Solved Unable to use IE & backdoor.bot won't delete

Let's try this route

1. Please download Dial-A-Fix from one of the following mirrors:
   • Primary Mirror
   • Secondary Mirror
2. Extract the zip file to your desktop.
3. Double click Dial-a-Fix.exe to start the program.
4. Press the green double checkmark box (Looks like this: )
5. UNcheck "Empty Temp Folders ", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
   
6. When the window looks like this, press the GO button in the bottom of the window.
   
7. Exit/Close Dial-A-Fix

Now try
Open Notepad (Start > Run, type in: notepad) copy/paste the entire contents of the quotebox below into Notepad:

Save it as Fix.bat & place it next to mbr.exe before double clicking it.

See if that produces a log.

 

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x995c69a size 0x1c1 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

-------------------------------------------------------------------------------------
do you want me to try the -f?

 

Click Start >> Run and copy/paste the following into the run box.

%userprofile%\Desktop\mbr.exe -f

Please post the log it produces

After the fix runs please reboot the computer.

 

Juliet!!!!!!! im a failure! it wont work.. *** hun. it used to work fine, but now when we put that -f after it, it doesn't start. what do you think is goin on wit it?

 

Did you reboot the machine after you ran it the first time.....
I'm thinking it's necessary.

Click Start>My Computer and double click on C:\

Once it's opened simply drag and drop mbr.exe into and empty spot in that window.


After it's been moved to the C:\drive....



Click Start>Run
Type in mbr.exe -f <---there is a space between the e and - <---this is important
Click on ok and ok your way out

Reboot your computer and then click on mbr.exe in your windows folder and copy and paste it in for me to see

 

Great!

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

 

user & kernel MBR OK


It worked.....it's clear.


Give me the low down on whats happening now.

 

It works! What did you doooooooooooo?

 

I'd like to try this again


Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\drivers\tcpip.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "

Also please have the next files scanned.
c:\windows\system32\dllcache\tcpip.sys
c:\windows\ServicePackFiles\i386\tcpip.sys


I need to see a new DDS log

 

The only this that's up, is that my AVG says after I restart, that it can't connect to auto-update. Maybe that's because of the internet connection when my computer loads up? I've got cable. What do you think?

-------------------------------------------------------------------------------------
File tcpip.sys_ received on 03.06.2009 22:41:35 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)

-------------------------------------------------------------------------------------
File tcpip.sys received on 03.06.2009 22:43:18 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)

-------------------------------------------------------------------------------------
File tcpip.sys received on 03.06.2009 22:45:18 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)

-------------------------------------------------------------------------------------

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 13:47:08.76 on Fri 03/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.208 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {574FAE5A-6223-A054-3174-91E7DFC53986} - No File
BHO: {72183A59-F2E3-3507-E1B2-E9A5789D07F1} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {A5E51C5B-57CF-A04A-BF60-3E709924E2F8} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunServices: [UpdateWin] c:\windows\system32\activedsx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PCTVOICE] pctspk.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunServices: [UpdateWin] c:\windows\system32\activedsx.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\Epkick.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sprint~1.lnk - c:\windows\RM.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MiniEYE-MiniREAD Launch .lnk.disabled
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233423749976&h=10203cf41da0e482e3764280d27692bb/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {93AFF8A7-2782-47C8-8EB0-219C14CDC0ED} = 208.67.220.220,208.67.222.222
TCP: {B01A2396-58D0-4382-ABF4-7E8B21CD2807} = 208.67.220.220,208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\51g7s3oe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-1 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-1 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-1 298264]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 gupdate1c99c9589fb5a82;Google Update Service (gupdate1c99c9589fb5a82);c:\program files\google\update\GoogleUpdate.exe [2009-3-3 133104]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\drivers\fardrive.sys --> c:\windows\system32\drivers\FarDrive.sys [?]
S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]

=============== Created Last 30 ================

2009-03-05 17:51 <DIR> --d----- c:\windows\system32\CatRoot2
2009-03-05 09:28 250 a------- c:\windows\gmer.ini
2009-03-03 16:05 <DIR> a-dshr-- C:\cmdcons
2009-03-03 16:03 161,792 a------- c:\windows\SWREG.exe
2009-03-03 16:03 98,816 a------- c:\windows\sed.exe
2009-03-02 07:57 69,120 ac------ c:\windows\system32\dllcache\notepad.exe
2009-03-02 07:57 69,120 a------- c:\windows\notepad.exe
2009-03-02 07:49 1,355 a------- c:\windows\imsins.BAK
2009-03-01 16:39 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-01 15:35 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-01 15:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-01 15:35 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-01 15:35 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-01 15:34 <DIR> --d----- c:\program files\AVG
2009-03-01 15:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-01 15:22 <DIR> --d----- c:\docume~1\owner\applic~1\True Sword
2009-03-01 15:20 <DIR> --d----- c:\program files\True Sword 5
2009-02-28 22:37 4,767 a------- c:\windows\Irremote.ini
2009-02-28 22:02 <DIR> --d----- c:\program files\Nero
2009-02-28 22:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-02-28 18:20 <DIR> --d----- C:\RecoveryCD
2009-02-28 17:14 <DIR> --d----- c:\program files\CCleaner
2009-02-28 13:41 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-28 12:42 14,336 a------- c:\windows\system32\ff_vfw.dll
2009-02-28 12:42 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-02-28 12:42 <DIR> --d----- c:\program files\ffdshow
2009-02-28 12:03 <DIR> --d----- c:\program files\Veoh Networks
2009-02-24 21:05 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-15 22:14 <DIR> --d----- c:\documents and settings\owner\.thumbnails
2009-02-15 22:13 <DIR> --d----- c:\documents and settings\owner\.gimp-2.6
2009-02-15 22:12 <DIR> --d----- c:\documents and settings\owner\.gegl-0.0
2009-02-15 22:10 <DIR> --d----- c:\program files\GIMP-2.0
2009-02-12 23:21 131,072 a------- c:\windows\system32\SAgent4.exe
2009-02-10 21:07 32,768 a------- c:\windows\system32\Wnaspi32.dll
2009-02-10 21:07 57,344 a------- c:\windows\system32\Wnaspint.dll
2009-02-10 21:07 <DIR> --d----- c:\docume~1\owner\applic~1\Acoustica
2009-02-10 21:07 <DIR> --d----- c:\program files\Acoustica MP3 CD Burner
2009-02-10 12:40 <DIR> --d----- c:\docume~1\owner\applic~1\Camfrog
2009-02-06 00:27 <DIR> --d----- c:\program files\Realtek AC97
2009-02-05 23:24 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-02-05 23:12 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-02-05 23:12 <DIR> --d----- c:\windows\Logs

==================== Find3M ====================

2009-01-31 00:50 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-01-29 12:35 4,706 a------- c:\windows\system32\PerfStringBackup.TMP
2009-01-16 16:24 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 16:24 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-11 14:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-09 18:39 4,096 a------- c:\windows\d3dx.dat
2006-04-02 22:26 9,583,368 a------- c:\documents and settings\owner\DesktopDoctor1.5.1.exe

============= FINISH: 13:48:06.71 ===============

 

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\windows\system32\activedsx.exe

DDS::
BHO: {574FAE5A-6223-A054-3174-91E7DFC53986} - No File
BHO: {72183A59-F2E3-3507-E1B2-E9A5789D07F1} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {A5E51C5B-57CF-A04A-BF60-3E709924E2F8} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRunServices: [UpdateWin] c:\windows\system32\activedsx.exe
mRunServices: [UpdateWin] c:\windows\system32\activedsx.exe

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Post your combofix log

How's the computer now?

 

ComboFix 09-03-06.02 - Owner 2009-03-07 10:24:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.163 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\activedsx.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-05 17:51 . 2009-03-07 10:23 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-05 09:28 . 2009-03-05 09:28 250 --a------ c:\windows\gmer.ini
2009-03-02 07:57 . 2008-04-13 16:12 69,120 --a--c--- c:\windows\system32\dllcache\notepad.exe
2009-03-02 07:57 . 2008-04-13 16:12 69,120 --a------ c:\windows\notepad.exe
2009-03-02 07:49 . 2009-03-06 11:21 1,355 --a------ c:\windows\imsins.BAK
2009-03-01 16:39 . 2009-03-03 12:32 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 15:35 . 2009-03-06 10:52 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 15:35 . 2009-03-01 15:35 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 15:35 . 2009-03-01 15:35 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 15:35 . 2009-03-01 15:35 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 15:34 . 2009-03-01 15:34 <DIR> d-------- c:\program files\AVG
2009-03-01 15:34 . 2009-03-01 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 15:22 . 2009-03-01 15:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\True Sword
2009-03-01 15:20 . 2009-03-01 22:40 <DIR> d-------- c:\program files\True Sword 5
2009-03-01 14:03 . 2009-03-01 14:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-01 13:25 . 2009-03-01 22:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-01 11:17 . 2009-03-01 11:18 <DIR> d-------- c:\documents and settings\Owner\Application Data\Nero
2009-02-28 22:37 . 2009-02-28 22:37 4,767 --a------ c:\windows\Irremote.ini
2009-02-28 22:32 . 2009-02-28 22:32 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-28 22:02 . 2009-02-28 22:35 <DIR> d-------- c:\program files\Nero
2009-02-28 22:01 . 2009-02-28 23:04 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-28 22:01 . 2009-02-28 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-28 18:20 . 2009-02-28 18:21 <DIR> d-------- C:\RecoveryCD
2009-02-28 17:48 . 2009-02-28 17:48 0 --a------ c:\windows\nsreg.dat
2009-02-28 17:46 . 2009-02-28 17:46 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-02-28 17:46 . 2009-02-28 17:46 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-02-28 17:14 . 2009-02-28 17:14 <DIR> d-------- c:\program files\RegCure
2009-02-28 17:14 . 2009-02-28 17:14 <DIR> d-------- c:\program files\CCleaner
2009-02-28 13:41 . 2008-04-13 16:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-02-28 12:42 . 2009-02-28 12:42 <DIR> d-------- c:\program files\ffdshow
2009-02-28 12:42 . 2008-08-22 17:57 14,336 --a------ c:\windows\system32\ff_vfw.dll
2009-02-28 12:42 . 2008-08-10 11:55 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-28 12:03 . 2009-02-28 12:03 <DIR> d-------- c:\program files\Veoh Networks
2009-02-26 18:51 . 2009-02-26 18:51 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-02-24 21:05 . 2009-01-09 11:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-15 22:14 . 2009-03-05 10:46 <DIR> d-------- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-02-15 22:14 . 2009-02-23 10:31 <DIR> d-------- c:\documents and settings\Owner\.thumbnails
2009-02-15 22:13 . 2009-03-05 19:48 <DIR> d-------- c:\documents and settings\Owner\.gimp-2.6
2009-02-15 22:12 . 2009-02-15 22:13 <DIR> d-------- c:\documents and settings\Owner\.gegl-0.0
2009-02-15 22:10 . 2009-02-15 22:10 <DIR> d-------- c:\program files\GIMP-2.0
2009-02-12 23:21 . 2006-12-19 01:14 131,072 --a------ c:\windows\system32\SAgent4.exe
2009-02-10 21:07 . 2009-02-10 21:07 <DIR> d-------- c:\program files\Acoustica MP3 CD Burner
2009-02-10 21:07 . 2009-02-10 21:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\Acoustica
2009-02-10 21:07 . 2007-08-07 11:32 57,344 --a------ c:\windows\system32\Wnaspint.dll
2009-02-10 21:07 . 2007-08-07 10:58 32,768 --a------ c:\windows\system32\Wnaspi32.dll
2009-02-10 12:40 . 2009-02-10 12:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Camfrog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-04 06:51 --------- d-----w c:\program files\Google
2009-03-01 11:39 --------- d-----w c:\program files\Joost
2009-02-26 23:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 20:37 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 07:25 --------- d-----w c:\documents and settings\Owner\Application Data\Epson
2009-02-06 08:27 --------- d-----w c:\program files\Realtek AC97
2009-02-06 08:21 --------- d-----w c:\program files\Sprint Instinct Applications
2009-02-06 06:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 06:38 --------- d-----w c:\program files\EpsonNet
2009-02-06 06:31 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-02-03 19:20 --------- d-----w c:\program files\Common Files\EPSON
2009-02-03 18:21 --------- d-----w c:\program files\Epson Software
2009-02-03 18:21 --------- d-----w c:\program files\EPSON
2009-02-02 10:43 --------- d-----w c:\program files\iTunes
2009-02-01 22:38 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 22:37 --------- d-----w c:\program files\iPod
2009-02-01 22:37 --------- d-----w c:\program files\Common Files\Apple
2009-02-01 22:34 --------- d-----w c:\program files\Bonjour
2009-02-01 22:33 --------- d-----w c:\program files\QuickTime
2009-02-01 22:29 --------- d-----w c:\program files\Apple Software Update
2009-02-01 22:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-31 08:50 34 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-01-30 01:37 --------- d-----w c:\program files\Yahoo!
2009-01-30 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-29 20:30 --------- d-----w c:\program files\Reference Assemblies
2009-01-29 20:30 --------- d-----w c:\program files\MSBuild
2009-01-26 22:57 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-20 03:41 --------- d-----w c:\program files\Valve
2009-01-20 00:02 --------- d-----w c:\program files\McAfee.com
2009-01-20 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-19 23:30 --------- d-----w c:\program files\Watchtower
2009-01-19 23:25 --------- d-----w c:\program files\RealRhapsody
2009-01-18 00:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-18 00:17 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-18 00:16 --------- d-----w c:\documents and settings\Owner\Application Data\Download Manager
2009-01-17 00:25 --------- d-----w c:\program files\Common Files\xing shared
2009-01-17 00:25 --------- d-----w c:\program files\Common Files\Real
2009-01-12 03:48 --------- d-----w c:\documents and settings\Owner\Application Data\GarageGames
2009-01-11 22:27 --------- d-----w c:\program files\Java
2009-01-09 19:14 --------- d-----w c:\documents and settings\Owner\Application Data\ArcSoft
2009-01-09 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-01-09 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2009-01-09 19:12 --------- d-----w c:\program files\Common Files\ArcSoft
2009-01-09 19:12 --------- d-----w c:\program files\ArcSoft
2009-01-09 19:11 --------- d-----w c:\program files\Kodak
2009-01-09 19:09 --------- d-----w c:\program files\Common Files\Kodak
2009-01-09 17:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2006-04-03 06:26 9,583,368 ----a-w c:\documents and settings\Owner\DesktopDoctor1.5.1.exe
.

------- Sigcheck -------

2005-05-25 11:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 09:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 04:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 02:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 02:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 04:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 03:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 11:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 03:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 03:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-03_16.29.39.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-05 17:28:51 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-04-14 00:09:05 97,792 ----a-w c:\windows\ime\CHTIME\Applets\CHTMBX.DLL
+ 2008-04-14 00:09:05 56,320 ----a-w c:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2008-04-14 00:09:05 173,568 ----a-w c:\windows\ime\CHTIME\Applets\CHTSKF.DLL
+ 2008-04-14 00:09:39 13,463,552 ----a-w c:\windows\ime\imjp8_1\applets\hwxjpn.dll
+ 2008-04-14 00:09:47 315,455 ----a-w c:\windows\ime\imjp8_1\applets\imskf.dll
+ 2008-04-14 00:09:43 86,016 ----a-w c:\windows\ime\imkr6_1\applets\imekrmbx.dll
+ 2009-03-04 06:51:42 10,134 ----a-r c:\windows\Installer\{F43C7DE1-CB20-11DD-8D77-005056806466}\ARPPRODUCTICON.exe
+ 2009-03-04 06:51:42 26,694 ----a-r c:\windows\Installer\{F43C7DE1-CB20-11DD-8D77-005056806466}\UNINST_Uninstall_G_BCEEAF790189405A8B93BFE1E41FCD64.exe
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0404.dll
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\msagent\intl\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\msagent\intl\agt0412.dll
+ 2007-04-02 18:26:02 19,456 ----a-w c:\windows\msagent\intl\agt0804.dll
- 2009-01-15 10:03:32 72,704 ----a-w c:\windows\system32\admparse.dll
+ 2008-04-14 00:11:48 61,440 ----a-w c:\windows\system32\admparse.dll
- 2009-01-15 10:03:12 128,512 ----a-w c:\windows\system32\advpack.dll
+ 2008-04-14 00:11:48 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-04-14 00:11:50 218,112 ----a-w c:\windows\system32\c_g18030.dll
- 2009-01-15 10:04:28 18,944 ----a-w c:\windows\system32\corpol.dll
+ 2008-04-14 00:11:51 35,328 ----a-w c:\windows\system32\corpol.dll
+ 2007-04-02 18:25:59 19,456 -c--a-w c:\windows\system32\dllcache\agt0404.dll
+ 2007-04-02 18:26:00 19,456 -c--a-w c:\windows\system32\dllcache\agt0411.dll
+ 2007-04-02 18:26:00 19,456 -c--a-w c:\windows\system32\dllcache\agt0412.dll
+ 2007-04-02 18:26:02 19,456 -c--a-w c:\windows\system32\dllcache\agt0804.dll
+ 2008-04-14 00:11:50 218,112 -c--a-w c:\windows\system32\dllcache\c_g18030.dll
+ 2008-04-14 00:09:30 7,168 -c--a-w c:\windows\system32\dllcache\f3ahvoas.dll
- 2009-01-15 10:03:20 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2009-01-15 10:03:58 724,992 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbd101.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbd106n.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbdax2.dll
+ 2008-04-14 00:09:55 7,168 -c--a-w c:\windows\system32\dllcache\kbdibm02.dll
+ 2008-04-14 00:09:55 6,656 -c--a-w c:\windows\system32\dllcache\kbdlk41a.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbdlk41j.dll
- 2009-01-15 10:13:18 5,888,512 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2009-01-15 09:50:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2009-01-15 10:06:48 1,182,720 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2009-01-15 10:03:36 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2009-01-15 10:05:42 911,872 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2009-03-05 17:28:51 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2009-01-15 10:01:22 348,160 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-04-14 00:11:52 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2009-01-15 10:01:16 216,064 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-04-14 00:11:52 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-04-14 00:09:30 7,168 ----a-w c:\windows\system32\f3ahvoas.dll
- 2009-01-15 10:01:40 59,904 ----a-w c:\windows\system32\icardie.dll
+ 2007-08-14 02:36:26 61,952 ----a-w c:\windows\system32\icardie.dll
- 2009-01-15 10:03:28 172,544 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-04-14 00:12:22 34,304 ----a-w c:\windows\system32\ie4uinit.exe
- 2009-01-15 10:03:42 125,952 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-04-14 00:11:54 143,360 ----a-w c:\windows\system32\ieakeng.dll
- 2009-01-15 10:03:50 228,352 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-04-14 00:11:54 216,576 ----a-w c:\windows\system32\ieaksie.dll
- 2009-01-15 10:03:20 163,840 ----a-w c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
- 2008-12-15 01:12:42 3,698,040 ----a-w c:\windows\system32\ieapfltr.dat
+ 2007-02-13 00:10:12 2,451,312 ----a-w c:\windows\system32\ieapfltr.dat
- 2009-01-15 09:35:10 445,440 ----a-w c:\windows\system32\ieapfltr.dll
+ 2007-07-11 20:27:48 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2009-01-15 10:17:22 392,040 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-04-14 00:11:54 323,584 ----a-w c:\windows\system32\iedkcs32.dll
- 2009-01-15 10:01:52 183,808 ----a-w c:\windows\system32\iepeers.dll
+ 2008-04-14 00:11:54 251,904 ----a-w c:\windows\system32\iepeers.dll
- 2009-01-15 10:03:14 55,808 ----a-w c:\windows\system32\iernonce.dll
+ 2008-04-14 00:11:54 48,640 ----a-w c:\windows\system32\iernonce.dll
- 2009-01-15 10:03:18 71,680 ----a-w c:\windows\system32\iesetup.dll
+ 2008-04-14 00:11:54 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2008-04-14 00:09:06 198,656 ----a-w c:\windows\system32\IME\CINTLGNT\CINTIME.DLL
+ 2004-08-04 12:00:00 480,256 ----a-w c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2004-08-04 12:00:00 59,392 ----a-w c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2008-04-13 16:43:36 70,144 ----a-w c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2008-04-14 00:10:34 67,584 ----a-w c:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2004-08-04 12:00:00 44,032 ----a-w c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2004-08-04 12:00:00 455,168 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2008-04-14 00:10:59 10,240 ----a-w c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
- 2009-01-15 10:01:26 34,304 ----a-w c:\windows\system32\imgutil.dll
+ 2008-04-14 00:11:54 35,840 ----a-w c:\windows\system32\imgutil.dll
- 2009-01-15 10:03:14 94,720 ----a-w c:\windows\system32\inseng.dll
+ 2008-04-14 00:11:55 96,256 ----a-w c:\windows\system32\inseng.dll
- 2009-01-15 10:03:58 724,992 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll
- 2009-01-15 10:04:16 25,600 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\kbd101.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\kbd106n.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\kbdax2.dll
+ 2008-04-14 00:09:55 7,168 ----a-w c:\windows\system32\kbdibm02.dll
+ 2008-04-14 00:09:55 6,656 ----a-w c:\windows\system32\kbdlk41a.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\system32\kbdlk41j.dll
- 2009-01-15 10:05:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
+ 2008-04-14 00:11:56 22,016 ----a-w c:\windows\system32\licmgr10.dll
- 2009-01-15 10:02:40 593,920 ----a-w c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:54:10 458,752 ----a-w c:\windows\system32\msfeeds.dll
- 2009-01-15 10:01:40 54,272 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54:10 50,688 ----a-w c:\windows\system32\msfeedsbs.dll
- 2009-01-15 10:00:38 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2008-04-14 00:12:27 29,184 ----a-w c:\windows\system32\mshta.exe
- 2009-01-15 10:13:18 5,888,512 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
- 2009-01-15 10:01:06 66,560 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-04-14 00:11:59 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2009-01-15 10:00:46 48,128 ----a-w c:\windows\system32\mshtmler.dll
+ 2008-04-13 16:26:26 56,832 ----a-w c:\windows\system32\mshtmler.dll
- 2009-01-15 09:50:38 156,160 ----a-w c:\windows\system32\msls31.dll
+ 2004-08-04 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
- 2009-01-15 10:05:34 193,536 ----a-w c:\windows\system32\msrating.dll
+ 2008-04-14 00:12:00 146,432 ----a-w c:\windows\system32\msrating.dll
- 2009-01-15 10:02:20 611,840 ----a-w c:\windows\system32\mstime.dll
+ 2008-04-14 00:12:00 532,480 ----a-w c:\windows\system32\mstime.dll
- 2009-01-15 10:05:34 109,056 ----a-w c:\windows\system32\occache.dll
+ 2008-04-14 00:12:02 96,256 ----a-w c:\windows\system32\occache.dll
- 2009-01-15 10:01:18 46,592 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-04-14 00:12:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2009-01-15 10:06:00 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\url.dll
- 2009-01-15 10:06:48 1,182,720 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
- 2009-01-15 10:03:36 420,352 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll
- 2009-01-15 10:06:08 236,544 ----a-w c:\windows\system32\webcheck.dll
+ 2008-04-14 00:12:08 276,480 ----a-w c:\windows\system32\webcheck.dll
- 2009-01-15 10:05:42 911,872 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2009-03-07 18:31:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1a0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"EEventManager "= "c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-11-29 c:\windows\KHALMNPR.Exe]
"PCTVOICE "= "pctspk.exe" [2003-04-24 c:\windows\system32\pctspk.exe]
"SoundMan "= "SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2006-06-16 1757]
Kodak EasyShare software.lnk.disabled [2009-01-09 1837]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
MiniEYE-MiniREAD Launch .lnk.disabled [2009-01-02 1523]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 15:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"NeroCheck "=c:\windows\System32\\NeroCheck.exe
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"ArcSoft Connection Service "=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\akirayabuki\\condition zero\\hl.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\akirayabuki\\counter-strike\\hl.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-01 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-01 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-01 298264]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c99c9589fb5a82;Google Update Service (gupdate1c99c9589fb5a82);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-03 22:52]

2009-03-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 22:50]

2008-03-15 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []

2009-03-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]

2009-03-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 09:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
TCP: {93AFF8A7-2782-47C8-8EB0-219C14CDC0ED} = 208.67.220.220,208.67.222.222
TCP: {B01A2396-58D0-4382-ABF4-7E8B21CD2807} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\51g7s3oe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 10:31:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1229272821-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-73586283-1229272821-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-73586283-1229272821-839522115-1003)
@Allowed: (Read) (S-1-5-21-73586283-1229272821-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\SAgent4.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Sprint Instinct Applications\MEMonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-07 10:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-07 18:41:21
ComboFix2.txt 2009-03-04 19:49:51
ComboFix3.txt 2009-03-04 00:31:29

Pre-Run: 8,082,358,272 bytes free
Post-Run: 8,163,692,544 bytes free

414 --- E O F --- 2009-03-01 11:56:58

 

Welcome back


The only item I pick up on is you need to update Adobe to the current version.

Update Adobe Acrobat Reader
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

• Please go to this link Adobe Acrobat Reader Download Link
• Cllick Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

Adobe Flash Player v10.<--current version
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link**...
** http://www.adobe.com/go/kb406791



How's the computer now?

 

O.K.~ Bought some new memory. Got a gig, then did a few more scans. Now..let's see..

Im performing three Scans that are all up-to-date:
AVG: All Clear
Spyboy: I keep getting 3 problems. 1 cookie from Right Media. And two Trogans under "Win32.Agent.gpr "(Registry Value).Do you need a log? How do I get it?
Malware: x2 Backdoor.Bot(Registry Value) viruses. Im not seeing any symptoms, but how do I get'em off my computer? log:

Malwarebytes' Anti-Malware 1.32
Database version: 1634
Windows 5.1.2600 Service Pack 3

3/14/2009 10:29:42 AM
mbam-log-2009-03-14 (10-29-42).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 177117
Time elapsed: 2 hour(s), 54 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------------

So, im not seeing any symtpoms, but im sure that does't mean they're not a threat.

 

Welcome back

Since you ran the MBAM scan have you rebooted?

It's possible since Combofix remains on the computer?...this is where Spybot picks up what it finds, not sure.


If Combofix is still on the machine..
Right click on the icon and select delete. I want you to get an updated version.


NEXT**
Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

 

ComboFix 09-03-14.02 - Owner 2009-03-15 13:35:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1064 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-14 14:00 . 2009-03-14 14:45 <DIR> d-------- c:\program files\Conquer 2.0
2009-03-11 17:39 . 2009-03-15 13:26 <DIR> d-------- c:\documents and settings\Owner\Tracing
2009-03-11 17:21 . 2009-03-11 17:21 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-11 17:16 . 2009-03-11 17:16 <DIR> d-------- c:\program files\Microsoft
2009-03-11 17:15 . 2009-03-11 17:15 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-11 17:15 . 2009-03-11 17:23 <DIR> d-------- c:\program files\Windows Live
2009-03-11 17:09 . 2009-03-11 17:09 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-10 17:14 . 2009-03-10 17:15 69 --a------ c:\windows\NeroDigital.ini
2009-03-05 18:51 . 2009-03-15 13:35 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-05 10:28 . 2009-03-05 10:28 250 --a------ c:\windows\gmer.ini
2009-03-02 08:57 . 2008-04-13 17:12 69,120 --a--c--- c:\windows\system32\dllcache\notepad.exe
2009-03-02 08:57 . 2008-04-13 17:12 69,120 --a------ c:\windows\notepad.exe
2009-03-02 08:49 . 2009-03-11 03:02 1,374 --a------ c:\windows\imsins.BAK
2009-03-01 17:39 . 2009-03-14 02:10 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 16:35 . 2009-03-15 09:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 16:35 . 2009-03-01 16:35 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 16:35 . 2009-03-01 16:35 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 16:35 . 2009-03-01 16:35 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 16:34 . 2009-03-01 16:34 <DIR> d-------- c:\program files\AVG
2009-03-01 16:34 . 2009-03-01 16:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 16:22 . 2009-03-01 16:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\True Sword
2009-03-01 16:20 . 2009-03-01 23:40 <DIR> d-------- c:\program files\True Sword 5
2009-03-01 15:03 . 2009-03-01 15:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-01 14:25 . 2009-03-01 23:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-01 12:17 . 2009-03-01 12:18 <DIR> d-------- c:\documents and settings\Owner\Application Data\Nero
2009-02-28 23:37 . 2009-02-28 23:37 4,767 --a------ c:\windows\Irremote.ini
2009-02-28 23:32 . 2009-02-28 23:32 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-28 23:02 . 2009-02-28 23:35 <DIR> d-------- c:\program files\Nero
2009-02-28 23:01 . 2009-03-01 00:04 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-28 23:01 . 2009-02-28 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-28 19:20 . 2009-02-28 19:21 <DIR> d-------- C:\RecoveryCD
2009-02-28 18:48 . 2009-02-28 18:48 0 --a------ c:\windows\nsreg.dat
2009-02-28 18:46 . 2009-02-28 18:46 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-02-28 18:46 . 2009-02-28 18:46 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-02-28 18:14 . 2009-02-28 18:14 <DIR> d-------- c:\program files\RegCure
2009-02-28 18:14 . 2009-02-28 18:14 <DIR> d-------- c:\program files\CCleaner
2009-02-28 14:41 . 2008-04-13 17:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-02-28 13:42 . 2009-02-28 13:42 <DIR> d-------- c:\program files\ffdshow
2009-02-28 13:42 . 2008-08-22 18:57 14,336 --a------ c:\windows\system32\ff_vfw.dll
2009-02-28 13:42 . 2008-08-10 12:55 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-28 13:03 . 2009-02-28 13:03 <DIR> d-------- c:\program files\Veoh Networks
2009-02-26 19:51 . 2009-02-26 19:51 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-02-24 22:05 . 2009-01-09 12:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-15 23:14 . 2009-03-13 19:42 <DIR> d-------- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-02-15 23:14 . 2009-02-23 11:31 <DIR> d-------- c:\documents and settings\Owner\.thumbnails
2009-02-15 23:13 . 2009-03-13 19:42 <DIR> d-------- c:\documents and settings\Owner\.gimp-2.6
2009-02-15 23:12 . 2009-02-15 23:13 <DIR> d-------- c:\documents and settings\Owner\.gegl-0.0
2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-14 22:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-14 21:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 23:16 4,724 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-03-04 06:51 --------- d-----w c:\program files\Google
2009-03-01 11:39 --------- d-----w c:\program files\Joost
2009-02-26 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 20:37 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 07:25 --------- d-----w c:\documents and settings\Owner\Application Data\Epson
2009-02-11 05:07 --------- d-----w c:\program files\Acoustica MP3 CD Burner
2009-02-11 05:07 --------- d-----w c:\documents and settings\Owner\Application Data\Acoustica
2009-02-10 20:40 --------- d-----w c:\documents and settings\Owner\Application Data\Camfrog
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 02:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 01:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 08:27 --------- d-----w c:\program files\Realtek AC97
2009-02-06 08:21 --------- d-----w c:\program files\Sprint Instinct Applications
2009-02-06 06:38 --------- d-----w c:\program files\EpsonNet
2009-02-06 06:31 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-02-03 19:20 --------- d-----w c:\program files\Common Files\EPSON
2009-02-03 18:21 --------- d-----w c:\program files\Epson Software
2009-02-03 18:21 --------- d-----w c:\program files\EPSON
2009-02-02 10:43 --------- d-----w c:\program files\iTunes
2009-02-01 22:38 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 22:37 --------- d-----w c:\program files\iPod
2009-02-01 22:37 --------- d-----w c:\program files\Common Files\Apple
2009-02-01 22:34 --------- d-----w c:\program files\Bonjour
2009-02-01 22:33 --------- d-----w c:\program files\QuickTime
2009-02-01 22:29 --------- d-----w c:\program files\Apple Software Update
2009-02-01 22:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-31 08:50 34 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-01-30 01:37 --------- d-----w c:\program files\Yahoo!
2009-01-30 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-29 20:30 --------- d-----w c:\program files\Reference Assemblies
2009-01-29 20:30 --------- d-----w c:\program files\MSBuild
2009-01-26 22:57 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-20 03:41 --------- d-----w c:\program files\Valve
2009-01-20 00:02 --------- d-----w c:\program files\McAfee.com
2009-01-20 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-19 23:30 --------- d-----w c:\program files\Watchtower
2009-01-19 23:25 --------- d-----w c:\program files\RealRhapsody
2009-01-18 00:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-18 00:17 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-18 00:16 --------- d-----w c:\documents and settings\Owner\Application Data\Download Manager
2009-01-17 00:25 --------- d-----w c:\program files\Common Files\xing shared
2009-01-17 00:25 --------- d-----w c:\program files\Common Files\Real
2009-01-17 00:24 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-17 00:24 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-01-11 22:27 410,984 ----a-w c:\windows\system32\deploytk.dll
2006-04-03 06:26 9,583,368 ----a-w c:\documents and settings\Owner\DesktopDoctor1.5.1.exe
.

------- Sigcheck -------

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 12:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 04:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 04:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-03-07_10.39.45.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2009-03-12 00:21:49 236,392 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2009-03-12 04:23:42 15,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll
+ 2009-03-12 04:23:46 1,115,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\283ecfbaa6a6fab76c8b544a4a89d5ce\System.Data.OracleClient.ni.dll
+ 2009-03-12 04:23:44 771,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll
+ 2009-03-12 04:23:54 145,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\9546c5ce7c6920bfb0971ee0080ff777\WindowsLive.Client.ni.dll
+ 2009-03-12 04:23:42 152,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\00ad735ab245a8f45be00ba9dccc9443\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-03-12 04:23:47 108,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\05db615058b5e19e632385efbf3e2237\WindowsLive.Writer.Passport.ni.dll
+ 2009-03-12 04:23:50 1,105,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a051f69ee730e16214b2657f6853dc1\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-03-12 04:23:33 6,392,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\13ec1ddc801643374544a27a41b5803e\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-03-12 04:23:46 428,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e25e6dbae70b2a0dba46e74e773acee\WindowsLive.Writer.Localization.ni.dll
+ 2009-03-12 04:23:51 99,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4a5ba9683bf7be94c307bd076fa568bf\WindowsLive.Writer.Api.ni.dll
+ 2009-03-12 04:23:35 843,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\51ff7ea9cefa9385a9597ef269236b8c\WindowsLive.Writer.Controls.ni.dll
+ 2009-03-12 04:23:58 119,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\55e6f7f927f7e25d68cba5cba5202ed0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-03-12 04:23:38 2,002,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\63c1f01ba87e31518027469b30556590\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-03-12 04:23:40 313,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\681ad822aa7295018c1b9f96ad372ee0\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-03-12 04:23:39 174,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6b30f4f0e887c26cac499a5ce4ee45d8\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-03-12 04:23:56 594,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\752deb2586f4ce372db2581728b3fd9d\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-03-12 04:23:41 334,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a58837d52e2eef58317a903e9b0de96d\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-03-12 04:23:39 319,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa0d656d49e99b02f7614f4d96d8f54c\WindowsLive.Writer.Interop.ni.dll
+ 2009-03-12 04:23:58 117,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa1c0fb73aba618f70e59d58a734e315\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-03-12 04:23:51 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ab125d3a580223b5c104e30afb48dee8\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-03-12 04:23:57 322,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba458626154b268633d17b380951dc05\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-03-12 04:23:48 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c23a281e806a14bf48225461e9504e3e\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-03-12 04:23:53 851,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d88240dcc329907b1f7c6be038d67ccd\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-03-12 04:23:59 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f9ac52e76b942f38edaea1540cdce7ad\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-03-12 04:23:23 47,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\5700a35086393fff09a46fd10d2e39b5\WindowsLiveWriter.ni.exe
- 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-03-12 00:17:28 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-03-12 00:23:22 132,096 ----a-r c:\windows\Installer\{3C52E7DA-C431-4239-B66B-1BF703D5B194}\WLXPhotoGalleryIcon.exe
+ 2009-03-12 00:20:02 58,945 ----a-r c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-03-12 00:15:38 62,304 ----a-r c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
- 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 16:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
- 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-12 06:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-12 01:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2009-01-29 22:30:09 355,360 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-11 18:11:18 355,360 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-12 04:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 00:12:08 712,704 ------w c:\windows\system32\windowscodecs.dll
+ 2008-07-11 08:55:41 712,704 ------w c:\windows\system32\windowscodecs.dll
- 2008-04-14 00:12:08 346,112 ------w c:\windows\system32\windowscodecsext.dll
+ 2008-07-11 08:55:41 347,648 ------w c:\windows\system32\windowscodecsext.dll
- 2007-06-12 06:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-12 01:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-03-15 20:26:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_104.dat
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"EEventManager "= "c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-11-29 c:\windows\KHALMNPR.Exe]
"PCTVOICE "= "pctspk.exe" [2003-04-24 c:\windows\system32\pctspk.exe]
"SoundMan "= "SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2006-06-16 1757]
Kodak EasyShare software.lnk.disabled [2009-01-09 1837]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
MiniEYE-MiniREAD Launch .lnk.disabled [2009-01-02 1523]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 16:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"NeroCheck "=c:\windows\System32\\NeroCheck.exe
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"ArcSoft Connection Service "=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\akirayabuki\\condition zero\\hl.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\akirayabuki\\counter-strike\\hl.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-01 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-01 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-01 298264]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c99c9589fb5a82;Google Update Service (gupdate1c99c9589fb5a82);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-03 23:52]

2009-03-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 23:50]

2008-03-15 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []

2009-03-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]

2009-03-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{574FAE5A-6223-A054-3174-91E7DFC53986} - (no file)
BHO-{72183A59-F2E3-3507-E1B2-E9A5789D07F1} - (no file)
BHO-{A5E51C5B-57CF-A04A-BF60-3E709924E2F8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
TCP: {93AFF8A7-2782-47C8-8EB0-219C14CDC0ED} = 208.67.220.220,208.67.222.222
TCP: {B01A2396-58D0-4382-ABF4-7E8B21CD2807} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\51g7s3oe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 13:40:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1229272821-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-73586283-1229272821-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-73586283-1229272821-839522115-1003)
@Allowed: (Read) (S-1-5-21-73586283-1229272821-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-03-15 13:43:22
ComboFix-quarantined-files.txt 2009-03-15 20:43:07
ComboFix2.txt 2009-03-07 18:41:27
ComboFix3.txt 2009-03-04 19:49:51
ComboFix4.txt 2009-03-04 00:31:29

Pre-Run: 4,440,391,680 bytes free
Post-Run: 4,520,689,664 bytes free

336 --- E O F --- 2009-03-14 06:55:17

-------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:45:47 PM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Epson all-in-one Registration.lnk = D:\Common\EpsonReg\Epkick.exe
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch .lnk.disabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Security InfoCenter - {CEF2D273-7F43-4445-B9DF-FD095524C49F} - http://winsafesurf.com/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...b/&filename=jinstall-6u11-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93AFF8A7-2782-47C8-8EB0-219C14CDC0ED}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B01A2396-58D0-4382-ABF4-7E8B21CD2807}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate1c99c9589fb5a82) (gupdate1c99c9589fb5a82) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

 

I'd like to see two files scanned again


Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\drivers\tcpip.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "

Also please have the next files scanned.

c:\windows\ServicePackFiles\i386\tcpip.sys




Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: C:\lopR.txt




NEXT**
Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.
No need for that though ..... just post it as you would any other log.



In your next reply post "
Files requested scanned
C:\lopR.txt
DDS.txt

 

File tcpip.sys received on 03.15.2009 23:33:34 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)

---------------------------------------------------------------------------------------
File tcpip.sys received on 03.15.2009 23:38:01 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/38 (0%)

-------------------------------------------------------------------------------------

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : BIOS Date: 05/19/06 09:31:51 Ver: 08.00.10
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:4 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:37 Go (Free:26 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 03/15/2009|15:48 )

--------------------\\ Listing folders in APPLIC~1

[10/25/2005|02:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[03/01/2009|03:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Malwarebytes
[03/01/2009|04:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[02/28/2009|06:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla

[02/01/2009|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/17/2009|05:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/29/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 XPack Trial
[02/01/2009|03:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[03/01/2007|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/09/2009|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ArcSoft
[03/01/2009|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[12/15/2003|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[02/05/2009|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EPSON
[01/19/2009|05:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[07/28/2007|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[03/14/2009|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[03/15/2008|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[01/09/2009|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[03/25/2008|06:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[03/18/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[12/22/2008|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[12/01/2005|08:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[08/31/2006|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[08/14/2006|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[03/11/2009|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/05/2007|05:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Mozilla
[03/01/2005|02:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[02/28/2009|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[05/27/2004|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[04/15/2004|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[01/29/2004|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Corporation
[02/26/2009|04:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/27/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/23/2005|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[10/28/2008|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Tarma Installer
[03/01/2009|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/02/2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Transparent
[01/01/2005|02:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[09/22/2005|02:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/05/2008|04:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZipSE
[07/26/2007|01:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> wsxs
[01/29/2009|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[08/07/2008|11:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[12/15/2003|12:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[02/14/2007|04:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Spyware Terminator

[08/23/2006|06:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[02/06/2005|10:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[03/01/2009|04:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[07/12/2005|03:32] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> McAfee.com Personal Firewall
[07/12/2005|03:24] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft

[09/07/2008|09:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[09/07/2008|09:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[03/01/2009|04:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[12/15/2006|05:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Spyware Terminator

[07/12/2005|03:24] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft

[02/10/2009|10:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Acoustica
[01/19/2009|05:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[08/24/2006|01:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeAUM
[01/26/2007|02:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[06/18/2006|11:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[01/09/2009|12:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ArcSoft
[02/10/2009|01:40] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Camfrog
[08/30/2006|09:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CNN
[03/02/2007|12:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Comcast
[04/12/2008|01:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Costco Photo Viewer US
[01/17/2009|05:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Download Manager
[02/13/2009|12:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Epson
[01/11/2009|08:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> GarageGames
[07/22/2005|05:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[03/13/2009|07:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> gtk-2.0
[06/02/2004|08:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[12/15/2003|12:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[06/20/2005|11:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InBoxer
[03/18/2008|11:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[05/29/2007|02:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Joost
[06/20/2005|11:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Keyhole
[07/12/2005|08:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Kontiki
[07/13/2005|08:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[02/01/2004|09:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[03/18/2008|11:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Logitech
[05/27/2004|09:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[12/22/2008|05:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[06/24/2005|02:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee.com Personal Firewall
[08/20/2008|11:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[01/28/2004|06:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Web Folders
[09/26/2008|03:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[02/26/2009|07:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[03/01/2005|02:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSN6
[03/01/2009|12:18] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nero
[12/15/2007|04:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nexon
[06/16/2005|10:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ohce
[12/06/2007|11:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[01/10/2006|11:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Serif
[12/26/2008|03:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Smith Micro
[05/20/2006|09:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Snapfish
[01/29/2004|03:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[12/26/2008|03:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sprint Desktop Sync
[06/20/2005|11:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> STOPzilla!
[08/11/2007|04:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[07/25/2007|11:40] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sunbelt Software
[06/19/2008|01:15] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[06/25/2004|11:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[10/05/2007|05:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Talkback
[04/16/2008|04:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Thinstall
[03/01/2009|04:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> True Sword
[06/21/2008|01:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Uniblue
[03/27/2008|12:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Watchtower
[04/26/2004|08:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Yahoo!
[07/13/2004|10:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Yahoo! Messenger

[07/12/2005|07:30] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Apple Computer
[07/12/2005|02:33] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Identities
[07/13/2005|06:18] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Keyhole
[07/12/2005|07:28] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Lavasoft
[07/12/2005|03:09] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Macromedia
[07/12/2005|03:32] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> McAfee.com Personal Firewall
[07/13/2005|01:04] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Microsoft
[07/12/2005|03:26] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Microsoft Web Folders
[07/13/2005|06:45] C:\DOCUME~1\OWNER~1.HYP\APPLIC~1\<DIR> Real

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/15/2009 01:26 PM][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[03/15/2009 02:54 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[03/15/2009 01:26 PM][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
[03/15/2009 03:50 AM][--a------] C:\WINDOWS\tasks\RegCure.job
[03/15/2008 08:02 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[03/15/2009 01:43 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/18/2001 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/15/2005|02:36] C:\Program Files\<DIR> _ArcadeDownloadFolder
[10/05/2008|04:56] C:\Program Files\<DIR> 7-Zip
[01/26/2009|03:57] C:\Program Files\<DIR> ABBYY FineReader 6.0 Sprint
[02/10/2009|10:07] C:\Program Files\<DIR> Acoustica MP3 CD Burner
[01/17/2009|05:29] C:\Program Files\<DIR> Adobe
[12/15/2003|12:57] C:\Program Files\<DIR> Ahead
[02/01/2009|03:29] C:\Program Files\<DIR> Apple Software Update
[01/09/2009|12:12] C:\Program Files\<DIR> ArcSoft
[03/01/2009|04:34] C:\Program Files\<DIR> AVG
[12/15/2003|12:25] C:\Program Files\<DIR> AvRack
[01/14/2008|09:16] C:\Program Files\<DIR> BearShare Applications
[02/01/2009|03:34] C:\Program Files\<DIR> Bonjour
[02/28/2009|06:14] C:\Program Files\<DIR> CCleaner
[08/06/2008|09:12] C:\Program Files\<DIR> Citrix
[03/15/2009|01:38] C:\Program Files\<DIR> Common Files
[12/15/2003|12:11] C:\Program Files\<DIR> ComPlus Applications
[03/14/2009|02:45] C:\Program Files\<DIR> Conquer 2.0
[12/15/2003|12:54] C:\Program Files\<DIR> CyberLink
[02/02/2007|02:12] C:\Program Files\<DIR> Declan's Russian FlashCards
[01/29/2004|03:20] C:\Program Files\<DIR> directx
[10/05/2007|05:01] C:\Program Files\<DIR> DivX
[02/03/2009|11:21] C:\Program Files\<DIR> EPSON
[02/03/2004|07:17] C:\Program Files\<DIR> EPSON Print CD
[02/03/2009|11:21] C:\Program Files\<DIR> Epson Software
[02/05/2009|11:38] C:\Program Files\<DIR> EpsonNet
[02/28/2009|01:42] C:\Program Files\<DIR> ffdshow
[09/13/2004|07:59] C:\Program Files\<DIR> FileSubmit
[02/15/2009|11:10] C:\Program Files\<DIR> GIMP-2.0
[03/03/2009|11:51] C:\Program Files\<DIR> Google
[03/15/2008|07:28] C:\Program Files\<DIR> Grisoft
[05/06/2008|10:24] C:\Program Files\<DIR> Homestead
[07/14/2004|04:57] C:\Program Files\<DIR> InBoxer Outlook Addin
[03/14/2009|02:00] C:\Program Files\<DIR> InstallShield Installation Information
[08/17/2006|04:22] C:\Program Files\<DIR> Intel
[07/27/2005|12:42] C:\Program Files\<DIR> InterActual
[03/06/2009|02:20] C:\Program Files\<DIR> Internet Explorer
[02/01/2009|03:37] C:\Program Files\<DIR> iPod
[02/02/2009|03:43] C:\Program Files\<DIR> iTunes
[01/11/2009|03:27] C:\Program Files\<DIR> Java
[03/01/2009|04:39] C:\Program Files\<DIR> Joost
[07/13/2005|08:01] C:\Program Files\<DIR> Keyhole
[01/09/2009|12:11] C:\Program Files\<DIR> Kodak
[10/17/2006|04:37] C:\Program Files\<DIR> LanguageHelpers
[10/31/2008|12:42] C:\Program Files\<DIR> LimeWire
[03/18/2008|11:32] C:\Program Files\<DIR> Logitech
[01/09/2009|10:55] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/19/2009|05:02] C:\Program Files\<DIR> McAfee.com
[01/19/2009|09:30] C:\Program Files\<DIR> Messenger
[03/11/2009|05:16] C:\Program Files\<DIR> Microsoft
[11/23/2004|07:00] C:\Program Files\<DIR> Microsoft ActiveSync
[06/03/2006|02:49] C:\Program Files\<DIR> Microsoft AntiSpyware
[05/10/2007|03:02] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[07/12/2005|03:26] C:\Program Files\<DIR> microsoft frontpage
[11/20/2005|08:17] C:\Program Files\<DIR> Microsoft Office
[02/26/2009|01:37] C:\Program Files\<DIR> Microsoft Silverlight
[03/11/2009|05:21] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[01/28/2004|07:01] C:\Program Files\<DIR> Microsoft Visual Studio
[08/30/2006|09:15] C:\Program Files\<DIR> Microsoft WSE
[10/01/2008|12:22] C:\Program Files\<DIR> Movie Maker
[03/15/2009|03:30] C:\Program Files\<DIR> Mozilla Firefox
[01/29/2009|01:30] C:\Program Files\<DIR> MSBuild
[07/28/2007|01:16] C:\Program Files\<DIR> MSN Apps
[03/13/2005|09:04] C:\Program Files\<DIR> MSN Gaming Zone
[10/14/2006|03:01] C:\Program Files\<DIR> MSXML 4.0
[02/28/2009|11:35] C:\Program Files\<DIR> Nero
[10/01/2008|12:19] C:\Program Files\<DIR> NetMeeting
[04/04/2007|11:20] C:\Program Files\<DIR> OLYMPUS
[12/15/2003|12:13] C:\Program Files\<DIR> Online Services
[10/01/2008|12:19] C:\Program Files\<DIR> Outlook Express
[08/12/2008|01:36] C:\Program Files\<DIR> PCFriendly
[10/24/2006|11:58] C:\Program Files\<DIR> PCSecurityShield
[10/29/2005|12:51] C:\Program Files\<DIR> Prolific Publishing, Inc
[08/22/2006|12:53] C:\Program Files\<DIR> PSCS2Updater
[02/01/2009|03:33] C:\Program Files\<DIR> QuickTime
[07/03/2006|08:56] C:\Program Files\<DIR> Real
[01/19/2009|04:25] C:\Program Files\<DIR> RealRhapsody
[02/06/2009|01:27] C:\Program Files\<DIR> Realtek AC97
[12/15/2003|12:25] C:\Program Files\<DIR> Realtek Sound Manager
[01/29/2009|01:30] C:\Program Files\<DIR> Reference Assemblies
[02/28/2009|06:14] C:\Program Files\<DIR> RegCure
[01/11/2006|12:17] C:\Program Files\<DIR> Serif
[02/25/2007|12:10] C:\Program Files\<DIR> Sony
[11/16/2005|12:40] C:\Program Files\<DIR> Sony Corporation
[10/28/2008|11:49] C:\Program Files\<DIR> Sprint Desktop Sync
[02/06/2009|01:21] C:\Program Files\<DIR> Sprint Instinct Applications
[03/14/2009|03:36] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/28/2007|01:31] C:\Program Files\<DIR> Spyware Terminator
[06/19/2008|01:15] C:\Program Files\<DIR> SUPERAntiSpyware
[07/27/2007|12:36] C:\Program Files\<DIR> System Medic
[08/02/2008|09:16] C:\Program Files\<DIR> TaxCut05
[02/02/2007|02:09] C:\Program Files\<DIR> Transparent
[03/01/2009|11:40] C:\Program Files\<DIR> True Sword 5
[07/02/2004|08:38] C:\Program Files\<DIR> Uninstall Information
[01/19/2009|08:41] C:\Program Files\<DIR> Valve
[02/28/2009|01:03] C:\Program Files\<DIR> Veoh Networks
[01/19/2009|04:30] C:\Program Files\<DIR> Watchtower
[03/11/2009|05:23] C:\Program Files\<DIR> Windows Live
[07/27/2007|10:52] C:\Program Files\<DIR> Windows Live Safety Center
[03/11/2009|05:15] C:\Program Files\<DIR> Windows Live SkyDrive
[03/08/2007|12:35] C:\Program Files\<DIR> Windows Media Connect 2
[10/01/2008|12:19] C:\Program Files\<DIR> Windows Media Player
[10/01/2008|12:19] C:\Program Files\<DIR> Windows NT
[02/28/2009|11:32] C:\Program Files\<DIR> Windows Sidebar
[06/24/2005|11:21] C:\Program Files\<DIR> WindowsUpdate
[07/28/2007|01:17] C:\Program Files\<DIR> WinMX
[06/02/2004|08:04] C:\Program Files\<DIR> WinZip
[10/05/2008|04:54] C:\Program Files\<DIR> WinZip Self-Extractor
[12/15/2003|12:14] C:\Program Files\<DIR> xerox
[01/29/2009|06:37] C:\Program Files\<DIR> Yahoo!
[07/25/2007|10:54] C:\Program Files\<DIR> Yahoo! Games

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/17/2009|05:30] C:\Program Files\Common Files\<DIR> Adobe
[12/18/2003|08:24] C:\Program Files\Common Files\<DIR> AOL
[12/18/2003|08:24] C:\Program Files\Common Files\<DIR> aolback
[01/28/2004|06:50] C:\Program Files\Common Files\<DIR> aolshare
[02/01/2009|03:37] C:\Program Files\Common Files\<DIR> Apple
[01/09/2009|12:12] C:\Program Files\Common Files\<DIR> ArcSoft
[08/02/2004|08:25] C:\Program Files\Common Files\<DIR> Cloudmark
[01/28/2004|07:01] C:\Program Files\Common Files\<DIR> Designer
[02/03/2009|12:20] C:\Program Files\Common Files\<DIR> EPSON
[04/07/2008|12:35] C:\Program Files\Common Files\<DIR> INCA Shared
[06/09/2004|02:27] C:\Program Files\Common Files\<DIR> InstallShield
[12/01/2005|10:31] C:\Program Files\Common Files\<DIR> Java
[01/09/2009|12:09] C:\Program Files\Common Files\<DIR> Kodak
[11/23/2004|07:00] C:\Program Files\Common Files\<DIR> L&H
[03/18/2008|11:33] C:\Program Files\Common Files\<DIR> Logishrd
[01/17/2009|05:17] C:\Program Files\Common Files\<DIR> Macrovision Shared
[03/11/2009|05:16] C:\Program Files\Common Files\<DIR> Microsoft Shared
[12/15/2003|12:12] C:\Program Files\Common Files\<DIR> MSSoap
[03/01/2009|12:04] C:\Program Files\Common Files\<DIR> Nero
[12/15/2003|04:05] C:\Program Files\Common Files\<DIR> ODBC
[01/16/2009|05:25] C:\Program Files\Common Files\<DIR> Real
[12/15/2003|12:12] C:\Program Files\Common Files\<DIR> Services
[05/20/2006|09:12] C:\Program Files\Common Files\<DIR> Simple Star Shared
[11/16/2005|12:36] C:\Program Files\Common Files\<DIR> Sony Shared
[12/15/2003|04:05] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/01/2008|12:19] C:\Program Files\Common Files\<DIR> System
[03/11/2009|05:09] C:\Program Files\Common Files\<DIR> Windows Live
[04/16/2008|04:26] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/16/2009|05:25] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 46 Processes )

iexplore.exe ~ [PID:928]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 15:49:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 84

--------------------\\ Searching for other infections


No other infections found !

[F:3][D:3]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:103][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:151][D:7]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 03/15/2009|15:51 - Option : [1]

--------------------\\ Scan completed at 15:51:14

-------------------------------------------------------------------------------------

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:54:12.57 on Sun 03/15/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.627 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {574FAE5A-6223-A054-3174-91E7DFC53986} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {72183A59-F2E3-3507-E1B2-E9A5789D07F1} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A5E51C5B-57CF-A04A-BF60-3E709924E2F8} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunServices: [UpdateWin] c:\windows\system32\activedsx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PCTVOICE] pctspk.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunServices: [UpdateWin] c:\windows\system32\activedsx.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\Epkick.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sprint~1.lnk - c:\windows\RM.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MiniEYE-MiniREAD Launch .lnk.disabled
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233423749976&h=10203cf41da0e482e3764280d27692bb/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {93AFF8A7-2782-47C8-8EB0-219C14CDC0ED} = 208.67.220.220,208.67.222.222
TCP: {B01A2396-58D0-4382-ABF4-7E8B21CD2807} = 208.67.220.220,208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\51g7s3oe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-1 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-1 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-1 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-1 298264]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 gupdate1c99c9589fb5a82;Google Update Service (gupdate1c99c9589fb5a82);c:\program files\google\update\GoogleUpdate.exe [2009-3-3 133104]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\drivers\fardrive.sys --> c:\windows\system32\drivers\FarDrive.sys [?]
S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]

=============== Created Last 30 ================

2009-03-15 15:47 <DIR> --d----- C:\Lop SD
2009-03-14 14:00 <DIR> --d----- c:\program files\Conquer 2.0
2009-03-11 17:39 <DIR> --d----- c:\documents and settings\owner\Tracing
2009-03-11 17:21 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-11 17:16 <DIR> --d----- c:\program files\Microsoft
2009-03-11 17:15 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-11 17:09 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-10 17:14 69 a------- c:\windows\NeroDigital.ini
2009-03-05 18:51 <DIR> --d----- c:\windows\system32\CatRoot2
2009-03-05 10:28 250 a------- c:\windows\gmer.ini
2009-03-03 17:05 <DIR> a-dshr-- C:\cmdcons
2009-03-03 17:03 161,792 a------- c:\windows\SWREG.exe
2009-03-03 17:03 98,816 a------- c:\windows\sed.exe
2009-03-02 08:57 69,120 ac------ c:\windows\system32\dllcache\notepad.exe
2009-03-02 08:57 69,120 a------- c:\windows\notepad.exe
2009-03-02 08:49 1,374 a------- c:\windows\imsins.BAK
2009-03-01 17:39 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-01 16:35 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-01 16:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-01 16:35 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-01 16:35 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-01 16:34 <DIR> --d----- c:\program files\AVG
2009-03-01 16:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-01 16:22 <DIR> --d----- c:\docume~1\owner\applic~1\True Sword
2009-03-01 16:20 <DIR> --d----- c:\program files\True Sword 5
2009-02-28 23:37 4,767 a------- c:\windows\Irremote.ini
2009-02-28 23:02 <DIR> --d----- c:\program files\Nero
2009-02-28 23:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-02-28 19:20 <DIR> --d----- C:\RecoveryCD
2009-02-28 18:14 <DIR> --d----- c:\program files\CCleaner
2009-02-28 14:41 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-28 13:42 14,336 a------- c:\windows\system32\ff_vfw.dll
2009-02-28 13:42 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-02-28 13:42 <DIR> --d----- c:\program files\ffdshow
2009-02-28 13:03 <DIR> --d----- c:\program files\Veoh Networks
2009-02-24 22:05 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-15 23:14 <DIR> --d----- c:\documents and settings\owner\.thumbnails
2009-02-15 23:13 <DIR> --d----- c:\documents and settings\owner\.gimp-2.6
2009-02-15 23:12 <DIR> --d----- c:\documents and settings\owner\.gegl-0.0
2009-02-15 23:10 <DIR> --d----- c:\program files\GIMP-2.0

==================== Find3M ====================

2009-03-08 16:16 4,724 a------- c:\windows\system32\PerfStringBackup.TMP
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-31 01:50 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-01-16 17:24 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 17:24 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-11 15:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-09 19:39 4,096 a------- c:\windows\d3dx.dat
2006-04-02 23:26 9,583,368 a------- c:\documents and settings\owner\DesktopDoctor1.5.1.exe

============= FINISH: 15:54:38.71 ===============

-------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/17/2006 1:01:27 PM
System Uptime: 3/15/2009 1:25:34 PM (2 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P5P800-VM
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Socket 775 | 2661/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 4.22 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 38 GiB total, 26.968 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/2/2009 7:31:29 AM - System Checkpoint
RP2: 3/3/2009 4:03:38 PM - ComboFix created restore point
RP3: 3/4/2009 11:32:05 AM - ComboFix created restore point
RP4: 3/4/2009 11:44:11 AM - Avg8 Update
RP5: 3/5/2009 2:22:43 PM - System Checkpoint
RP6: 3/6/2009 2:31:01 PM - System Checkpoint
RP7: 3/7/2009 10:23:10 AM - ComboFix created restore point
RP8: 3/8/2009 4:26:15 PM - System Checkpoint
RP9: 3/10/2009 3:06:22 AM - System Checkpoint
RP10: 3/11/2009 2:00:26 AM - Software Distribution Service 3.0
RP11: 3/11/2009 4:21:17 PM - Installed Windows XP KB954708.
RP12: 3/11/2009 4:22:10 PM - Installed DirectX
RP13: 3/12/2009 6:24:56 PM - System Checkpoint
RP14: 3/13/2009 10:51:51 PM - Software Distribution Service 3.0
RP15: 3/14/2009 12:49:51 PM - Installed Crazy Tao
RP16: 3/14/2009 12:50:13 PM - Installed Crazy Tao
RP17: 3/14/2009 1:00:35 PM - Installed Conquer 2.0
RP18: 3/14/2009 1:00:43 PM - Installed Conquer 2.0
RP19: 3/14/2009 2:40:39 PM - Removed Crazy Tao
RP20: 3/14/2009 2:40:50 PM - Removed Crazy Tao
RP21: 3/15/2009 1:34:48 PM - ComboFix created restore point

==== Installed Programs ======================

"Nero SoundTrax Help
7-Zip 4.64
ABBYY FineReader 6.0 Sprint
Acoustica MP3 CD Burner
Adobe Anchor Service CS4
Adobe CSI CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Update Manager CS4
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Advertising Center
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AVG Free 8.0
Before You Know It 3.6
Bonjour
CCleaner (remove only)
CCScore
CDDRV_Installer
Choice Guard
Connect
Conquer 2.0
Counter-Strike(TM)
CR2
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
DMVlite
DolbyFiles
EPSON CardMonitor
Epson Event Manager
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
EpsonNet Print
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eyeQ
ffdshow [rev 2083] [2008-08-21]
GIMP 2.6.4
Google Earth
Google Earth Plugin
Google Update Helper
Google Updater
GoToMeeting/GoToWebinar 3.0.0.198
GSIM
HijackThis 1.99.1
Homestead SiteBuilder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HSP56 Modem Drivers
ImagXpress
Intel(R) Extreme Graphics 2 Driver
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Joost (tm) 0.10.3
Junk Mail filter update
KhalInstallWrapper
Kodak EasyShare software
kuler
LimeWire PRO 4.18.8
Logitech SetPoint
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Marine Aquarium 2.5, Goldfish, Sharks & Carousel Bundle
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Live Meeting
Microsoft Office Visio Professional 2003
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
Movie Templates - Starter Kit
Mozilla Firefox (3.0.7)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Music Visualizer Library 1.4.00
Nero - Burning Rom
Nero 9 Trial
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
netbrdg
OfotoXMI
OLYMPUS Master 2
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PCFriendly
PowerDVD
QuickTime
RealPlayer
Realtek AC'97 Audio
RegCure 1.5.2.7
Rhapsody
Rhapsody Player Engine
Russian Alphabet 2.0
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Segoe UI
Serif PagePlus 11
Serif PagePlus 11 Resources
SFR
SFR2
SHASTA
skin0001
SKINXSDK
SonicStage 4.3
SoundTrax
Sprint Desktop Sync
Sprint media manager
Spybot - Search & Destroy
staticcr
Steam(TM)
Suite Shared Configuration CS4
TaxCut Standard 2005
tooltips
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veoh Web Player Beta
VPRINTOL
Watchtower Library 2007 - English
Watchtower Reader - Russian
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
WinZip Self-Extractor
WIRELESS
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

3/8/2009 3:14:15 PM, error: Dhcp [1002] - The IP address lease 192.168.15.3 for the Network Card with network address 0017314E1CDF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/8/2009 3:15:08 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
3/8/2009 3:15:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
3/9/2009 12:39:32 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
3/11/2009 2:30:15 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0017314E1CDF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/12/2009 1:20:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0017314E1CDF has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
3/12/2009 1:21:03 PM, error: Dhcp [1002] - The IP address lease 192.168.15.2 for the Network Card with network address 0017314E1CDF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

Both those results show me tcpip.sys without a directory listing


c:\windows\system32\drivers
c:\windows\ServicePackFiles\i386\

And one says infected?





Also earlier did you delete Gmer's mbr.exe?
and C:\mbr.log
If not please do so now.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

KillAll:: 

File:: 
c:\windows\system32\activedsx.exe

Folder:: 
C:\Lop SD

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\unServices]
 "UpdateWin "=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\unServices]
 "UpdateWin "=-

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Please post ComboFix.txt

 

You want me to do the virustotal scan again now? Last time, both scans came up with no infections.

-------------------------------------------------------------------------------------
ComboFix 09-03-15.01 - Owner 2009-03-15 18:28:08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1000 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\activedsx.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-14 14:00 . 2009-03-15 18:11 <DIR> d-------- c:\program files\Conquer 2.0
2009-03-11 17:39 . 2009-03-15 18:32 <DIR> d-------- c:\documents and settings\Owner\Tracing
2009-03-11 17:21 . 2009-03-11 17:21 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-11 17:16 . 2009-03-11 17:16 <DIR> d-------- c:\program files\Microsoft
2009-03-11 17:15 . 2009-03-11 17:15 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-11 17:15 . 2009-03-11 17:23 <DIR> d-------- c:\program files\Windows Live
2009-03-11 17:09 . 2009-03-11 17:09 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-10 17:14 . 2009-03-10 17:15 69 --a------ c:\windows\NeroDigital.ini
2009-03-05 18:51 . 2009-03-15 18:27 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-05 10:28 . 2009-03-05 10:28 250 --a------ c:\windows\gmer.ini
2009-03-02 08:57 . 2008-04-13 17:12 69,120 --a--c--- c:\windows\system32\dllcache\notepad.exe
2009-03-02 08:57 . 2008-04-13 17:12 69,120 --a------ c:\windows\notepad.exe
2009-03-02 08:49 . 2009-03-11 03:02 1,374 --a------ c:\windows\imsins.BAK
2009-03-01 17:39 . 2009-03-14 02:10 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 16:35 . 2009-03-15 09:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 16:35 . 2009-03-01 16:35 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 16:35 . 2009-03-01 16:35 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 16:35 . 2009-03-01 16:35 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 16:34 . 2009-03-01 16:34 <DIR> d-------- c:\program files\AVG
2009-03-01 16:34 . 2009-03-01 16:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 16:22 . 2009-03-01 16:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\True Sword
2009-03-01 16:20 . 2009-03-01 23:40 <DIR> d-------- c:\program files\True Sword 5
2009-03-01 15:03 . 2009-03-01 15:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-03-01 14:25 . 2009-03-01 23:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-01 12:17 . 2009-03-01 12:18 <DIR> d-------- c:\documents and settings\Owner\Application Data\Nero
2009-02-28 23:37 . 2009-02-28 23:37 4,767 --a------ c:\windows\Irremote.ini
2009-02-28 23:32 . 2009-02-28 23:32 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-28 23:02 . 2009-02-28 23:35 <DIR> d-------- c:\program files\Nero
2009-02-28 23:01 . 2009-03-01 00:04 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-28 23:01 . 2009-02-28 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-28 19:20 . 2009-02-28 19:21 <DIR> d-------- C:\RecoveryCD
2009-02-28 18:48 . 2009-02-28 18:48 0 --a------ c:\windows\nsreg.dat
2009-02-28 18:46 . 2009-02-28 18:46 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-02-28 18:46 . 2009-02-28 18:46 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-02-28 18:14 . 2009-02-28 18:14 <DIR> d-------- c:\program files\RegCure
2009-02-28 18:14 . 2009-02-28 18:14 <DIR> d-------- c:\program files\CCleaner
2009-02-28 14:41 . 2008-04-13 17:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-02-28 13:42 . 2009-02-28 13:42 <DIR> d-------- c:\program files\ffdshow
2009-02-28 13:42 . 2008-08-22 18:57 14,336 --a------ c:\windows\system32\ff_vfw.dll
2009-02-28 13:42 . 2008-08-10 12:55 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-28 13:03 . 2009-02-28 13:03 <DIR> d-------- c:\program files\Veoh Networks
2009-02-26 19:51 . 2009-02-26 19:51 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-02-24 22:05 . 2009-01-09 12:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 23:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-14 22:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-14 21:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 02:42 --------- d-----w c:\documents and settings\Owner\Application Data\gtk-2.0
2009-03-04 06:51 --------- d-----w c:\program files\Google
2009-03-01 11:39 --------- d-----w c:\program files\Joost
2009-02-26 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 20:37 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 06:10 --------- d-----w c:\program files\GIMP-2.0
2009-02-13 07:25 --------- d-----w c:\documents and settings\Owner\Application Data\Epson
2009-02-11 05:07 --------- d-----w c:\program files\Acoustica MP3 CD Burner
2009-02-11 05:07 --------- d-----w c:\documents and settings\Owner\Application Data\Acoustica
2009-02-10 20:40 --------- d-----w c:\documents and settings\Owner\Application Data\Camfrog
2009-02-07 02:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 08:27 --------- d-----w c:\program files\Realtek AC97
2009-02-06 08:21 --------- d-----w c:\program files\Sprint Instinct Applications
2009-02-06 06:38 --------- d-----w c:\program files\EpsonNet
2009-02-06 06:31 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-02-03 19:20 --------- d-----w c:\program files\Common Files\EPSON
2009-02-03 18:21 --------- d-----w c:\program files\Epson Software
2009-02-03 18:21 --------- d-----w c:\program files\EPSON
2009-02-02 10:43 --------- d-----w c:\program files\iTunes
2009-02-01 22:38 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 22:37 --------- d-----w c:\program files\iPod
2009-02-01 22:37 --------- d-----w c:\program files\Common Files\Apple
2009-02-01 22:34 --------- d-----w c:\program files\Bonjour
2009-02-01 22:33 --------- d-----w c:\program files\QuickTime
2009-02-01 22:29 --------- d-----w c:\program files\Apple Software Update
2009-02-01 22:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-31 08:50 34 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-01-30 01:37 --------- d-----w c:\program files\Yahoo!
2009-01-30 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-29 20:30 --------- d-----w c:\program files\Reference Assemblies
2009-01-29 20:30 --------- d-----w c:\program files\MSBuild
2009-01-26 22:57 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-20 03:41 --------- d-----w c:\program files\Valve
2009-01-20 00:02 --------- d-----w c:\program files\McAfee.com
2009-01-20 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-19 23:30 --------- d-----w c:\program files\Watchtower
2009-01-19 23:25 --------- d-----w c:\program files\RealRhapsody
2009-01-18 00:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-18 00:17 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-18 00:16 --------- d-----w c:\documents and settings\Owner\Application Data\Download Manager
2009-01-17 00:25 --------- d-----w c:\program files\Common Files\xing shared
2009-01-17 00:25 --------- d-----w c:\program files\Common Files\Real
2006-04-03 06:26 9,583,368 ----a-w c:\documents and settings\Owner\DesktopDoctor1.5.1.exe
.

------- Sigcheck -------

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 12:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 04:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 04:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-03-15_13.41.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-16 01:31:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"EEventManager "= "c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-11-29 c:\windows\KHALMNPR.Exe]
"PCTVOICE "= "pctspk.exe" [2003-04-24 c:\windows\system32\pctspk.exe]
"SoundMan "= "SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2006-06-16 1757]
Kodak EasyShare software.lnk.disabled [2009-01-09 1837]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
MiniEYE-MiniREAD Launch .lnk.disabled [2009-01-02 1523]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 16:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"NeroCheck "=c:\windows\System32\\NeroCheck.exe
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"ArcSoft Connection Service "=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\akirayabuki\\condition zero\\hl.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe "=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\akirayabuki\\counter-strike\\hl.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-01 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-01 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-01 298264]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c99c9589fb5a82;Google Update Service (gupdate1c99c9589fb5a82);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;c:\windows\system32\Drivers\FarDrive.sys --> c:\windows\system32\Drivers\FarDrive.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-03 23:52]

2009-03-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 23:50]

2008-03-15 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []

2009-03-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]

2009-03-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{574FAE5A-6223-A054-3174-91E7DFC53986} - (no file)
BHO-{72183A59-F2E3-3507-E1B2-E9A5789D07F1} - (no file)
BHO-{A5E51C5B-57CF-A04A-BF60-3E709924E2F8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
TCP: {93AFF8A7-2782-47C8-8EB0-219C14CDC0ED} = 208.67.220.220,208.67.222.222
TCP: {B01A2396-58D0-4382-ABF4-7E8B21CD2807} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\51g7s3oe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 18:32:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1229272821-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-73586283-1229272821-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-73586283-1229272821-839522115-1003)
@Allowed: (Read) (S-1-5-21-73586283-1229272821-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\SAgent4.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Sprint Instinct Applications\MEMonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-03-15 18:39:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-16 01:39:44
ComboFix2.txt 2009-03-07 18:41:27
ComboFix3.txt 2009-03-04 19:49:51
ComboFix4.txt 2009-03-04 00:31:29

Pre-Run: 4,482,154,496 bytes free
Post-Run: 4,462,215,168 bytes free

281 --- E O F --- 2009-03-14 06:55:17