Solved WinAntiSpyware and a Dialer removal

Hi Stratman

Been seeing quite a number of machines with permissions problems, so lets see if resetting permissions helps to get things going. This is taken from a documented MS procedure and won't harm anything.

Download and install SubInACL from Microsoft.

Close out all other programs and open windows.

Highlight and copy the contents of the code box below.

Code:

cd /d  "%ProgramFiles%\Windows Resource Kits\Tools "
subinacl /subkeyreg HKEY_LOCAL_MACHINE /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CURRENT_USER /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CLASSES_ROOT /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose 
exit
cls

Click Start>Run and type cmd then hit enter to open a command window.
Right click in the command window and select paste.
It will take a while for the commands to process, so please be patient.
The command window should close on it's own when finished.
Reboot for the changes to take effect.


Now, lets see if we can get Java updated. Please download JavaRa and save the file to your desktop.

• Right click and Extract All
• Once extracted, open and run JavaRa.exe
• Click Search For Updates
• Select Update Using jucheck.exe
• Click Search
• If a newer version is found, allow it to be installed
• When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
• When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
• Exit the tool when complete.

*Note - if using jucheck.exe fails to produce an update, select Update using Sun Java's website, click Search, then Open Webpage.
Select Java Runtime Environment (JRE) 6 Update 7
You can either download it or run the online installation.

If successful, please try running the Kaspersky scan again as outlined by Geri above.

 

Guess what, SubInACL doesn't have permissions to install!
It's not really funny, but well, what are ya gonna do?
Have you all ever heard of semi-safe mode, and where an Admin is only sort of an Admin?
I actually ran the script without first realizing the app hadn't installed. I realized it after I saw the subinacl wasn't a recognized command or file name.
It's times like this when you wished Dell sent all the CD's!
Ok, in all seriousness, I have admin rights on my personal profile (well, I used to. Who knows what's going on now)
I rebooted into safe mode, the real one and tried to install SubInACL. Even using the Administrator account in Safe Mode it error-ed out stating that the system administrator denied the install.
You all ready to give up yet, or is this becoming a quest?

 

Nah, we aren't giving up yet.
Grab RunSubinACL.exe from here.
Run it with all other programs closed, in normal mode, on your account.
Reboot when done and see if the previously downloaded SubInACL will properly install (check the C:\Program Files\Windows Resource Kits\Tools path) and if so, run it as first described (RunSubInaACL.exe differs slightly from mine).

 

Tried to run the second program and it had the same issue.
I should have looked first, but the above file/folder/therefore path doesn't exist. Now that might be a problem.

 

What exactly happens when you try to install the SubInACL package downloaded from MS?

 

I get a real generic Windows Installer box pop-up with the following text:
"The system administrator has set policies to prevent this installation "
EDIT:
Sorry, I forgot to mention that the app tries to install all the way and the error is at the end. Almost like it goes right up to where it tries to write to the registry then isn't allowed.

When Earthlink firewall/antivirus tries to boot up, you can see it loading, but when the services attempt to start, they can't. May be related, or may be apples/oranges.

 

Click Start>Run and type %temp% then hit Enter. See if you can locate subinacl.exe anywhere within that folder or subfolders. If present, copy it to C:\Windows\system32 then copy and paste the contents of the code box below into a command window.

Code:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CURRENT_USER /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CLASSES_ROOT /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose 
exit
cls

If you do not find subinacl.exe, double click RunSubInACL.exe again. Look for it again whilst it's running and copy it to system32.

If you can logon to the Administator account, I'd recommend you repeat the permission reset procedure from that account too. Be sure to reboot for changes to take effect.

 

I'm going to reboot and try it again. Looks like after you run it once it just jumps right to the error. I don't suppose you have a copy of the file you can pm me or e-mail? Wasn't anyplace in the temp directory by the way. I'm running the one from second site. Will the .exe from that one work the same way?

 

Yes. The subinacl.exe packaged in the RunSubInACL.exe file is the same one as in the package downloaded from MS. When you run RunSubInACL.exe it extracts to and runs from your temp folder, which is why I said to look for the file whilst running it. Once you copy it to the system32 folder you can run my coded commands from a command window.

If you have Winrar installed, you could alternatively right click the RunSubInACL.exe file and select Extract here to extract the subinacl.exe file, then copy it to system32.

 

Found the .exe in the Windows temp directory, not the temp under doc and settings. I copied the file and will try it again.
I'll edit this post instead of starting another..
EDIT:
I lost the window now, but there was a failure in
HKEY_LOCAL_MACHINE/Security/Policy/Secrets......
couldn't see the rest, then the scan continued and I lost it. I think the path above was correct.

 

Ahh ....... good find! If you edit the post there's no way for us to know you've responded. Please post a new reply when ready.

 

Went in as Administrator and ran it again. When I saw the "Fail" message I knew it wasn't going to work, but finished and re-booted anyway
HKEY_LOCAL_MACHINE\Security\Policy\Secrets\SAI "The System Cannot "
I couldn't see the rest of the error message. It ran off the viewable area of the window.

 

That shouldn't be a problem. Please copy the contents of the code box below and paste it into a command window.

Code:

reg query  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList ">user.txt
start notepad user.txt
exit
cls

Post the contents of the user.txt file that opens.

 

Wow, that was weird! I posted and got a pop up from here about making your machine run faster, full window, but my post didn't save..
Anyway, I knew it was going to fail again when I saw the same error.
Failure HKEY_LOCAL_MACHINE\Security\Policy\Secrets\SAI "The system canno............ "
The end ran off the viewable area of the window so I couldn't see the rest.
I was in as Administrator, ran it, and rebooted. Still no change.

 

Sorry for the double post. This is getting strange...

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HelpAssistant REG_DWORD 0x0
TsInternetUser REG_DWORD 0x0
SQLAgentCmdExec REG_DWORD 0x0
NetShowServices REG_DWORD 0x0
IWAM_ REG_DWORD 0x10000
IUSR_ REG_DWORD 0x10000
VUSR_ REG_DWORD 0x10000
ASPNET REG_DWORD 0x0

 

Please see if you can install the Java package now.

I would also like to see a fresh log from RSIT.

 

No luck on Java. Got a new message this time:
Security Warning (This was a Java window)
Warning failed to verify the authenticity of the certificate. Because there was an error parsing the certificate no assertions can be made of the origin or validity of the code. Installing and running this code is not allowed.
Exit

RIST Log

Logfile of random's system information tool 1.02 (written by random/random)
Run by Don at 2008-09-27 18:24:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (74%) free of 149 GB
Total RAM: 1014 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:29 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Don.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137525022796
O23 - Service: ADSService - EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe
O23 - Service: AuthFw - Unknown owner - C:\Program Files\Authentium\Firewall SDK\AuthFw.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 6903 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]
ElnkBhoGuard Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2007-07-19 247272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]
ElnkScamBHO Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2007-07-19 247272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]
ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2007-07-19 255464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]
ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2007-07-19 415208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]
ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2007-07-19 280040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2007-07-19 878056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-07-20 94208]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-07-20 77824]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-07-20 114688]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"RoxioDragToDisc "=C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-10-20 1687552]
"Earthlink Protection Control Center "=C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe [2007-08-08 67048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"Creative Detector "=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"EasyLinkAdvisor "=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6uxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7xbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8fhxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0cexx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati2jlxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6uxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati7xbxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8fhxx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe "= "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service "
"C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "= "C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows "
"C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe "= "C:\Program Files\Roxio\Easy Media Creator 8\VideoUI\VideoWave8.exe:*:Enabled:VideoWave 8 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 1 months======

2008-09-27 16:49:37 ----A---- C:\WINDOWS\system32\subinacl.exe
2008-09-26 19:18:33 ----D---- C:\WINDOWS\LastGood.Tmp
2008-09-26 19:16:16 ----D---- C:\Program Files\Panda Security
2008-09-24 19:53:07 ----SHD---- C:\RECYCLER
2008-09-24 19:41:27 ----D---- C:\WINDOWS\temp
2008-09-24 19:41:26 ----A---- C:\ComboFix.txt
2008-09-24 19:39:42 ----D---- C:\ComboFix
2008-09-23 16:28:40 ----D---- C:\WINDOWS\erdnt
2008-09-23 16:28:24 ----D---- C:\QooBox
2008-09-23 16:28:22 ----A---- C:\WINDOWS\zip.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\VFind.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\SWSC.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\swreg.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\sed.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\grep.exe
2008-09-23 16:28:22 ----A---- C:\WINDOWS\fdsv.exe
2008-09-22 19:54:21 ----D---- C:\rsit
2008-09-22 19:30:23 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2008-09-22 19:30:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 19:30:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 08:40:52 ----D---- C:\Program Files\Trend Micro
2008-09-20 20:52:47 ----D---- C:\WINDOWS\pss
2008-09-20 16:45:57 ----D---- C:\Program Files\RegCleaner
2008-09-18 18:33:20 ----D---- C:\Documents and Settings\Don\Application Data\ScamBlocker
2008-09-18 18:28:56 ----D---- C:\Program Files\Common Files\EarthLink
2008-09-18 17:16:57 ----D---- C:\Documents and Settings\Don\Application Data\aAvgApi
2008-09-18 16:34:35 ----D---- C:\Program Files\AVG
2008-09-18 16:34:29 ----D---- C:\Program Files\McAfee
2008-09-18 16:34:07 ----D---- C:\Program Files\Common Files\EarthLink Protection Control Center
2008-09-18 16:34:05 ----D---- C:\Program Files\Common Files\ADS
2008-09-18 16:34:03 ----D---- C:\Documents and Settings\Don\Application Data\InstallShield
2008-09-18 16:30:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 19:00:01 ----D---- C:\Program Files\Common Files\ADS(2)
2008-09-10 07:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 07:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 18:14:10 ----SHD---- C:\WINDOWS\CSC
2008-09-08 18:07:51 ----A---- C:\WINDOWS\webica.ini
2008-09-08 18:01:09 ----D---- C:\Program Files\Citrix
2008-09-06 22:44:17 ----A---- C:\WINDOWS\system32\5W3qdc2O.exe
2008-09-01 22:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-29 17:21:19 ----D---- C:\WINDOWS\Prefetch
2008-08-29 17:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-29 17:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-29 17:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-29 17:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-29 17:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-29 17:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-29 17:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-29 17:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-29 17:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-29 17:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-29 17:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-29 17:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-29 17:12:47 ----D---- C:\WINDOWS\system32\en-us
2008-08-29 17:12:46 ----D---- C:\WINDOWS\system32\scripting
2008-08-29 17:12:46 ----D---- C:\WINDOWS\l2schemas
2008-08-29 17:12:45 ----D---- C:\WINDOWS\system32\en
2008-08-29 17:12:45 ----D---- C:\WINDOWS\system32\bits
2008-08-29 17:10:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-29 17:08:50 ----D---- C:\WINDOWS\network diagnostic
2008-08-29 17:04:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

======List of files/folders modified in the last 1 months======

2008-09-27 18:21:34 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 18:12:53 ----SHD---- C:\WINDOWS\Installer
2008-09-27 17:11:41 ----D---- C:\WINDOWS\security
2008-09-27 16:49:37 ----D---- C:\WINDOWS\system32
2008-09-27 14:55:04 ----D---- C:\WINDOWS
2008-09-27 14:55:01 ----D---- C:\WINDOWS\Debug
2008-09-27 12:20:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 19:18:45 ----D---- C:\WINDOWS\system32\drivers
2008-09-26 19:16:16 ----D---- C:\Program Files
2008-09-24 19:53:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-24 19:40:42 ----A---- C:\WINDOWS\system.ini
2008-09-24 19:40:25 ----D---- C:\WINDOWS\AppPatch
2008-09-24 19:40:25 ----D---- C:\Program Files\Common Files
2008-09-23 17:49:55 ----RSD---- C:\WINDOWS\assembly
2008-09-23 17:49:46 ----D---- C:\Program Files\EarthLink
2008-09-23 17:45:32 ----SD---- C:\Documents and Settings\Don\Application Data\Microsoft
2008-09-20 17:00:27 ----HD---- C:\Config.Msi
2008-09-20 17:00:26 ----D---- C:\WINDOWS\WinSxS
2008-09-20 17:00:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-20 14:18:11 ----A---- C:\WINDOWS\win.ini
2008-09-18 19:29:58 ----D---- C:\Documents and Settings
2008-09-18 19:28:53 ----A---- C:\WINDOWS\wininit.ini
2008-09-18 18:51:06 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2008-09-18 17:59:38 ----D---- C:\Katie
2008-09-18 16:38:02 ----D---- C:\WINDOWS\system32\config
2008-09-18 16:37:03 ----D---- C:\WINDOWS\system32\wbem
2008-09-18 16:36:59 ----D---- C:\WINDOWS\Registration
2008-09-18 16:33:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-17 04:53:00 ----SHD---- C:\System Volume Information
2008-09-17 04:53:00 ----D---- C:\WINDOWS\system32\Restore
2008-09-14 11:51:49 ----D---- C:\Documents and Settings\Don\Application Data\Canon
2008-09-10 07:47:12 ----HD---- C:\WINDOWS\inf
2008-09-08 18:04:41 ----D---- C:\Documents and Settings\Don\Application Data\ICAClient
2008-09-06 22:44:17 ----SD---- C:\WINDOWS\Tasks
2008-09-03 07:39:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-02 18:19:45 ----D---- C:\Family Photos
2008-09-02 16:36:25 ----D---- C:\WINDOWS\Help
2008-09-01 20:50:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 22:24:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-29 17:24:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-29 17:20:58 ----D---- C:\WINDOWS\system32\Setup
2008-08-29 17:20:56 ----RSD---- C:\WINDOWS\Fonts
2008-08-29 17:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 17:16:35 ----D---- C:\Program Files\Messenger
2008-08-29 17:12:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-29 17:12:59 ----D---- C:\WINDOWS\ime
2008-08-29 17:12:47 ----D---- C:\WINDOWS\system32\usmt
2008-08-29 17:12:46 ----D---- C:\Program Files\Internet Explorer
2008-08-29 17:12:45 ----D---- C:\WINDOWS\PeerNet
2008-08-29 17:12:45 ----D---- C:\Program Files\Movie Maker
2008-08-29 17:10:40 ----D---- C:\WINDOWS\system32\npp
2008-08-29 17:10:40 ----D---- C:\WINDOWS\mui
2008-08-29 17:10:38 ----D---- C:\WINDOWS\msagent
2008-08-29 17:10:37 ----D---- C:\WINDOWS\srchasst
2008-08-29 17:10:36 ----D---- C:\Program Files\NetMeeting
2008-08-29 17:10:35 ----D---- C:\WINDOWS\system32\Com
2008-08-29 17:10:33 ----D---- C:\Program Files\Windows NT
2008-08-29 17:10:33 ----D---- C:\Program Files\Windows Media Player
2008-08-29 17:10:33 ----D---- C:\Program Files\Outlook Express
2008-08-29 17:10:30 ----D---- C:\Program Files\Common Files\System
2008-08-29 17:10:17 ----D---- C:\WINDOWS\system32\oobe
2008-08-29 17:10:15 ----D---- C:\WINDOWS\system
2008-08-29 17:07:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-29 17:04:33 ----D---- C:\WINDOWS\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-20 311680]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-20 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-10-21 50176]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-20 27264]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-20 1049180]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-15 180864]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-01-14 8552]
S2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-02-12 837056]
S2 GRTdiMon;GR TDI Mon; C:\WINDOWS\System32\Drivers\GRTdiMon.sys [2007-04-11 42496]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADSFilter;ADSFilter - (EarthLink Filter Driver); C:\WINDOWS\system32\drivers\ADSFilter.sys [2007-08-03 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver); C:\WINDOWS\system32\drivers\ADSMonitor.sys [2007-08-03 38384]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys []
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys []
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys []
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-05-19 29184]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-20 27136]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Net6IM;Net6; C:\WINDOWS\system32\DRIVERS\net6im51.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
S2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-02-12 177672]
S2 ELNKUpdateService;ELNK Update Service; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe [2007-08-08 38376]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-10-21 229376]
S2 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-10-21 405504]
S2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-10-21 155648]
S3 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe [2007-08-03 116200]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 AuthFw;AuthFw; C:\Program Files\Authentium\Firewall SDK\AuthFw.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EarthLinkSafeConnectAgent;EarthLinkSafeConnectAgent; C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe EarthLinkSafeConnectAgent []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-10-21 864256]
S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-10-21 45056]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ProtectionService;ProtectionService; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe [2007-08-08 112104]

-----------------EOF-----------------

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cexx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6uxxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7xbxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8fhxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0cexx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati2jlxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati6uxxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati7xbxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati8fhxx.sys]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

 

Please go to Add/Remove Programs and uninstall all Java (JRE) components you find listed. Reboot when done, then try installing the latest version again.

 

New ComboFix:

ComboFix 08-09-27.01 - Don 2008-09-27 19:20:28.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.747 [GMT -4:00]
Running from: C:\Documents and Settings\Don\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Don\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2008-09-27 17:48 . 2008-09-27 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ScamBlocker
2008-09-27 16:49 . 2004-06-11 15:33 290,304 --a------ C:\WINDOWS\system32\subinacl.exe
2008-09-26 19:18 . 2008-09-26 19:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-09-26 19:18 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-26 19:16 . 2008-09-26 19:16 <DIR> d-------- C:\Program Files\Panda Security
2008-09-22 19:54 . 2008-09-22 19:54 <DIR> d-------- C:\rsit
2008-09-22 19:30 . 2008-09-22 19:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 19:30 . 2008-09-22 19:30 <DIR> d-------- C:\Documents and Settings\Don\Application Data\Malwarebytes
2008-09-22 19:30 . 2008-09-22 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 19:30 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 19:30 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 08:40 . 2008-09-21 08:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-20 16:45 . 2008-09-20 16:58 <DIR> d-------- C:\Program Files\RegCleaner
2008-09-18 19:29 . 2008-09-20 17:00 262,144 --a------ C:\Documents and Settings\Katie's
2008-09-18 19:29 . 2008-09-20 17:00 262,144 --a------ C:\Documents and Settings\Katie
2008-09-18 19:00 . 2008-09-18 19:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ScamBlocker
2008-09-18 19:00 . 2008-09-18 19:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\EarthLink
2008-09-18 18:33 . 2008-09-18 18:33 <DIR> d-------- C:\Documents and Settings\Don\Application Data\ScamBlocker
2008-09-18 18:28 . 2008-09-18 18:29 <DIR> d-------- C:\Program Files\Common Files\EarthLink
2008-09-18 17:16 . 2008-09-18 17:16 <DIR> d-------- C:\Documents and Settings\Don\Application Data\aAvgApi
2008-09-18 17:01 . 2008-09-18 17:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\aAvgApi
2008-09-18 16:34 . 2008-09-18 18:06 <DIR> d-------- C:\Program Files\McAfee
2008-09-18 16:34 . 2008-09-18 16:34 <DIR> d-------- C:\Program Files\Common Files\EarthLink Protection Control Center
2008-09-18 16:34 . 2008-09-18 16:40 <DIR> d-------- C:\Program Files\Common Files\ADS
2008-09-18 16:34 . 2008-09-18 16:34 <DIR> d-------- C:\Program Files\AVG
2008-09-18 16:34 . 2008-09-18 16:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\InstallShield
2008-09-18 16:34 . 2008-09-18 16:34 <DIR> d-------- C:\Documents and Settings\Don\Application Data\InstallShield
2008-09-18 16:30 . 2008-09-23 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 20:08 . 2008-09-17 20:14 8,192 --a------ C:\Documents and Settings\TEMP\NTUSER(2).DAT
2008-09-17 19:00 . 2008-09-18 16:33 <DIR> d-------- C:\Program Files\Common Files\ADS(2)
2008-09-17 18:29 . 2008-09-17 18:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\EarthLink
2008-09-16 22:44 . 2008-09-16 22:44 163,840 --ah----- C:\AFCache.dat
2008-09-09 18:32 . 2008-09-09 18:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-09 17:03 . 2008-09-09 17:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-09-08 18:07 . 2008-09-08 18:07 0 --a------ C:\WINDOWS\webica.ini
2008-09-08 18:01 . 2008-09-08 18:01 <DIR> d-------- C:\Program Files\Citrix
2008-09-06 22:44 . 2008-09-20 14:29 39,426 --a------ C:\WINDOWS\system32\5W3qdc2O.exe
2008-08-29 17:12 . 2008-08-29 17:12 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-29 17:12 . 2008-08-29 17:12 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-29 17:12 . 2008-08-29 17:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-29 17:12 . 2008-08-29 17:12 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-29 17:10 . 2008-08-29 17:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-28 16:23 . 2008-08-28 16:23 35,262 --a------ C:\WINDOWS\Katie's.acl
2008-08-27 06:48 . 2008-04-13 20:12 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2008-08-27 06:47 . 2008-04-13 20:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-23 21:49 --------- d-----w C:\Program Files\EarthLink
2008-09-18 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 15:51 --------- d-----w C:\Documents and Settings\Don\Application Data\Canon
2008-09-08 22:04 --------- d-----w C:\Documents and Settings\Don\Application Data\ICAClient
2008-08-30 02:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2006-06-22 10:49 13,386 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2006-06-22 10:49 92,234 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_16.33.36.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-23 21:49:55 42,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CenturianShellMenu\1.1.5.25016__a4004c7b772007f8\CenturianShellMenu.dll
- 2008-08-29 21:21:00 378,448 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-27 21:12:15 378,448 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Creative Detector "= "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"EasyLinkAdvisor "= "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 114688]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxioDragToDisc "= "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-20 1687552]
"Earthlink Protection Control Center "= "C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe" [2007-08-08 67048]
"SigmatelSysTrayApp "= "stsystra.exe" [2005-03-23 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Adobe Reader Speed Launch.lnk.disabled [2008-03-09 1757]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel "= 0 (0x0)
"NoClose "= 0 (0x0)
"NoCommonGroups "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0cexx.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1jlxx.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2jlxx.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6uxxx.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7xbxx.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8fhxx.sys]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe "=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe "=
"C:\\Program Files\\HP\\HP Officejet Pro K550 Series\\Toolbox\\HPWUTBX.exe "=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\VideoUI\\VideoWave8.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=

R0 GRFILTER;CS NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys [2007-04-11 22528]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2007-04-11 42496]
S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);C:\WINDOWS\system32\drivers\ADSFilter.sys [2007-08-03 57456]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);C:\WINDOWS\system32\drivers\ADSMonitor.sys [2007-08-03 38384]
S3 AuthFw;AuthFw;C:\Program Files\Authentium\Firewall SDK\AuthFw.exe [ ]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys [ ]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys [ ]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys [ ]
S3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 19:31:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-27 19:34:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 23:34:52
ComboFix2.txt 2008-09-24 23:41:26
ComboFix3.txt 2008-09-24 23:29:17
ComboFix4.txt 2008-09-23 20:34:00

Pre-Run: 116,170,313,728 bytes free
Post-Run: 116,159,938,560 bytes free

258 --- E O F --- 2008-09-10 11:48:04