:43 ----D---- C:\Program Files\TrackMania Nations ESWC
2008-12-06 15:56:03 ----HD---- C:\Black III
2008-12-03 23:58:31 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-30 12:44:43 ----D---- C:\WINDOWS\Help
2008-11-23 00:40:38 ----D---- C:\Program Files\Opera
2008-11-21 22:25:36 ----D---- C:\Program Files\Common Files\Apple
2008-11-21 22:23:27 ----D---- C:\Program Files\QuickTime
2008-11-20 02:04:51 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-20 02:04:47 ----RSD---- C:\WINDOWS\ASSEMBLY
2008-11-19 20:34:35 ----RSD---- C:\WINDOWS\Fonts
2008-11-19 20:34:35 ----D---- C:\WINDOWS\system32\en-US
2008-11-19 20:34:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-19 20:28:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-19 20:22:45 ----D---- C:\WINDOWS\WinSxS
2008-11-15 23:09:18 ----D---- C:\Program Files\AIM6
2008-11-15 22:53:16 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-15 19:37:09 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-15 19:36:56 ----D---- C:\Program Files\NCH Swift Sound
2008-11-11 19:33:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-08 20:49:50 ----HD---- C:\$AVG8.VAULT$
2008-11-07 17:17:04 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-06 01:12:23 ----D---- C:\Program Files\Common Files
2008-11-02 15:42:12 ----D---- C:\Program Files\ATI Technologies
2008-11-02 15:36:49 ----D---- C:\ATI
2008-10-29 00:12:15 ----D---- C:\WINDOWS\system32\DirectX
2008-10-28 23:46:48 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-10-23 11:16:47 ----D---- C:\Program Files\StAPH
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-20 16:20:37 ----A---- C:\WINDOWS\cdPlayer.ini
2008-10-18 17:55:55 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-17 16:49:19 ----D---- C:\Program Files\verizon
2008-10-17 16:42:38 ----D---- C:\Program Files\Common Files\Motive
2008-10-17 16:19:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 14:29:02 ----D---- C:\Program Files\Java
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-14 04:51:04 ----D---- C:\Program Files\PeerGuardian2
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-01 12:51:06 ----D---- C:\Program Files\ProxyFirewall
2008-09-29 16:41:58 ----D---- C:\Program Files\MSN
2008-09-23 21:18:25 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-09-23 21:17:07 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-23 21:09:12 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-09-23 21:07:05 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-09-23 21:06:53 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-09-23 21:06:44 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-09-23 21:06:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-09-23 21:06:19 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-09-23 21:05:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-09-23 21:04:49 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-09-23 21:03:30 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-09-23 20:56:46 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-09-23 20:54:16 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-09-23 20:38:32 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-23 20:20:30 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-09-23 20:18:59 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-09-23 20:18:17 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-09-23 20:12:34 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-15 14:14:59 ----HD---- C:\WINDOWS\system32\GroupPolicy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-14 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-14 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-14 76040]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-04 839880]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-23 3331072]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2001-01-09 27088]
R3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-01-08 12816]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 rxp;rxp; C:\WINDOWS\system32\drivers\rxp.sys []
S2 sbbotdi;sbbotdi; C:\WINDOWS\system32\drivers\sbbotdi.sys []
S2 X4HSX32;X4HSX32; \??\C:\Program Files\Verizon Games on Demand Player\X4HSX32.Sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-06-07 17480]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NTProcDrv;Process creation detector for NT.; C:\WINDOWS\system32\drivers\NTProcDrv.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 PSSdk23;PSSdk23; C:\WINDOWS\system32\drivers\PSSdk23.sys []
S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class; C:\WINDOWS\system32\DRIVERS\scsiprnt.sys [2001-08-17 11648]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-06-03 223128]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal "“ Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal "“ Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-23 581632]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-14 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-04-04 177672]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-03-27 311296]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-28 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-12-14 570880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2008-09-23 593920]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-14 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbu_device;dlbu_device; C:\WINDOWS\system32\dlbucoms.exe [2004-07-01 421888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-10 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Radialpoint Security Services;Radialpoint Security Services; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
S3 RPSUpdaterR;Radialpoint Unicorn Update Service; C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe [2008-03-17 99056]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

couple things... i created a new profile and have been using it thats where i did the scan.... i made a copy of explorer and changed the name and hooked the new one up because explorer crashes every 15 seconds and i read somewhere on how to fix it and apparently it switched it back to normal because explorer is crashing again


ComboFix 08-12-14.04 - Tony 2008-12-14 22:50:23.1 - NTFSx86
Running from: c:\documents and settings\Tony\Desktop\GROBO.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\family\Application Data\FunWebProducts
c:\documents and settings\family\Application Data\FunWebProducts\Data\Family\avatar.dat
c:\documents and settings\family\Application Data\gadcom
c:\documents and settings\family\Application Data\GetModule
c:\documents and settings\family\Application Data\GetModule\dicik.gz
c:\documents and settings\family\Application Data\GetModule\kwdik.gz
c:\documents and settings\family\Application Data\GetModule\ofadik.gz
c:\documents and settings\family\Application Data\install.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\zango
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\~.exe
c:\windows\system32\cbXRKBtt.dll
c:\windows\system32\ddcBUmjh.dll
c:\windows\system32\drivers\TDSSrvdc.sys
c:\windows\system32\mbols~1
c:\windows\system32\TDSSkfkl.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoaba.dll
c:\windows\system32\TDSSoxum.dll
c:\windows\system32\TDSSqkhc.dll
c:\windows\system32\TDSSqrde.log
c:\windows\system32\TDSSshkx.log
c:\windows\system32\TDSSurxb.dll
c:\windows\system32\TDSSweat.dat
c:\windows\system32\TDSSxehr.dll
c:\windows\system32\ttBKRXbc.ini
c:\windows\system32\ttBKRXbc.ini2
c:\windows\system32\wnscpsv.exe
c:\windows\system32\wpv351229210867.cpx
c:\windows\Tasks\vgdkrpwb.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 22:37 . 2008-12-14 22:38 <DIR> d-------- C:\32788R22FWJFW
2008-12-14 22:35 . 2008-12-14 22:35 <DIR> d-------- C:\rsit
2008-12-14 22:35 . 2008-12-14 22:35 <DIR> d-------- c:\program files\trend micro
2008-12-14 19:27 . 2004-11-17 23:40 <DIR> d-------- c:\documents and settings\Tony\Application Data\Sonic
2008-12-14 19:27 . 2004-11-17 23:33 <DIR> d-------- c:\documents and settings\Tony\Application Data\Jasc Software Inc
2008-12-14 19:27 . 2004-11-17 23:39 <DIR> d--h----- c:\documents and settings\Tony\Application Data\Gtek
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\documents and settings\Tony
2008-12-14 16:25 . 2008-12-14 16:37 <DIR> d-------- c:\program files\WinClamAVShield
2008-12-14 16:20 . 2008-12-14 19:00 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-14 16:20 . 2008-12-14 19:00 <DIR> d-------- c:\documents and settings\family\Application Data\Spyware Terminator
2008-12-14 16:20 . 2008-12-14 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-14 16:20 . 2008-12-14 16:20 141,312 --a------ c:\windows\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-12-14 13:58 . 2008-04-13 19:12 1,033,728 --a------ c:\windows\FAMEX.exe
2008-12-14 13:16 . 2008-12-14 13:16 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2008-12-14 13:16 . 2008-12-14 13:16 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2008-12-14 13:15 . 2008-12-14 13:15 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2008-12-14 13:15 . 2008-12-14 13:15 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2008-12-14 13:14 . 2008-12-14 13:14 <DIR> d-------- c:\program files\AVG
2008-12-14 00:23 . 2008-12-14 00:23 34,816 --a------ c:\windows\SYSTEM32\nnnklmnN.dll
2008-12-10 22:11 . 2008-12-10 22:11 <DIR> d-------- c:\program files\Rosetta Stone
2008-12-10 22:11 . 2008-12-11 01:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-12-10 22:07 . 2008-12-10 22:07 <DIR> d-------- c:\program files\Ashampoo
2008-12-10 22:07 . 2008-12-10 22:07 <DIR> d-------- c:\documents and settings\family\Application Data\Ashampoo
2008-12-10 22:07 . 2008-12-10 22:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-12-10 01:39 . 2008-12-10 01:39 <DIR> d-------- c:\documents and settings\family\Application Data\DAEMON Tools
2008-12-08 23:51 . 2003-06-25 16:05 266,360 --a------ c:\windows\SYSTEM32\TweakUI.exe
2008-12-08 23:51 . 2002-06-21 15:09 160,217 --a------ c:\windows\SYSTEM32\PowerToysLicense.rtf
2008-12-08 23:44 . 2008-12-08 23:44 <DIR> d-------- c:\program files\ToniArts
2008-12-07 20:22 . 2008-12-07 21:04 <DIR> d-------- c:\documents and settings\family\Application Data\eBookPro6
2008-11-21 22:25 . 2008-11-21 22:26 <DIR> d-------- c:\program files\iTunes
2008-11-21 22:25 . 2008-11-21 22:25 <DIR> d-------- c:\program files\iPod
2008-11-21 22:25 . 2008-11-21 22:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-19 20:25 . 2008-11-19 20:26 <DIR> d-------- C:\7d0604dbe2308f6474f6b68832ef
2008-11-19 20:24 . 2008-11-19 21:12 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-19 20:15 . 2008-11-19 20:27 <DIR> d-------- C:\cfc76d6c3f508b61e666ed36fb24b4f3
2008-11-19 20:15 . 2008-11-19 20:15 <DIR> dr-h----- C:\AHCache
2008-11-19 20:15 . 2008-11-19 20:27 <DIR> d-------- C:\89302b3a0486859f5de0
2008-11-19 20:10 . 2008-11-19 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-15 22:57 . 2008-11-15 22:57 <DIR> d-------- c:\documents and settings\family\Application Data\Tencent
2008-11-15 22:55 . 2008-11-15 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 03:44 --------- d-----w c:\program files\MZILLA
2008-12-15 00:09 --------- d-----w c:\program files\Viewpoint
2008-12-15 00:07 --------- d-----w c:\program files\Bonjour
2008-12-14 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-11 03:28 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-10 06:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-09 05:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 04:58 --------- d-----w c:\program files\Activision
2008-12-08 22:55 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-11-23 05:40 --------- d-----w c:\program files\Opera
2008-11-22 03:25 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 03:23 --------- d-----w c:\program files\QuickTime
2008-11-22 03:17 --------- d-----w c:\program files\Safari
2008-11-20 01:35 --------- d-----w c:\documents and settings\family\Application Data\Uniblue
2008-11-16 04:09 --------- d-----w c:\program files\AIM6
2008-11-16 03:53 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-16 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-16 00:36 --------- d-----w c:\program files\NCH Swift Sound
2008-11-07 22:17 111,928 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-11-06 06:12 --------- d-----w c:\program files\GeoVid
2008-11-06 06:12 --------- d-----w c:\program files\Common Files\GeoVid
2008-11-06 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-02 20:47 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-02 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-02 20:42 --------- d-----w c:\program files\ATI Technologies
2008-11-02 20:39 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-10-29 18:38 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-29 18:36 --------- d-----w c:\documents and settings\family\Application Data\SystemRequirementsLab
2008-10-29 18:34 --------- d-----w c:\program files\nHancer
2008-10-29 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\nHancer
2008-10-29 05:00 682,280 ----a-w c:\windows\SYSTEM32\pbsvc.exe
2008-10-29 05:00 22,328 ----a-w c:\documents and settings\family\Application Data\PnkBstrK.sys
2008-10-29 04:46 66,872 ----a-w c:\windows\SYSTEM32\PnkBstrA.exe
2008-10-28 21:00 --------- d-----w c:\documents and settings\family\Application Data\MSN6
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:24 --------- d-----w c:\program files\America's Army Deploy Client
2008-10-23 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-10-23 16:16 --------- d-----w c:\program files\StAPH
2008-10-23 16:16 --------- d-----w c:\program files\Free Easy Burner
2008-10-23 16:16 --------- d-----w c:\program files\Apollo Audio DVD Creator
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-20 03:35 --------- d-----w c:\program files\VDOWNLOADER
2008-10-19 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-10-19 01:03 --------- d-----w c:\documents and settings\family\Application Data\TVU networks
2008-10-17 21:49 --------- d-----w c:\program files\verizon
2008-10-17 21:42 --------- d-----w c:\program files\Common Files\Motive
2008-10-16 20:38 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
2008-10-16 20:38 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2008-10-16 20:38 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-10-16 20:38 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-10-16 20:38 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2008-10-16 20:38 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-10-16 20:38 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 19:29 --------- d-----w c:\program files\Java
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-09-24 02:18 425,984 ----a-w c:\windows\SYSTEM32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\SYSTEM32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\SYSTEM32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\SYSTEM32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\SYSTEM32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\SYSTEM32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\SYSTEM32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\SYSTEM32\ati2evxx.dll
2008-09-24 02:05 593,920 ----a-w c:\windows\SYSTEM32\ati2sgag.exe
2008-09-24 02:04 581,632 ----a-w c:\windows\SYSTEM32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\SYSTEM32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\SYSTEM32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\SYSTEM32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\SYSTEM32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\SYSTEM32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\SYSTEM32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\SYSTEM32\atiadlxx.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\SYSTEM32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\SYSTEM32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\SYSTEM32\ati2cqag.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2007-06-28 03:12 389,120 ----a-w c:\documents and settings\family\GoToAssist_phone__268_en.exe
2007-01-24 16:06 439,296 ----a-w c:\documents and settings\family\GoToAssist_phone__317_en.exe
2006-12-26 17:35 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-11-15 03:20 439,296 ----a-w c:\documents and settings\family\remote.exe
2005-11-04 19:34 518 ----a-w c:\program files\Shortcut to Internet Explorer.lnk
2005-10-24 21:59 939,682 ----a-w c:\documents and settings\family\slsk157test5.exe
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-02 04:10 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
2005-07-29 21:24 472 --sha-r c:\windows\ZmFtaWx5\tAIQuqUc.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-14 00:23 34816 --a------ c:\windows\system32\nnnklmnN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5C5ADC4-80A4-49A1-A4E4-EC4F9D1E3AA2}]
2008-12-14 23:15 302592 --a------ c:\windows\system32\ssqPfDwX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336]
"Mouse Suite 98 Daemon "= "PELMICED.EXE" [2001-01-12 c:\windows\SYSTEM32\PELMICED.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} "= "c:\windows\system32\nnnklmnN.dll" [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnklmnN]
2008-12-14 00:23 34816 c:\windows\SYSTEM32\nnnklmnN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn "= AvidAVICodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau c:\windows\system32\ssqPfDwX

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\WINDOWS\\SYSTEM32\\Lexpps.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE "=
"c:\\Black III\\uSED\\mIRC\\mirc.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1154459043\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1154459043\\ee\\aim6.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe "=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe "=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe "=
"c:\\Program Files\\MZILLA\\firefox.exe "=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\nexon\Combat Arms\CombatArms.exe "= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe "= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe "=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1716:TCP "= 1716:TCP:America's Army
"1717:TCP "= 1717:TCP:Gamequery
"1718:TCP "= 1718:TCP:Master Server
"8777:TCP "= 8777:TCP:Standard Ut
"27900:TCP "= 27900:TCP:GameSpy
"14200:UDP "= 14200:UDP:authorization server and MBS browser
"20048:UDP "= 20048:UDPCDS
"7463:TCP "= 7463:TCP:BitComet 7463 TCP
"7463:UDP "= 7463:UDP:BitComet 7463 UDP
"60704:TCP "= 60704:TCP:emule
"29305:UDP "= 29305:UDP:emule
"<NO NAME> "=
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []

2008-12-15 c:\windows\Tasks\AB551B99914E9185.job
- c:\docume~1\family\applic~1\exitblah\Two More Bits.exe []

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-12 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []

2008-12-12 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []
.
- - - - ORPHANS REMOVED - - - -

BHO-{5345A7A1-805A-4923-B505-86B2FEBA3FE0} - (no file)
BHO-{8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\progra~1\IWINGA~1\IWINGA~1.DLL
BHO-{CA99588F-0A00-4A52-B570-E655149EBF4E} - c:\windows\system32\cbXRKBtt.dll
MSConfigStartUp-GetModule32 - c:\program files\GetModule\GetModule32.exe
MSConfigStartUp-SVCHOST - c:\windows\system32\drivers\svchost.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\twgt5emz.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 23:09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\nnnklmnN.dll

- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\ssqPfDwX.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LexBceS.exe
c:\windows\SYSTEM32\Lexpps.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\windows\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-14 23:17:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 04:17:43

Pre-Run: 6,075,011,072 bytes free
Post-Run: 12,387,557,376 bytes free

350 --- E O F --- 2008-12-12 00:12:50

 

This should fix that explorer problem.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
c:\windows\SYSTEM32\nnnklmnN.dll
c:\windows\system32\ssqPfDwX.dll
c:\windows\Tasks\AB551B99914E9185.job
c:\windows\Tasks\ErrorSmart Scheduled Scan.job
FileLook::
c:\windows\FAMEX.exe
Folder::
c:\windows\ZmFtaWx5
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5C5ADC4-80A4-49A1-A4E4-EC4F9D1E3AA2}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
 "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnklmnN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
 "Authentication Packages "=hex(7):6d,73,76,31,5f,30,00,00

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.

 

EVERYTHING SEEMS TO BE WORKING FINE THANK YOU U GUYS ARE SAVIORS IDK IS ANYTHING STILL LEFT?


ComboFix 08-12-14.04 - Family 2008-12-15 1:17:54.2 - NTFSx86
Running from: c:\documents and settings\family\Desktop\Pizzle.exe
Command switches used :: c:\documents and settings\family\Desktop\CFScript.txt

FILE ::
c:\windows\SYSTEM32\nnnklmnN.dll
c:\windows\system32\ssqPfDwX.dll
c:\windows\Tasks\AB551B99914E9185.job
c:\windows\Tasks\ErrorSmart Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\nnnklmnN.dll
c:\windows\system32\ssqPfDwX.dll
c:\windows\SYSTEM32\XwDfPqss.ini
c:\windows\system32\XwDfPqss.ini2
c:\windows\Tasks\AB551B99914E9185.job
c:\windows\Tasks\ErrorSmart Scheduled Scan.job
c:\windows\ZmFtaWx5
c:\windows\ZmFtaWx5\tAIQuqUc.vbs

.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 22:35 . 2008-12-14 22:35 <DIR> d-------- C:\rsit
2008-12-14 22:35 . 2008-12-14 22:35 <DIR> d-------- c:\program files\trend micro
2008-12-14 19:27 . 2004-11-17 23:40 <DIR> d-------- c:\documents and settings\Tony\Application Data\Sonic
2008-12-14 19:27 . 2004-11-17 23:33 <DIR> d-------- c:\documents and settings\Tony\Application Data\Jasc Software Inc
2008-12-14 19:27 . 2004-11-17 23:39 <DIR> d--h----- c:\documents and settings\Tony\Application Data\Gtek
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\documents and settings\Tony
2008-12-14 16:25 . 2008-12-14 16:37 <DIR> d-------- c:\program files\WinClamAVShield
2008-12-14 16:20 . 2008-12-14 19:00 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-14 16:20 . 2008-12-14 19:00 <DIR> d-------- c:\documents and settings\family\Application Data\Spyware Terminator
2008-12-14 16:20 . 2008-12-14 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-14 16:20 . 2008-12-14 16:20 141,312 --a------ c:\windows\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-12-14 13:58 . 2008-04-13 19:12 1,033,728 --a------ c:\windows\FAMEX.exe
2008-12-14 13:16 . 2008-12-14 13:16 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2008-12-14 13:16 . 2008-12-14 13:16 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2008-12-14 13:15 . 2008-12-15 01:02 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2008-12-14 13:15 . 2008-12-14 13:15 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2008-12-14 13:14 . 2008-12-14 13:14 <DIR> d-------- c:\program files\AVG
2008-12-10 22:11 . 2008-12-10 22:11 <DIR> d-------- c:\program files\Rosetta Stone
2008-12-10 22:11 . 2008-12-11 01:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-12-10 22:07 . 2008-12-10 22:07 <DIR> d-------- c:\program files\Ashampoo
2008-12-10 22:07 . 2008-12-10 22:07 <DIR> d-------- c:\documents and settings\family\Application Data\Ashampoo
2008-12-10 22:07 . 2008-12-10 22:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-12-10 01:39 . 2008-12-10 01:39 <DIR> d-------- c:\documents and settings\family\Application Data\DAEMON Tools
2008-12-08 23:51 . 2003-06-25 16:05 266,360 --a------ c:\windows\SYSTEM32\TweakUI.exe
2008-12-08 23:51 . 2002-06-21 15:09 160,217 --a------ c:\windows\SYSTEM32\PowerToysLicense.rtf
2008-12-08 23:44 . 2008-12-08 23:44 <DIR> d-------- c:\program files\ToniArts
2008-12-07 20:22 . 2008-12-07 21:04 <DIR> d-------- c:\documents and settings\family\Application Data\eBookPro6
2008-11-21 22:25 . 2008-11-21 22:26 <DIR> d-------- c:\program files\iTunes
2008-11-21 22:25 . 2008-11-21 22:25 <DIR> d-------- c:\program files\iPod
2008-11-21 22:25 . 2008-11-21 22:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-19 20:25 . 2008-11-19 20:26 <DIR> d-------- C:\7d0604dbe2308f6474f6b68832ef
2008-11-19 20:24 . 2008-11-19 21:12 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-19 20:15 . 2008-11-19 20:27 <DIR> d-------- C:\cfc76d6c3f508b61e666ed36fb24b4f3
2008-11-19 20:15 . 2008-11-19 20:15 <DIR> dr-h----- C:\AHCache
2008-11-19 20:15 . 2008-11-19 20:27 <DIR> d-------- C:\89302b3a0486859f5de0
2008-11-19 20:10 . 2008-11-19 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-15 22:57 . 2008-11-15 22:57 <DIR> d-------- c:\documents and settings\family\Application Data\Tencent
2008-11-15 22:55 . 2008-11-15 22:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 06:09 --------- d-----w c:\program files\MZILLA
2008-12-15 00:09 --------- d-----w c:\program files\Viewpoint
2008-12-15 00:07 --------- d-----w c:\program files\Bonjour
2008-12-14 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-11 03:28 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-10 06:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-09 05:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 04:58 --------- d-----w c:\program files\Activision
2008-12-08 22:55 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-11-23 05:40 --------- d-----w c:\program files\Opera
2008-11-22 03:25 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 03:23 --------- d-----w c:\program files\QuickTime
2008-11-22 03:17 --------- d-----w c:\program files\Safari
2008-11-20 01:35 --------- d-----w c:\documents and settings\family\Application Data\Uniblue
2008-11-16 04:09 --------- d-----w c:\program files\AIM6
2008-11-16 03:53 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-16 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-16 00:36 --------- d-----w c:\program files\NCH Swift Sound
2008-11-06 06:12 --------- d-----w c:\program files\GeoVid
2008-11-06 06:12 --------- d-----w c:\program files\Common Files\GeoVid
2008-11-06 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\GeoVid
2008-11-02 20:47 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-02 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-02 20:42 --------- d-----w c:\program files\ATI Technologies
2008-11-02 20:39 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-10-29 18:38 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-29 18:36 --------- d-----w c:\documents and settings\family\Application Data\SystemRequirementsLab
2008-10-29 18:34 --------- d-----w c:\program files\nHancer
2008-10-29 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\nHancer
2008-10-29 05:00 22,328 ----a-w c:\documents and settings\family\Application Data\PnkBstrK.sys
2008-10-28 21:00 --------- d-----w c:\documents and settings\family\Application Data\MSN6
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:24 --------- d-----w c:\program files\America's Army Deploy Client
2008-10-23 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-10-23 16:16 --------- d-----w c:\program files\StAPH
2008-10-23 16:16 --------- d-----w c:\program files\Free Easy Burner
2008-10-23 16:16 --------- d-----w c:\program files\Apollo Audio DVD Creator
2008-10-20 03:35 --------- d-----w c:\program files\VDOWNLOADER
2008-10-19 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-10-19 01:03 --------- d-----w c:\documents and settings\family\Application Data\TVU networks
2008-10-17 21:49 --------- d-----w c:\program files\verizon
2008-10-17 21:42 --------- d-----w c:\program files\Common Files\Motive
2008-10-15 19:29 --------- d-----w c:\program files\Java
2007-06-28 03:12 389,120 ----a-w c:\documents and settings\family\GoToAssist_phone__268_en.exe
2007-01-24 16:06 439,296 ----a-w c:\documents and settings\family\GoToAssist_phone__317_en.exe
2006-12-26 17:35 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-11-15 03:20 439,296 ----a-w c:\documents and settings\family\remote.exe
2005-11-04 19:34 518 ----a-w c:\program files\Shortcut to Internet Explorer.lnk
2005-10-24 21:59 939,682 ----a-w c:\documents and settings\family\slsk157test5.exe
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-02 04:10 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336]
"Mouse Suite 98 Daemon "= "PELMICED.EXE" [2001-01-12 c:\windows\SYSTEM32\PELMICED.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn "= AvidAVICodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\WINDOWS\\SYSTEM32\\Lexpps.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE "=
"c:\\Black III\\uSED\\mIRC\\mirc.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1154459043\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1154459043\\ee\\aim6.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe "=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe "=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe "=
"c:\\Program Files\\MZILLA\\firefox.exe "=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"c:\nexon\Combat Arms\CombatArms.exe "= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe "= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe "=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1716:TCP "= 1716:TCP:America's Army
"1717:TCP "= 1717:TCP:Gamequery
"1718:TCP "= 1718:TCP:Master Server
"8777:TCP "= 8777:TCP:Standard Ut
"27900:TCP "= 27900:TCP:GameSpy
"14200:UDP "= 14200:UDP:authorization server and MBS browser
"20048:UDP "= 20048:UDPCDS
"7463:TCP "= 7463:TCP:BitComet 7463 TCP
"7463:UDP "= 7463:UDP:BitComet 7463 UDP
"60704:TCP "= 60704:TCP:emule
"29305:UDP "= 29305:UDP:emule
"<NO NAME> "=
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []

2008-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E86A80AA-6E5B-4B7E-80D4-680026CF986D} - c:\windows\system32\ssqPfDwX.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
FF - ProfilePath - c:\documents and settings\family\Application Data\Mozilla\Firefox\Profiles\0iyqlche.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://cmonwealth.com/
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\MZILLA\plugins\npdivx32.dll
FF - plugin: c:\program files\MZILLA\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\MZILLA\plugins\npnul32.dll
FF - plugin: c:\program files\MZILLA\plugins\npqtplugin.dll
FF - plugin: c:\program files\MZILLA\plugins\npqtplugin2.dll
FF - plugin: c:\program files\MZILLA\plugins\npqtplugin3.dll
FF - plugin: c:\program files\MZILLA\plugins\npqtplugin4.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 01:33:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\LexBceS.exe
c:\windows\SYSTEM32\Lexpps.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgemc.exe
.
**************************************************************************
.
Completion time: 2008-12-15 1:42:09 - machine was rebooted [Family]
ComboFix-quarantined-files.txt 2008-12-15 06:41:02
ComboFix2.txt 2008-12-15 04:17:57

Pre-Run: 12,219,891,712 bytes free
Post-Run: 12,196,610,048 bytes free

266 --- E O F --- 2008-12-12 00:12:50

 

Looks good.

Please check the properties of the following file to see if you can find any information about it; company name, version, etc.

c:\windows\FAMEX.exe

 

that was a file that i made a copy of explorer i called it FAMily EXplorer thnx for the help

 

LOL. I ws ready to nuke it.

Lets make sure we haven't missed something. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 16, 2008 01:04:42
Records in database: 1464189
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
G:\

Scan statistics:
Files scanned: 170266
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:31:29


File name / Threat name / Threats count
C:\Black III\uSED\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnklmnN.dll.vir Infected: Trojan-Downloader.Win32.Injecter.bel 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan.Win32.Pakes.meg 1
C:\WINDOWS\Icon_Patcher\tools\wfpdisable.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1

The selected area was scanned.

 

so... is everything gone now?

also

windows media player doesnt seem to be working anymore i looked up the solution they said

problem is i forgot the admin password had this computer for around 5 years anyone know how to recover admin password or an alternate way to fix wmp 11

 

Your account has Administrative rights. Run the commands.

Looks great! Lets clean up our tools.

First, remove any files in quarantine by resident antivirus and anitspyware apps.
Delete RSIT.exe and the C:\rsit folder.
Empty the recycle bin.
Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

If everything is working properly, we're done here. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

 

i deleted the combofix shortcut so it says windows cant find combofix when i run it.... should i delete the folders manually?

 

No. Download a fresh copy and save it to the same location, then run the command to uninstall.

 

uninstall went smooth ... but wmp wont work when i try to register the dll

it tells me dllregisterserver in jscript.dll failed return code was 0x80004005

 

Please provide details of what happens when attempting to use WMP

 

when i click on it, nothing happens

 

Try entering the following command in the Start>Run dialog then hit Enter.

regsvr32 wmp.dll

If you get a succeeded message, try starting MP.

Have you tried starting it from more than 1 place, eg; All Programs list, Quick Launch, Start Menu (if shown)?