21 replies to this topic

[brew]

Hello all,

looks like I got infected with the rootkit - trojan.TDSS

when first infected, I was unable to do or run anything ect... so I booted into safe mode and ran mbam. After rebooting, I still can not get rid of trojan.TDSS. I tried to run RootRepeal but kept getting error messages. I did run hijack this and combofix.

1st mbam log file, hijack this log file, combofix log file, and 2nd mbam log file follows.

Any help is much appreciated.

1st mbam log -

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/15/2009 2:43:13 PM
mbam-log-2009-07-15 (14-43-13).txt

Scan type: Quick Scan
Objects scanned: 95852
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12951094 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12951094 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\12951094\12951094 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\12951094\12951094.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nakrutchik.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ppc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HijackThis Log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:00 PM, on 7/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Autodesk Network License Manager\lmgrd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Autodesk Network License Manager\adskflex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\R-Wipe&Clean\rwiped.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI8C0D~1\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RWipeD] C:\Program Files\R-Wipe&Clean\rwiped.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8C0D~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI8C0D~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI8C0D~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI8C0D~1\Office12\REFIEBAR.DLL
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5677/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI8C0D~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXlm Service 1 - Macrovision Corporation - C:\Autodesk Network License Manager\lmgrd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 11911 bytes

Combofix log -

ComboFix 09-07-14.08 - me 07/15/2009 20:43.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1414 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

Overlay aborted ... Please run ComboFix once more 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1023072896-4139445909-1463264484-1000
c:\$recycle.bin\S-1-5-21-1170374297-2161096245-3617272062-1000
c:\$recycle.bin\S-1-5-21-1170374297-2161096245-3617272062-1001
c:\$recycle.bin\S-1-5-21-2173621283-3401230598-2509303900-1000
c:\$recycle.bin\S-1-5-21-2515028408-2413159130-2098404481-1000
c:\$recycle.bin\S-1-5-21-3311197150-222908312-1986303731-1000
c:\$recycle.bin\S-1-5-21-4008519400-45536793-3704034604-1000
c:\$recycle.bin\S-1-5-21-557742349-1574351555-2563274875-1000
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
c:\progra~1\COMMON~1\{4C599~1
c:\program files\deskbar
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1644491937-1788223648-839522115-500
c:\windows\fnts~1
c:\windows\Installer\111e88b7.msp
c:\windows\Installer\111e88b8.msp
c:\windows\Installer\111e88b9.msp
c:\windows\Installer\111e88ba.msp
c:\windows\Installer\111e88bb.msp
c:\windows\Installer\111e88bc.msp
c:\windows\Installer\111e88bd.msp
c:\windows\Installer\111e88be.msp
c:\windows\Installer\111e88bf.msp
c:\windows\Installer\1120859.msp
c:\windows\Installer\112085a.msp
c:\windows\Installer\112085b.msp
c:\windows\Installer\112085c.msp
c:\windows\Installer\112085d.msp
c:\windows\Installer\112085e.msp
c:\windows\Installer\112085f.msp
c:\windows\Installer\1120860.msp
c:\windows\Installer\1120861.msp
c:\windows\Installer\11d7055.msp
c:\windows\Installer\12b86602.msp
c:\windows\Installer\12b86603.msp
c:\windows\Installer\12b86604.msp
c:\windows\Installer\12b86605.msp
c:\windows\Installer\12b86606.msp
c:\windows\Installer\12b86607.msp
c:\windows\Installer\12b86608.msp
c:\windows\Installer\12b86609.msp
c:\windows\Installer\12b8660a.msp
c:\windows\Installer\1387fa3.msp
c:\windows\Installer\1387fa4.msp
c:\windows\Installer\1387fa5.msp
c:\windows\Installer\1387fa6.msp
c:\windows\Installer\1387fa7.msp
c:\windows\Installer\1387fa8.msp
c:\windows\Installer\1387fa9.msp
c:\windows\Installer\1387faa.msp
c:\windows\Installer\1387fab.msp
c:\windows\Installer\147af55.msp
c:\windows\Installer\147af56.msp
c:\windows\Installer\147af57.msp
c:\windows\Installer\147af58.msp
c:\windows\Installer\147af59.msp
c:\windows\Installer\147af5a.msp
c:\windows\Installer\147af5b.msp
c:\windows\Installer\147af5c.msp
c:\windows\Installer\147af5d.msp
c:\windows\Installer\152df43.msp
c:\windows\Installer\152df44.msp
c:\windows\Installer\152df45.msp
c:\windows\Installer\152df46.msp
c:\windows\Installer\152df47.msp
c:\windows\Installer\152df48.msp
c:\windows\Installer\152df49.msp
c:\windows\Installer\152df4a.msp
c:\windows\Installer\152df4b.msp
c:\windows\Installer\15865f5.msp
c:\windows\Installer\15865f6.msp
c:\windows\Installer\15865f7.msp
c:\windows\Installer\15865f8.msp
c:\windows\Installer\15865f9.msp
c:\windows\Installer\15865fa.msp
c:\windows\Installer\15865fb.msp
c:\windows\Installer\15865fc.msp
c:\windows\Installer\15865fd.msp
c:\windows\Installer\1644f9b6.msp
c:\windows\Installer\1644f9b7.msp
c:\windows\Installer\1644f9b8.msp
c:\windows\Installer\1644f9b9.msp
c:\windows\Installer\1644f9ba.msp
c:\windows\Installer\1644f9bb.msp
c:\windows\Installer\1644f9bc.msp
c:\windows\Installer\1644f9bd.msp
c:\windows\Installer\1644f9be.msp
c:\windows\Installer\16b9e2f.msp
c:\windows\Installer\16b9e30.msp
c:\windows\Installer\16b9e31.msp
c:\windows\Installer\16b9e32.msp
c:\windows\Installer\16b9e33.msp
c:\windows\Installer\16b9e34.msp
c:\windows\Installer\16b9e35.msp
c:\windows\Installer\16b9e36.msp
c:\windows\Installer\16b9e37.msp
c:\windows\Installer\17b74b0.msp
c:\windows\Installer\17b74b1.msp
c:\windows\Installer\17b74b2.msp
c:\windows\Installer\17b74b3.msp
c:\windows\Installer\17b74b4.msp
c:\windows\Installer\17b74b5.msp
c:\windows\Installer\17b74b6.msp
c:\windows\Installer\17b74b7.msp
c:\windows\Installer\17b74b8.msp
c:\windows\Installer\17dec0e8.msp
c:\windows\Installer\17dec0e9.msp
c:\windows\Installer\17dec0ea.msp
c:\windows\Installer\17dec0eb.msp
c:\windows\Installer\17dec0ec.msp
c:\windows\Installer\17dec0ed.msp
c:\windows\Installer\17dec0ee.msp
c:\windows\Installer\17dec0ef.msp
c:\windows\Installer\17dec0f0.msp
c:\windows\Installer\1a9b5b81.msp
c:\windows\Installer\1abc49c.msp
c:\windows\Installer\1abc49d.msp
c:\windows\Installer\1abc49e.msp
c:\windows\Installer\1abc49f.msp
c:\windows\Installer\1abc4a0.msp
c:\windows\Installer\1abc4a1.msp
c:\windows\Installer\1abc4a2.msp
c:\windows\Installer\1abc4a3.msp
c:\windows\Installer\1abc4a4.msp
c:\windows\Installer\1b6b4f7c.msp
c:\windows\Installer\1b6b4f7d.msp
c:\windows\Installer\1b6b4f7e.msp
c:\windows\Installer\1b6b4f7f.msp
c:\windows\Installer\1b6b4f80.msp
c:\windows\Installer\1b6b4f81.msp
c:\windows\Installer\1b6b4f82.msp
c:\windows\Installer\1b6b4f83.msp
c:\windows\Installer\1b6b4f84.msp
c:\windows\Installer\1d050c8d.msp
c:\windows\Installer\1d050c8e.msp
c:\windows\Installer\1d050c8f.msp
c:\windows\Installer\1d050c90.msp
c:\windows\Installer\1d050c91.msp
c:\windows\Installer\1d050c92.msp
c:\windows\Installer\1d050c93.msp
c:\windows\Installer\1d050c94.msp
c:\windows\Installer\1d050c95.msp
c:\windows\Installer\1d174.msi
c:\windows\Installer\1fce6fe.msp
c:\windows\Installer\1fce6ff.msp
c:\windows\Installer\1fce700.msp
c:\windows\Installer\1fce701.msp
c:\windows\Installer\1fce702.msp
c:\windows\Installer\1fce703.msp
c:\windows\Installer\1fce704.msp
c:\windows\Installer\1fce705.msp
c:\windows\Installer\1fce706.msp
c:\windows\Installer\2038d53.msp
c:\windows\Installer\2038d54.msp
c:\windows\Installer\2038d55.msp
c:\windows\Installer\2038d56.msp
c:\windows\Installer\2038d57.msp
c:\windows\Installer\2038d58.msp
c:\windows\Installer\2038d59.msp
c:\windows\Installer\2038d5a.msp
c:\windows\Installer\2038d5b.msp
c:\windows\Installer\2047cb5.msp
c:\windows\Installer\2047cb6.msp
c:\windows\Installer\2047cb7.msp
c:\windows\Installer\2047cb8.msp
c:\windows\Installer\2047cb9.msp
c:\windows\Installer\2047cba.msp
c:\windows\Installer\2047cbb.msp
c:\windows\Installer\2047cbc.msp
c:\windows\Installer\2047cbd.msp
c:\windows\Installer\2091af35.msp
c:\windows\Installer\2091af36.msp
c:\windows\Installer\2091af37.msp
c:\windows\Installer\2091af38.msp
c:\windows\Installer\2091af39.msp
c:\windows\Installer\2091af3a.msp
c:\windows\Installer\2091af3b.msp
c:\windows\Installer\2091af3c.msp
c:\windows\Installer\2091af3d.msp
c:\windows\Installer\222b7232.msp
c:\windows\Installer\222b7233.msp
c:\windows\Installer\222b7234.msp
c:\windows\Installer\222b7235.msp
c:\windows\Installer\222b7236.msp
c:\windows\Installer\222b7237.msp
c:\windows\Installer\222b7238.msp
c:\windows\Installer\222b7239.msp
c:\windows\Installer\222b723a.msp
c:\windows\Installer\223a6bc.msp
c:\windows\Installer\223a6bd.msp
c:\windows\Installer\223a6be.msp
c:\windows\Installer\223a6bf.msp
c:\windows\Installer\223a6c0.msp
c:\windows\Installer\223a6c1.msp
c:\windows\Installer\223a6c2.msp
c:\windows\Installer\223a6c3.msp
c:\windows\Installer\223a6c4.msp
c:\windows\Installer\2292758.msp
c:\windows\Installer\22d3f66.msp
c:\windows\Installer\22d3f67.msp
c:\windows\Installer\22d3f68.msp
c:\windows\Installer\22d3f69.msp
c:\windows\Installer\22d3f6a.msp
c:\windows\Installer\22d3f6b.msp
c:\windows\Installer\22d3f6c.msp
c:\windows\Installer\22d3f6d.msp
c:\windows\Installer\22d3f6e.msp
c:\windows\Installer\22e4117.msp
c:\windows\Installer\22e4118.msp
c:\windows\Installer\22e4119.msp
c:\windows\Installer\22e411a.msp
c:\windows\Installer\22e411b.msp
c:\windows\Installer\22e411c.msp
c:\windows\Installer\22e411d.msp
c:\windows\Installer\22e411e.msp
c:\windows\Installer\22e411f.msp
c:\windows\Installer\2305803f.msp
c:\windows\Installer\24c81.msp
c:\windows\Installer\24c82.msp
c:\windows\Installer\24c83.msp
c:\windows\Installer\24c84.msp
c:\windows\Installer\24c85.msp
c:\windows\Installer\24c86.msp
c:\windows\Installer\24c87.msp
c:\windows\Installer\24c88.msp
c:\windows\Installer\24c89.msp
c:\windows\Installer\25b7f2ac.msp
c:\windows\Installer\25b7f2ad.msp
c:\windows\Installer\25b7f2ae.msp
c:\windows\Installer\25b7f2af.msp
c:\windows\Installer\25b7f2b0.msp
c:\windows\Installer\25b7f2b1.msp
c:\windows\Installer\25b7f2b2.msp
c:\windows\Installer\25b7f2b3.msp
c:\windows\Installer\25b7f2b4.msp
c:\windows\Installer\2750074c.msp
c:\windows\Installer\2750074d.msp
c:\windows\Installer\2750074e.msp
c:\windows\Installer\2750074f.msp
c:\windows\Installer\27500750.msp
c:\windows\Installer\27500751.msp
c:\windows\Installer\27500752.msp
c:\windows\Installer\27500753.msp
c:\windows\Installer\27500754.msp
c:\windows\Installer\304b2454.msp
c:\windows\Installer\319d67b2.msp
c:\windows\Installer\319d67b3.msp
c:\windows\Installer\319d67b4.msp
c:\windows\Installer\319d67b5.msp
c:\windows\Installer\319d67b6.msp
c:\windows\Installer\319d67b7.msp
c:\windows\Installer\319d67b8.msp
c:\windows\Installer\319d67b9.msp
c:\windows\Installer\319d67ba.msp
c:\windows\Installer\3238f9c.msp
c:\windows\Installer\3238f9d.msp
c:\windows\Installer\3238f9e.msp
c:\windows\Installer\3238f9f.msp
c:\windows\Installer\3238fa0.msp
c:\windows\Installer\3238fa1.msp
c:\windows\Installer\3238fa2.msp
c:\windows\Installer\3238fa3.msp
c:\windows\Installer\3238fa4.msp
c:\windows\Installer\3424b.msp
c:\windows\Installer\3424c.msp
c:\windows\Installer\3424d.msp
c:\windows\Installer\3424e.msp
c:\windows\Installer\3424f.msp
c:\windows\Installer\34250.msp
c:\windows\Installer\34251.msp
c:\windows\Installer\34252.msp
c:\windows\Installer\34253.msp
c:\windows\Installer\3454cd1.msp
c:\windows\Installer\3454cd2.msp
c:\windows\Installer\3454cd3.msp
c:\windows\Installer\3454cd4.msp
c:\windows\Installer\3454cd5.msp
c:\windows\Installer\3454cd6.msp
c:\windows\Installer\3454cd7.msp
c:\windows\Installer\3454cd8.msp
c:\windows\Installer\3454cd9.msp
c:\windows\Installer\345b399f.msp
c:\windows\Installer\36c2f3fe.msp
c:\windows\Installer\36c2f3ff.msp
c:\windows\Installer\36c2f400.msp
c:\windows\Installer\36c2f401.msp
c:\windows\Installer\36c2f402.msp
c:\windows\Installer\36c2f403.msp
c:\windows\Installer\36c2f404.msp
c:\windows\Installer\36c2f405.msp
c:\windows\Installer\36c2f406.msp
c:\windows\Installer\379b5ef.msp
c:\windows\Installer\379b5f0.msp
c:\windows\Installer\379b5f1.msp
c:\windows\Installer\379b5f2.msp
c:\windows\Installer\379b5f3.msp
c:\windows\Installer\379b5f4.msp
c:\windows\Installer\379b5f5.msp
c:\windows\Installer\379b5f6.msp
c:\windows\Installer\379b5f7.msp
c:\windows\Installer\393782c.msp
c:\windows\Installer\393782d.msp
c:\windows\Installer\393782e.msp
c:\windows\Installer\393782f.msp
c:\windows\Installer\3937830.msp
c:\windows\Installer\3937831.msp
c:\windows\Installer\3937832.msp
c:\windows\Installer\3937833.msp
c:\windows\Installer\3937834.msp
c:\windows\Installer\3be942a0.msp
c:\windows\Installer\3be942a1.msp
c:\windows\Installer\3be942a2.msp
c:\windows\Installer\3be942a3.msp
c:\windows\Installer\3be942a4.msp
c:\windows\Installer\3be942a5.msp
c:\windows\Installer\3be942a6.msp
c:\windows\Installer\3be942a7.msp
c:\windows\Installer\3be942a8.msp
c:\windows\Installer\4051159.msp
c:\windows\Installer\405115a.msp
c:\windows\Installer\405115b.msp
c:\windows\Installer\405115c.msp
c:\windows\Installer\405115d.msp
c:\windows\Installer\405115e.msp
c:\windows\Installer\405115f.msp
c:\windows\Installer\4051160.msp
c:\windows\Installer\4051161.msp
c:\windows\Installer\410fa7b8.msp
c:\windows\Installer\410fa7b9.msp
c:\windows\Installer\410fa7ba.msp
c:\windows\Installer\410fa7bb.msp
c:\windows\Installer\410fa7bc.msp
c:\windows\Installer\410fa7bd.msp
c:\windows\Installer\410fa7be.msp
c:\windows\Installer\410fa7bf.msp
c:\windows\Installer\410fa7c0.msp
c:\windows\Installer\46360abd.msp
c:\windows\Installer\46360abe.msp
c:\windows\Installer\46360abf.msp
c:\windows\Installer\46360ac0.msp
c:\windows\Installer\46360ac1.msp
c:\windows\Installer\46360ac2.msp
c:\windows\Installer\46360ac3.msp
c:\windows\Installer\46360ac4.msp
c:\windows\Installer\46360ac5.msp
c:\windows\Installer\46684eb.msp
c:\windows\Installer\46684ec.msp
c:\windows\Installer\46684ed.msp
c:\windows\Installer\46684ee.msp
c:\windows\Installer\46684ef.msp
c:\windows\Installer\46684f0.msp
c:\windows\Installer\46684f1.msp
c:\windows\Installer\46684f2.msp
c:\windows\Installer\46684f3.msp
c:\windows\Installer\46c9c00.msp
c:\windows\Installer\46c9c01.msp
c:\windows\Installer\46c9c02.msp
c:\windows\Installer\46c9c03.msp
c:\windows\Installer\46c9c04.msp
c:\windows\Installer\46c9c05.msp
c:\windows\Installer\46c9c06.msp
c:\windows\Installer\46c9c07.msp
c:\windows\Installer\46c9c08.msp
c:\windows\Installer\4a5962f.msp
c:\windows\Installer\4a59630.msp
c:\windows\Installer\4a59631.msp
c:\windows\Installer\4a59632.msp
c:\windows\Installer\4a59633.msp
c:\windows\Installer\4a59634.msp
c:\windows\Installer\4a59635.msp
c:\windows\Installer\4a59636.msp
c:\windows\Installer\4a59637.msp
c:\windows\Installer\4b5ff17a.msp
c:\windows\Installer\4b5ff17b.msp
c:\windows\Installer\4b5ff17c.msp
c:\windows\Installer\4b5ff17d.msp
c:\windows\Installer\4b5ff17e.msp
c:\windows\Installer\4b5ff17f.msp
c:\windows\Installer\4b5ff180.msp
c:\windows\Installer\4b5ff181.msp
c:\windows\Installer\4b5ff182.msp
c:\windows\Installer\4e7d5b7.msp
c:\windows\Installer\4e7d5b8.msp
c:\windows\Installer\4e7d5b9.msp
c:\windows\Installer\4e7d5ba.msp
c:\windows\Installer\4e7d5bb.msp
c:\windows\Installer\4e7d5bc.msp
c:\windows\Installer\4e7d5bd.msp
c:\windows\Installer\4e7d5be.msp
c:\windows\Installer\4e7d5bf.msp
c:\windows\Installer\4f31260f.msp
c:\windows\Installer\4f75dca.msp
c:\windows\Installer\4f75dcb.msp
c:\windows\Installer\4f75dcc.msp
c:\windows\Installer\4f75dcd.msp
c:\windows\Installer\4f75dce.msp
c:\windows\Installer\4f75dcf.msp
c:\windows\Installer\4f75dd0.msp
c:\windows\Installer\4f75dd1.msp
c:\windows\Installer\4f75dd2.msp
c:\windows\Installer\5086546f.msp
c:\windows\Installer\50865470.msp
c:\windows\Installer\50865471.msp
c:\windows\Installer\50865472.msp
c:\windows\Installer\50865473.msp
c:\windows\Installer\50865474.msp
c:\windows\Installer\50865475.msp
c:\windows\Installer\50865476.msp
c:\windows\Installer\50865477.msp
c:\windows\Installer\51fcc02.msp
c:\windows\Installer\51fcc03.msp
c:\windows\Installer\51fcc04.msp
c:\windows\Installer\51fcc05.msp
c:\windows\Installer\51fcc06.msp
c:\windows\Installer\51fcc07.msp
c:\windows\Installer\51fcc08.msp
c:\windows\Installer\51fcc09.msp
c:\windows\Installer\51fcc0a.msp
c:\windows\Installer\521124e.msp
c:\windows\Installer\521124f.msp
c:\windows\Installer\5211250.msp
c:\windows\Installer\5211251.msp
c:\windows\Installer\5211252.msp
c:\windows\Installer\5211253.msp
c:\windows\Installer\5211254.msp
c:\windows\Installer\5211255.msp
c:\windows\Installer\5211256.msp
c:\windows\Installer\527608f.msi
c:\windows\Installer\5457901b.msp
c:\windows\Installer\55acb3da.msp
c:\windows\Installer\55acb3db.msp
c:\windows\Installer\55acb3dc.msp
c:\windows\Installer\55acb3dd.msp
c:\windows\Installer\55acb3de.msp
c:\windows\Installer\55acb3df.msp
c:\windows\Installer\55acb3e0.msp
c:\windows\Installer\55acb3e1.msp
c:\windows\Installer\55acb3e2.msp
c:\windows\Installer\5ad314cc.msp
c:\windows\Installer\5ad314cd.msp
c:\windows\Installer\5ad314ce.msp
c:\windows\Installer\5ad314cf.msp
c:\windows\Installer\5ad314d0.msp
c:\windows\Installer\5ad314d1.msp
c:\windows\Installer\5ad314d2.msp
c:\windows\Installer\5ad314d3.msp
c:\windows\Installer\5ad314d4.msp
c:\windows\Installer\5ff95cc7.msp
c:\windows\Installer\5ff95cc8.msp
c:\windows\Installer\5ff95cc9.msp
c:\windows\Installer\5ff95cca.msp
c:\windows\Installer\5ff95ccb.msp
c:\windows\Installer\5ff95ccc.msp
c:\windows\Installer\5ff95ccd.msp
c:\windows\Installer\5ff95cce.msp
c:\windows\Installer\5ff95ccf.msp
c:\windows\Installer\651fc8d4.msp
c:\windows\Installer\651fc8d5.msp
c:\windows\Installer\651fc8d6.msp
c:\windows\Installer\651fc8d7.msp
c:\windows\Installer\651fc8d8.msp
c:\windows\Installer\651fc8d9.msp
c:\windows\Installer\651fc8da.msp
c:\windows\Installer\651fc8db.msp
c:\windows\Installer\651fc8dc.msp
c:\windows\Installer\6a461a16.msp
c:\windows\Installer\6a461a17.msp
c:\windows\Installer\6a461a18.msp
c:\windows\Installer\6a461a19.msp
c:\windows\Installer\6a461a1a.msp
c:\windows\Installer\6a461a1b.msp
c:\windows\Installer\6a461a1c.msp
c:\windows\Installer\6a461a1d.msp
c:\windows\Installer\6a461a1e.msp
c:\windows\Installer\6d1dd49.msp
c:\windows\Installer\6d1dd4a.msp
c:\windows\Installer\6d1dd4b.msp
c:\windows\Installer\6d1dd4c.msp
c:\windows\Installer\6d1dd4d.msp
c:\windows\Installer\6d1dd4e.msp
c:\windows\Installer\6d1dd4f.msp
c:\windows\Installer\6d1dd50.msp
c:\windows\Installer\6d1dd51.msp
c:\windows\Installer\74d9699.msp
c:\windows\Installer\86baf88.msp
c:\windows\Installer\86baf89.msp
c:\windows\Installer\86baf8a.msp
c:\windows\Installer\86baf8b.msp
c:\windows\Installer\86baf8c.msp
c:\windows\Installer\86baf8d.msp
c:\windows\Installer\86baf8e.msp
c:\windows\Installer\86baf8f.msp
c:\windows\Installer\86baf90.msp
c:\windows\Installer\945fafc.msp
c:\windows\Installer\a2053.msp
c:\windows\Installer\a607b6c.msp
c:\windows\Installer\aa18b0.msi
c:\windows\Installer\b24313.msp
c:\windows\Installer\b24314.msp
c:\windows\Installer\b24315.msp
c:\windows\Installer\b24316.msp
c:\windows\Installer\b24317.msp
c:\windows\Installer\b24318.msp
c:\windows\Installer\b24319.msp
c:\windows\Installer\b2431a.msp
c:\windows\Installer\b2431b.msp
c:\windows\Installer\bf184.msi
c:\windows\Installer\c75ec29.msp
c:\windows\Installer\d84898.msp
c:\windows\Installer\d84899.msp
c:\windows\Installer\d8489a.msp
c:\windows\Installer\d8489b.msp
c:\windows\Installer\d8489c.msp
c:\windows\Installer\d8489d.msp
c:\windows\Installer\d8489e.msp
c:\windows\Installer\d8489f.msp
c:\windows\Installer\d848a0.msp
c:\windows\Installer\d920d9b.msp
c:\windows\Installer\d920d9c.msp
c:\windows\Installer\d920d9d.msp
c:\windows\Installer\d920d9e.msp
c:\windows\Installer\d920d9f.msp
c:\windows\Installer\d920da0.msp
c:\windows\Installer\d920da1.msp
c:\windows\Installer\d920da2.msp
c:\windows\Installer\d920da3.msp
c:\windows\Installer\efd96e3.msp
c:\windows\Installer\RadLinker.msi
c:\windows\RM.exe
c:\windows\system32\mdm.exe
c:\windows\Temp\1.exe

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
hxxp://binuser.fileave.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


(((((((((((((((((((((((((   Files Created from 2009-06-16 to 2009-07-16  )))))))))))))))))))))))))))))))
.

2009-07-16 01:32 . 2009-07-16 01:32	--------	d-----w-	c:\program files\Trend Micro
2009-07-16 00:39 . 2009-07-16 00:40	--------	d-s---w-	C:\Combo-Fix
2009-07-16 00:03 . 2009-07-16 00:23	--------	d-----w-	C:\123Qoobox
2009-07-15 22:26 . 2009-07-15 22:26	--------	d-----w-	c:\program files\Sophos
2009-07-15 21:42 . 2009-07-15 21:42	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 00:19 . 2009-06-25 00:19	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles
2009-06-25 00:17 . 2009-06-25 00:17	--------	d-----w-	c:\program files\AGEIA Technologies
2009-06-25 00:17 . 2009-06-25 00:17	--------	d-----w-	c:\windows\system32\AGEIA
2009-06-16 19:54 . 2009-06-16 19:54	--------	d-----w-	c:\program files\PopCap Games

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 04:10 . 2007-03-03 01:08	--------	d-----w-	c:\documents and settings\me\Application Data\DMCache
2009-07-16 04:10 . 2007-03-03 01:08	--------	d-----w-	c:\docume~1\me\APPLIC~1\DMCache
2009-07-16 00:31 . 2005-06-10 11:42	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-15 21:10 . 2009-01-13 17:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-15 18:58 . 2007-02-21 05:24	--------	d-----w-	c:\documents and settings\me\Application Data\R-Wipe&Clean
2009-07-15 18:58 . 2007-02-21 05:24	--------	d-----w-	c:\docume~1\me\APPLIC~1\R-Wipe&Clean
2009-07-13 20:36 . 2009-01-13 17:13	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-13 17:13	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-12 15:22 . 2009-02-22 00:26	--------	d-----w-	c:\documents and settings\me\Application Data\Vidalia
2009-07-12 15:22 . 2009-02-22 00:26	--------	d-----w-	c:\docume~1\me\APPLIC~1\Vidalia
2009-07-12 15:22 . 2009-02-22 00:38	--------	d-----w-	c:\documents and settings\me\Application Data\tor
2009-07-12 15:22 . 2009-02-22 00:38	--------	d-----w-	c:\docume~1\me\APPLIC~1\tor
2009-06-25 15:25 . 2007-01-24 06:56	--------	d-----w-	c:\program files\CoffeeCup Software
2009-06-25 00:17 . 2005-06-10 12:01	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-06-20 21:50 . 2008-10-15 16:15	889360	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 18:58 . 2009-06-09 13:48	--------	d-----w-	c:\documents and settings\me\Application Data\nHancer
2009-06-19 18:58 . 2009-06-09 13:48	--------	d-----w-	c:\docume~1\me\APPLIC~1\nHancer
2009-06-17 02:02 . 2007-03-31 04:43	138016	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-06-17 02:02 . 2007-03-31 04:43	189392	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-06-12 14:42 . 2009-06-12 14:39	--------	d-----w-	c:\program files\nLite
2009-06-10 22:53 . 2009-06-06 15:36	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\AA3DeployClient
2009-06-10 22:35 . 2005-09-03 18:16	1984	----a-w-	c:\windows\system32\d3d9caps.dat
2009-06-10 16:46 . 2007-04-10 04:13	--------	d-----w-	c:\documents and settings\me\Application Data\IDM
2009-06-10 16:46 . 2007-04-10 04:13	--------	d-----w-	c:\docume~1\me\APPLIC~1\IDM
2009-06-10 15:28 . 2009-06-10 15:28	3510272	----a-w-	c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28	4022272	----a-w-	c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28	168004	----a-w-	c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28	13758464	----a-w-	c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-06-10 13:57 . 2009-06-10 13:57	--------	d-----w-	c:\documents and settings\me\Application Data\IGN_DLM
2009-06-10 13:57 . 2009-06-10 13:57	--------	d-----w-	c:\docume~1\me\APPLIC~1\IGN_DLM
2009-06-10 13:39 . 2005-06-10 12:01	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-10 13:38 . 2005-06-10 12:07	--------	d-----w-	c:\program files\Symantec
2009-06-10 13:28 . 2009-01-29 00:25	--------	d-----w-	c:\program files\Jigsaw Puzzle Platinum Edition
2009-06-10 13:03 . 2009-06-10 13:03	9998336	----a-w-	c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03	815104	----a-w-	c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03	8087712	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03	671744	----a-w-	c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03	5908608	----a-w-	c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03	1720320	----a-w-	c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03	1580550	----a-w-	c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03	151552	----a-w-	c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03	151552	----a-w-	c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03	1310720	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-12-31 04:30	457248	----a-w-	c:\windows\system32\nvudisp.exe
2009-06-09 13:49 . 2006-12-31 04:35	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\NVIDIA
2009-06-09 13:49 . 2009-06-09 13:47	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\nHancer
2009-06-09 13:34 . 2009-06-09 13:34	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-06-09 03:55 . 2008-05-08 05:01	--------	d-----w-	c:\program files\UltraLeecher
2009-06-09 03:54 . 2005-09-28 00:06	--------	d-----w-	c:\program files\TuneUp Utilities 2006
2009-06-09 03:53 . 2006-09-19 13:35	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-06-09 03:53 . 2006-09-19 13:35	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-06-09 03:46 . 2006-04-20 13:32	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-09 03:46 . 2006-04-20 13:32	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2009-06-09 03:44 . 2009-06-09 03:44	--------	d--h--w-	c:\program files\Zero G Registry
2009-06-09 03:42 . 2007-10-06 16:57	--------	d-----w-	c:\program files\IrfanView
2009-06-09 03:42 . 2005-06-10 12:01	--------	d-----w-	c:\program files\Hewlett-Packard
2009-06-09 03:42 . 2006-09-15 06:03	--------	d-----w-	c:\program files\IGN
2009-06-09 03:28 . 2005-06-10 12:01	--------	d-----w-	c:\program files\Fraps
2009-06-09 03:27 . 2008-09-09 21:44	--------	d-----w-	c:\program files\Exodus
2009-06-09 03:27 . 2005-08-12 06:52	--------	d-----w-	c:\documents and settings\me\Application Data\Exodus
2009-06-09 03:27 . 2005-08-12 06:52	--------	d-----w-	c:\docume~1\me\APPLIC~1\Exodus
2009-06-09 03:26 . 2007-03-30 02:30	--------	d-----w-	c:\program files\DAZ
2009-06-09 03:23 . 2005-06-10 11:59	--------	d-----w-	c:\program files\ASUS
2009-06-09 03:22 . 2005-06-10 12:00	--------	d-----w-	c:\program files\Common Files\Adobe
2009-06-09 03:22 . 2006-12-26 04:19	--------	d-----w-	c:\documents and settings\me\Application Data\Lavasoft
2009-06-09 03:22 . 2006-12-26 04:19	--------	d-----w-	c:\docume~1\me\APPLIC~1\Lavasoft
2009-06-09 03:21 . 2007-06-27 04:15	--------	d-----w-	c:\program files\123Movies2PSP
2009-06-08 03:57 . 2006-10-15 10:01	4764	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2009-06-08 03:27 . 2009-06-08 03:27	906	----a-w-	C:\fix.bat
2009-06-06 02:32 . 2007-03-31 04:43	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-06-06 02:17 . 2009-06-06 02:16	--------	d-----w-	c:\program files\America's Army test
2009-06-06 02:09 . 2005-10-21 17:09	--------	d-----w-	c:\program files\MasterSplitter
2009-06-06 01:43 . 2008-03-08 22:17	142200	----a-w-	c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 01:43 . 2008-03-08 22:17	142200	----a-w-	c:\docume~1\me\LOCALS~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2009-06-06 01:01 . 2009-06-06 00:36	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\AA2DeployClient
2009-06-04 23:39 . 2006-06-20 12:18	457248	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-06-03 22:41 . 2008-05-08 05:02	37472	----a-w-	c:\windows\Fonts\INFOview.fon\infoview.fon
2009-06-03 22:41 . 2008-05-08 05:02	--------	d-----w-	c:\windows\Fonts\INFOview.fon
2009-05-31 17:12 . 2009-05-31 17:12	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-05-29 21:17 . 2009-05-29 21:17	--------	d-----w-	c:\documents and settings\me\Application Data\EPSON
2009-05-29 21:17 . 2009-05-29 21:17	--------	d-----w-	c:\docume~1\me\APPLIC~1\EPSON
2009-05-29 21:12 . 2009-05-29 21:12	--------	d-----w-	c:\program files\epson
2009-05-28 18:59 . 2007-08-22 04:46	59160	----a-w-	c:\windows\system32\zlib.dll
2009-05-28 15:06 . 2009-05-28 15:06	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-05-28 15:06 . 2005-06-10 12:01	--------	d-----w-	c:\program files\Java
2009-05-28 15:06 . 2009-05-28 15:06	152576	----a-w-	c:\documents and settings\me\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 01:24 . 2008-03-13 00:48	--------	d-----w-	c:\program files\VMware
2009-05-27 01:24 . 2008-03-13 00:48	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\VMware
2009-05-27 01:03 . 2009-05-27 01:03	--------	d-----w-	c:\program files\Electronic Arts
2009-05-05 20:35 . 2009-05-05 20:35	604416	----a-w-	c:\windows\system32\TUProgSt.exe
2009-05-05 20:35 . 2009-05-05 20:35	361216	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2009-04-28 16:55 . 2009-04-28 16:55	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
2003-08-27 22:19 . 2005-01-30 19:29	36963	----a-r-	c:\program files\Common Files\SM1updtr.dll
2009-06-16 15:58 . 2009-02-22 00:34	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
2002-08-01 02:55 . 2007-01-24 06:56	106	--sh--w-	c:\windows\WSYS049.SYS
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-04-10 894720]
"RWipeD"="c:\program files\R-Wipe&Clean\rwiped.exe" [2007-02-15 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-07-11 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 23:13	49152	----a-w-	c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 23:36	90112	----a-w-	c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ltme
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pjgj
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aliasdocserver"=2 (0x2)
"Norton Ghost"=3 (0x3)
"MskService"=2 (0x2)
"x10nets"=3 (0x3)
"Speed Disk service"=2 (0x2)
"RadClock"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"TapiSrv"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"SQLWriter"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"SCardSvr"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"NProtectService"=2 (0x2)
"Multiplicity"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"mnmsrvc"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GuardDogEXE"=3 (0x3)
"GoToMyPC"=2 (0x2)
"DTSRVC"=2 (0x2)
"ColdFusion MX 7 Search Server"=3 (0x3)
"ColdFusion MX 7 Application Server"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Asset Management Daemon"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"|MicServiceAP"=2 (0x2)
"|MicServiceA8"=2 (0x2)
"SwPrv"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"igndlm.exe"=c:\program files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe"
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office7\Office12\GrooveMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Copperhead"=c:\program files\Razer\Copperhead\razerhid.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America's Army test\\System\\ArmyOps.exe"=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/13/2005 2:18 AM 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [10/13/2005 2:19 AM 16640]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3/6/2005 5:19 PM 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [1/29/2005 12:46 PM 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [9/17/2003 7:00 AM 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [9/17/2003 7:00 AM 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [10/13/2005 5:32 AM 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [3/6/2005 5:19 PM 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/17/2007 11:02 PM 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 1:35 PM 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
S1 atitray;atitray;\??\c:\program files\Ray Adams\ATI Tray Tools\atitray.sys --> c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [?]
S2 WinDefend;Windows Defender Service;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [1/15/2005 4:12 PM 5824]
S3 BS_DEF;BS_DEF;\??\c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/22/2008 10:18 PM 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [1/30/2005 12:38 PM 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [10/13/2005 5:32 AM 11351]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [4/15/2006 9:03 PM 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [10/13/2005 5:32 AM 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [12/3/2004 4:54 PM 56704]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\UltraLeecher\UltraCrypt.sys --> c:\program files\UltraLeecher\UltraCrypt.sys [?]
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [3/22/2006 2:00 PM 61440]
S4 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [3/22/2006 1:59 PM 2732608]
S4 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE --> c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-Spyware Doctor - (no file)
ShellExecuteHooks-{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - (no file)
ShellExecuteHooks-{35B2861B-2B26-4691-9FF0-09083722C736} - (no file)
Notify-GoToMyPC - c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
Notify-AtiExtEvent - (no file)
Notify-qoMggfGV - qoMggfGV.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar = 
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI8C0D~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\Eltima Software\Flash Decompiler\iebt.html
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\me\APPLIC~1\Mozilla\Firefox\Profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 21:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE? 

scanning hidden files ...  

scan completed successfully
hidden files: 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1300)
geyekrkcxxccqt.dll 10000000	36864 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

- - - - - - - > 'explorer.exe'(3604)
geyekrkcxxccqt.dll 10000000	36864 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\COMMON~1\stardock\SDMCP.exe
c:\windows\system32\PnkBstrA.exe
c:\autodesk network license manager\adskflex.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\progra~1\MICROS~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-16 21:16 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-16 04:16

Pre-Run: 13,925,093,376 bytes free
Post-Run: 14,021,410,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /tutag=cbpve9 /kernel=tukernel.exe /usepmtimer

944	--- E O F ---	2008-10-15 15:56

Last mbam log

Malwarebytes' Anti-Malware 1.39
Database version: 2437
Windows 5.1.2600 Service Pack 2

7/15/2009 9:28:10 PM
mbam-log-2009-07-15 (21-28-10).txt

Scan type: Quick Scan
Objects scanned: 96887
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

[AdvancedSetup]

Wow... you've got a mess there.
Please run the following. Please DO NOT use Quote or CODE Tags unless requested, just post directly.

STEP 01
Please download and run these tools which are designed to restore some standard policy settings. They are not harmful.

VArestorepolicies.INF

• Download this INF repair file from here: VArestorepolicies.zip by MS-MVP Miekiemoes
  
• Unzip or open the file VArestorepolicies.zip
  
• Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install

FixPolicies.exe

• Download this self-extracting ZIP archive from here: FixPolicies.exe by MS-MVP Bill Castner and save it to your desktop.
  
• Double-click FixPolicies.exe
  
• Click the "Install" button on the bottom toolbar of the box that will open
  
• The program will create a new Folder called FixPolicies
  
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
  
• A black box will briefly appear and then close
  
• These fixes may prove temporary. Active malware may revert these changes on your next startup. You can safely run these utilities again.

STEP 02
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java

STEP 03

Download and install CCleaner

• CCleaner
  
• Double-click on the downloaded file "ccsetup220_slim.exe" and install the application.
  
• Keep the default installation folder "C:\Program Files\CCleaner"
  
• Click finish when done and close ALL PROGRAMS
  
• Start the CCleaner program.
  
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  
• Click on Run Cleaner button on the bottom right side of the program.
  
• Click OK to any prompts

Restart the Computer Now

STEP 04
Delete your current copy of Combofix.exe and download a NEW fresh copy and run it again and post back the NEW log.

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe

STEP 05
Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 14.

• Go to http://java.sun.com/...loads/index.jsp
  
• Go to Java Runtime Environment (JRE) 6 Update 14 about half way down the page and click on the Download button.
  
• In Platform box choose Windows.
  
• Check the box to Accept License Agreement and click Continue.
  
• Click on Windows Offline Installation, click on the link under it which says jre-6u14-windows-i586.exe and save the downloaded file to your desktop.
  
• Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  
• Uncheck the Toolbar button (unless you want the toolbar)
  
• Reboot your computer

STEP 06
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply

STEP 06
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

STEP 07
Temporarily disable your current Anti-Virus and run this Online AV scanner
Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  
• Click Start
  
• Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  
• Click Scan
  
• Wait for the scan to finish
  
• Re-enable your Anvirisus software.
  
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

[brew]

Steps 1-6 completed as directed.
Step 7, still in the process, going to take some time, (13% @ 50 min)
I will post eset log as soon as its completed.
All other requested logs follows -

Again, your time and help is much appreciated!

JavaRa log -

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jul 16 05:40:29 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410206

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.


New ComboFix log -

ComboFix 09-07-14.08 - me 07/16/2009 6:04.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1428 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 12:51 . 2009-07-16 12:51 -------- d-----w- c:\program files\CCleaner
2009-07-16 01:32 . 2009-07-16 01:32 -------- d-----w- c:\program files\Trend Micro
2009-07-16 00:39 . 2009-07-16 00:40 -------- d-s---w- C:\Combo-Fix
2009-07-16 00:03 . 2009-07-16 00:23 -------- d-----w- C:\123Qoobox
2009-07-15 22:26 . 2009-07-15 22:26 -------- d-----w- c:\program files\Sophos
2009-07-15 21:42 . 2009-07-15 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\windows\system32\AGEIA
2009-06-16 19:54 . 2009-06-16 19:54 -------- d-----w- c:\program files\PopCap Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 13:16 . 2007-03-03 01:08 -------- d-----w- c:\documents and settings\me\Application Data\DMCache
2009-07-16 07:01 . 2007-02-21 05:24 -------- d-----w- c:\documents and settings\me\Application Data\R-Wipe&Clean
2009-07-16 00:31 . 2005-06-10 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-15 21:10 . 2009-01-13 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2009-01-13 17:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-13 17:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 15:22 . 2009-02-22 00:26 -------- d-----w- c:\documents and settings\me\Application Data\Vidalia
2009-07-12 15:22 . 2009-02-22 00:38 -------- d-----w- c:\documents and settings\me\Application Data\tor
2009-06-25 15:25 . 2007-01-24 06:56 -------- d-----w- c:\program files\CoffeeCup Software
2009-06-25 00:17 . 2005-06-10 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 21:50 . 2008-10-15 16:15 889360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 18:58 . 2009-06-09 13:48 -------- d-----w- c:\documents and settings\me\Application Data\nHancer
2009-06-17 02:02 . 2007-03-31 04:43 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-17 02:02 . 2007-03-31 04:43 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-12 14:42 . 2009-06-12 14:39 -------- d-----w- c:\program files\nLite
2009-06-10 22:53 . 2009-06-06 15:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA3DeployClient
2009-06-10 22:35 . 2005-09-03 18:16 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 16:46 . 2007-04-10 04:13 -------- d-----w- c:\documents and settings\me\Application Data\IDM
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\documents and settings\me\Application Data\IGN_DLM
2009-06-10 13:39 . 2005-06-10 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 13:38 . 2005-06-10 12:07 -------- d-----w- c:\program files\Symantec
2009-06-10 13:28 . 2009-01-29 00:25 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum Edition
2009-06-10 13:03 . 2009-06-10 13:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-12-31 04:30 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-09 13:49 . 2006-12-31 04:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NVIDIA
2009-06-09 13:49 . 2009-06-09 13:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nHancer
2009-06-09 13:34 . 2009-06-09 13:34 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 03:55 . 2008-05-08 05:01 -------- d-----w- c:\program files\UltraLeecher
2009-06-09 03:54 . 2005-09-28 00:06 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-09 03:44 . 2009-06-09 03:44 -------- d--h--w- c:\program files\Zero G Registry
2009-06-09 03:42 . 2007-10-06 16:57 -------- d-----w- c:\program files\IrfanView
2009-06-09 03:42 . 2005-06-10 12:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-09 03:42 . 2006-09-15 06:03 -------- d-----w- c:\program files\IGN
2009-06-09 03:28 . 2005-06-10 12:01 -------- d-----w- c:\program files\Fraps
2009-06-09 03:27 . 2008-09-09 21:44 -------- d-----w- c:\program files\Exodus
2009-06-09 03:27 . 2005-08-12 06:52 -------- d-----w- c:\documents and settings\me\Application Data\Exodus
2009-06-09 03:26 . 2007-03-30 02:30 -------- d-----w- c:\program files\DAZ
2009-06-09 03:23 . 2005-06-10 11:59 -------- d-----w- c:\program files\ASUS
2009-06-09 03:22 . 2005-06-10 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:22 . 2006-12-26 04:19 -------- d-----w- c:\documents and settings\me\Application Data\Lavasoft
2009-06-09 03:21 . 2007-06-27 04:15 -------- d-----w- c:\program files\123Movies2PSP
2009-06-08 03:57 . 2006-10-15 10:01 4764 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-08 03:27 . 2009-06-08 03:27 906 ----a-w- C:\fix.bat
2009-06-06 02:32 . 2007-03-31 04:43 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 02:17 . 2009-06-06 02:16 -------- d-----w- c:\program files\America's Army test
2009-06-06 02:09 . 2005-10-21 17:09 -------- d-----w- c:\program files\MasterSplitter
2009-06-06 01:43 . 2008-03-08 22:17 142200 ----a-w- c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 01:01 . 2009-06-06 00:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA2DeployClient
2009-06-04 23:39 . 2006-06-20 12:18 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 22:41 . 2008-05-08 05:02 37472 ----a-w- c:\windows\Fonts\INFOview.fon\infoview.fon
2009-06-03 22:41 . 2008-05-08 05:02 -------- d-----w- c:\windows\Fonts\INFOview.fon
2009-05-31 17:12 . 2009-05-31 17:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\documents and settings\me\Application Data\EPSON
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\program files\epson
2009-05-28 18:59 . 2007-08-22 04:46 59160 ----a-w- c:\windows\system32\zlib.dll
2009-05-28 15:06 . 2009-05-28 15:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\program files\VMware
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware
2009-05-27 01:03 . 2009-05-27 01:03 -------- d-----w- c:\program files\Electronic Arts
2009-05-05 20:35 . 2009-05-05 20:35 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-05 20:35 . 2009-05-05 20:35 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-04-28 16:55 . 2009-04-28 16:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2003-08-27 22:19 . 2005-01-30 19:29 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-06-16 15:58 . 2009-02-22 00:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2002-08-01 02:55 . 2007-01-24 06:56 106 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_04.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 04:19 . 2009-07-16 12:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-15 23:04 . 2009-07-16 12:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-15 21:42 . 2009-07-16 12:57 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-15 21:42 . 2009-07-15 21:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2005-01-15 23:04 . 2009-07-16 12:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-04-10 894720]
"RWipeD"="c:\program files\R-Wipe&Clean\rwiped.exe" [2007-02-15 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-07-11 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 23:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 23:36 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aliasdocserver"=2 (0x2)
"Norton Ghost"=3 (0x3)
"MskService"=2 (0x2)
"x10nets"=3 (0x3)
"Speed Disk service"=2 (0x2)
"RadClock"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"TapiSrv"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"SQLWriter"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"SCardSvr"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"NProtectService"=2 (0x2)
"Multiplicity"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"mnmsrvc"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GuardDogEXE"=3 (0x3)
"GoToMyPC"=2 (0x2)
"DTSRVC"=2 (0x2)
"ColdFusion MX 7 Search Server"=3 (0x3)
"ColdFusion MX 7 Application Server"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Asset Management Daemon"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"|MicServiceAP"=2 (0x2)
"|MicServiceA8"=2 (0x2)
"SwPrv"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"igndlm.exe"=c:\program files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe"
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office7\Office12\GrooveMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Copperhead"=c:\program files\Razer\Copperhead\razerhid.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America's Army test\\System\\ArmyOps.exe"=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/13/2005 2:18 AM 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [10/13/2005 2:19 AM 16640]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3/6/2005 5:19 PM 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [1/29/2005 12:46 PM 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [9/17/2003 7:00 AM 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [9/17/2003 7:00 AM 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [10/13/2005 5:32 AM 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [3/6/2005 5:19 PM 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/17/2007 11:02 PM 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 1:35 PM 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
S1 atitray;atitray;\??\c:\program files\Ray Adams\ATI Tray Tools\atitray.sys --> c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [?]
S2 WinDefend;Windows Defender Service;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [1/15/2005 4:12 PM 5824]
S3 BS_DEF;BS_DEF;\??\c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/22/2008 10:18 PM 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [1/30/2005 12:38 PM 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [10/13/2005 5:32 AM 11351]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [4/15/2006 9:03 PM 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [10/13/2005 5:32 AM 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [12/3/2004 4:54 PM 56704]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\UltraLeecher\UltraCrypt.sys --> c:\program files\UltraLeecher\UltraCrypt.sys [?]
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [3/22/2006 2:00 PM 61440]
S4 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [3/22/2006 1:59 PM 2732608]
S4 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE --> c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI8C0D~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\Eltima Software\Flash Decompiler\iebt.html
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\me\APPLIC~1\Mozilla\Firefox\Profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
geyekrkcxxccqt.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

- - - - - - - > 'explorer.exe'(3076)
geyekrkcxxccqt.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-07-16 6:19
ComboFix-quarantined-files.txt 2009-07-16 13:19
ComboFix2.txt 2009-07-16 04:17

Pre-Run: 14,212,747,264 bytes free
Post-Run: 14,226,898,944 bytes free

350 --- E O F --- 2008-10-15 15:56


Mbam log

Malwarebytes' Anti-Malware 1.39
Database version: 2440
Windows 5.1.2600 Service Pack 2

7/16/2009 6:39:54 AM
mbam-log-2009-07-16 (06-39-54).txt

Scan type: Quick Scan
Objects scanned: 97716
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

DDS Log

DDS (Ver_09-06-26.01) - NTFSx86
Run by me at 6:53:20.53 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1285 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Autodesk Network License Manager\lmgrd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Autodesk Network License Manager\adskflex.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\R-Wipe&Clean\rwiped.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\me\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi8c0d~1\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\mi8c0d~1\office12\GRA8E1~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {CC4B2EE6-4803-11D7-8A38-00B0D0C6B814} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [RWipeD] c:\program files\r-wipe&clean\rwiped.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi8c0d~1\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\eltima software\flash decompiler\iebt.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi8c0d~1\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi8c0d~1\office12\REFIEBAR.DLL
IE: {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - {cc4b2ee6-4803-11d7-8a38-00b0d0c6b814}
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5677/mcfscan.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi8c0d~1\office12\GR99D3~1.DLL
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: Multi - c:\program files\stardock\thinkdesk\multiplicity\MultiWin32.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\application data\mozilla\firefox\profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [2005-10-13 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-10-13 16640]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2006-1-20 50048]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-3-6 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [2005-1-29 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [2003-9-17 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [2003-9-17 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2005-10-13 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-3-6 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2007-11-17 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-5 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
S1 atitray;atitray;\??\c:\program files\ray adams\ati tray tools\atitray.sys --> c:\program files\ray adams\ati tray tools\atitray.sys [?]
S2 WinDefend;Windows Defender Service;"c:\program files\windows defender\msmpeng.exe" --> c:\program files\windows defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2005-1-15 5824]
S3 BS_DEF;BS_DEF;\??\c:\windows\bs_def.sys --> c:\windows\BS_DEF.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-11-22 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [2005-1-30 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2005-10-13 11351]
S3 Memctl;Memctl;\??\c:\program files\abit\abit uguru\memctl.sys --> c:\program files\abit\abit uguru\Memctl.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2006-4-15 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [2005-10-13 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-12-3 56704]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\USBICP.sys [2006-4-15 14592]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\ultraleecher\ultracrypt.sys --> c:\program files\ultraleecher\UltraCrypt.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-27 197752]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-27 78968]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-27 164984]
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [2006-3-22 61440]
S4 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [2006-3-22 2732608]
S4 GuardDogEXE;McAfee Privacy Service;"c:\program files\mcafee\mcafee privacy service\guarddog.exe" /service --> c:\program files\mcafee\mcafee privacy service\GUARDDOG.EXE [?]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~1\nprotect.exe --> c:\progra~1\norton~1\norton~1\NPROTECT.EXE [?]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-3-6 819352]

=============== Created Last 30 ================

2009-07-16 06:40 61,440 a------- c:\windows\system32\drivers\uwdl.sys
2009-07-16 05:51 <DIR> --d----- c:\program files\CCleaner
2009-07-15 21:13 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-15 20:42 <DIR> a-dshr-- C:\cmdcons
2009-07-15 18:32 <DIR> --d----- c:\program files\Trend Micro
2009-07-15 17:39 219,648 a------- c:\windows\PEV.exe
2009-07-15 17:39 161,792 a------- c:\windows\SWREG.exe
2009-07-15 17:39 98,816 a------- c:\windows\sed.exe
2009-07-15 17:39 <DIR> --ds---- C:\Combo-Fix
2009-07-15 17:03 <DIR> --d----- C:\123Qoobox
2009-07-15 15:26 <DIR> --d----- c:\program files\Sophos
2009-06-24 17:17 <DIR> --d----- c:\windows\system32\AGEIA
2009-06-24 17:17 19,495 a------- c:\windows\system32\nvdisp.nvu
2009-06-16 12:54 <DIR> --d----- c:\program files\PopCap Games
2009-06-16 08:24 42 a------- c:\windows\system32\Jiii_PNUCT.pnc
2009-06-16 08:23 42 a------- c:\windows\system32\AK083E209605E394C.lie

==================== Find3M ====================

2009-07-16 06:40 256 a------- c:\program files\hhugrru.txt
2009-07-16 06:28 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 19:02 138,016 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-16 19:02 189,392 a------- c:\windows\system32\PnkBstrB.exe
2009-06-10 15:35 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-07 20:57 4,764 a------- c:\windows\system32\PerfStringBackup.TMP
2009-06-07 20:27 906 a------- C:\fix.bat
2009-06-05 19:32 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-05-28 11:59 59,160 a------- c:\windows\system32\zlib.dll
2009-05-05 13:35 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-05-05 13:35 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-28 09:55 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-03-02 20:10 22,328 a------- c:\docume~1\me\applic~1\PnkBstrK.sys
2007-11-15 21:46 3,902,784 a------- c:\documents and settings\me\gosetup.exe
2003-08-27 15:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2002-07-31 19:55 106 ---sh--- c:\windows\WSYS049.SYS

============= FINISH: 6:55:23.67 ===============

Attach Log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 6/20/2006 1:47:54 AM
System Uptime: 7/16/2009 6:30:02 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | CROSSHAIR
Processor: AMD Athlon™ 64 FX-62 Dual Core Processor | Socket AM2 | 2812/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 138 GiB total, 13.094 GiB free.
D: is FIXED (NTFS) - 279 GiB total, 9.884 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 279 GiB total, 22.587 GiB free.
G: is FIXED (NTFS) - 128 GiB total, 2.22 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 149 GiB total, 1.832 GiB free.
M: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {FD02DFAC-6A7C-4391-97DA-F81FEF1FC9D3}
Description: Radeon Probe Driver
Device ID: ROOT\PROBES\0000
Manufacturer: ChrisW
Name: Radeon Probe Driver
PNP Device ID: ROOT\PROBES\0000
Service: RadProbe

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: a347bus

==== System Restore Points ===================

RP249: 7/15/2009 1:48:55 PM - System Checkpoint
RP250: 7/15/2009 1:48:55 PM - System Checkpoint
RP251: 7/15/2009 1:48:55 PM - Removed nHancer
RP252: 7/15/2009 1:48:56 PM - Removed Steam
RP253: 7/15/2009 1:48:56 PM - Removed NVIDIA PhysX
RP254: 7/15/2009 1:48:56 PM - Removed NVIDIA GAME System Software 2.8.1
RP255: 7/15/2009 1:48:56 PM - System Checkpoint
RP256: 7/15/2009 1:48:56 PM - System Checkpoint
RP257: 7/15/2009 1:48:56 PM - System Checkpoint
RP258: 7/15/2009 1:48:56 PM - System Checkpoint
RP259: 7/15/2009 1:48:56 PM - System Checkpoint
RP260: 7/15/2009 1:48:56 PM - System Checkpoint
RP261: 7/15/2009 1:48:56 PM - System Checkpoint
RP262: 7/15/2009 1:48:56 PM - System Checkpoint
RP263: 7/15/2009 1:48:56 PM - System Checkpoint
RP264: 7/15/2009 1:48:56 PM - System Checkpoint
RP265: 7/15/2009 1:48:56 PM - System Checkpoint
RP266: 7/15/2009 1:48:56 PM - System Checkpoint
RP267: 7/15/2009 1:48:57 PM - System Checkpoint
RP268: 7/15/2009 1:48:57 PM - System Checkpoint
RP269: 7/15/2009 1:48:57 PM - System Checkpoint

==== Installed Programs ======================

3DMark06
55mm v7.5 for Adobe Photoshop & Compatible Applications
7-Zip 4.32
AA Forceclass Install
AA2Deploy
AA3Deploy
Acronis True Image Home
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe After Effects 6.5
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 1.5
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Encore DVD 1.5
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe FrameMaker v7.1
Adobe GoLive CS2
Adobe GoLive CS2 English
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS
Adobe InDesign 2.0
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop Lightroom
Adobe Premiere Elements 1.0
Adobe Premiere Pro 2.0
Adobe Reader 7.0.9
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Alcohol 120%
Alien Skin Blow Up
Alien Skin Exposure
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Image Doctor
Alien Skin Snap Art
Alien Skin Xenofex 2
AOEMView 2009
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
ATI Decoder
ATI Multimedia Center
ATI Remote Wonder 2
AutoCAD 2005 - English
AutoCAD 2007 - English
AutoCAD Mechanical 2009
Autodesk DWF Viewer
Autodesk Inventor Professional 2009
AutoSketch Release 9
AV Bros. Page Curl 2.0 (Remove Only)
AV Bros. Page Curl Pro 2.2 (Remove Only)
AV Bros. Puzzle Pro 2.2 (Remove Only)
AviSynth 2.5
AXIS Media Control
AXIS Media Control Embedded
Bejeweled Twist 1.0.3.7482
Bonjour
Call of Duty® 4 - Modern Warfare™ 1.2 Patch
Camtasia Studio 2
ccCommon
CCleaner (remove only)
CheckIt Diagnostics
Chief Architect Full Version
CoffeeCup Direct FTP
CoffeeCup Flash Firestarter
CoffeeCup Flash Form Builder - Registered
CoffeeCup Flash Menu Builder
CoffeeCup Flash Password Wizard
CoffeeCup Flash Photo Gallery - Registered
CoffeeCup Flash Website Font
CoffeeCup Flash Website Search - Registered
CoffeeCup GIF Animator
CoffeeCup Google SiteMapper
CoffeeCup HTML Editor 2007
CoffeeCup Image Mapper
CoffeeCup Live Chat - Registered
CoffeeCup LockBox
CoffeeCup MP3 Rip & Burn
CoffeeCup PixConverter
CoffeeCup RSS News Flash - Registered
CoffeeCup StyleSheet Maker
CoffeeCup Visual Site Designer
CoffeeCup Web Calendar
CoffeeCup Web JukeBox - Registered
CoffeeCup Web Video Player - Registered
CoffeeCup WebCam 3.5
CoffeeCup Website Color Schemer
Copy
Creative Audio Console
Creative System Information
CreativeProjects
CreativeProjectsTemplates
CueTour
Cypress USB Mass Storage Driver Installation
DesktopX Professional
Destinations
Dfine 2.0
DH Driver Cleaner Professional Edition
Digital Film Lab v2.5 for Adobe Photoshop & Compatible Applications
Director
DISC TITLE PRINTER
DivX
DivX Player
DocProc
Dragon NaturallySpeaking 8
Dual-Core Optimizer
DWG TrueView 2009
EPSON Scan
Extensis Mask Pro 3.0
Extensis PhotoFrame 2.5
Eye Candy 4000 Demo
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
Flash Decompiler
FlashMenu
FLicKeR v2.1.2
FloorCOST Estimator Trial
Forms To Go 3.2.1
Forté Agent
Garmin Communicator Plugin
Garmin WebUpdater
GeneralCOST Estimator Trial
Ghost Recon Advanced Warfighter
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
GrabIt 1.7.1 Beta (build 960)
h5400 PPC02 WLAN Driver 128_Eng
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HomeCOST Estimator Trial
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
hp deskjet 5800 series
HP Diagnostic Assistant
HP Image Zone 4.0
HP My Display
HP Scanjet 4070
HP Software Update
hpg4070
HPSystemDiagnostics
Htpasswd Generator 2.1
ImTOO iPod Computer Transfer
Installation Wizard
InstantShare
Internet Download Manager
Ipswitch WS_FTP Pro
iTunes
Java™ 6 Update 14
Jigsaw Puzzle Player
Jigsaw Puzzles - Parks of the World
JobCOST Controller Trial
K-Lite Codec Pack 2.35 Full
Keyboard Launchpad
Kodak DIGITAL GEM Airbrush Professional Plug-In 1.0.1
Kodak DIGITAL GEM Professional Plug-In 1.0.1
Kodak DIGITAL ROC Professional Plug-In 1.0.2
Kodak DIGITAL SHO Professional Plug-In 1.0.2
Kremlin 2.21
Learn Microsoft Visual Basic 6.0 Now
Light v3.5 for Adobe Photoshop & Compatible Applications
LinksysDiag
LiveReg (Symantec Corporation)
Log Parser 2.2
Logitech SetPoint
Macromedia Authorware 7.01
Macromedia Captivate
Macromedia ColdFusion MX 7
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Fireworks MX 2004
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia FreeHand MXa
Macromedia HomeSite+
MainConcept MPEG Pro for Adobe Premiere Pro 1.04
Malwarebytes' Anti-Malware
Managed DirectX (0901)
Marvell Miniport Driver
Maya 6.0
Maya Shader Library for Maya
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft CCR and DSS Runtime 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2003
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2003
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
Microsoft WinUsb 1.0
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 2.0
mIRC
Mozilla Firefox (3.0.11)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multiplicity
Napster Burn Engine
Nero Suite
nLite 1.4.9.1
Norton CleanSweep
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005 Premier
Norton SystemWorks 2005 Premier (Symantec Corporation)
Norton Utilities
NSW_DRM_COLLECTION
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
O&O Defrag Professional Edition
Overland
Ozone v2.5 for Adobe Photoshop & Compatible Applications
PaintCOST Estimator Trial
Passware Kit Enterprise 8.0
PDF Settings
PDF to DWG Converter
PhotoGallery
Photosynth 2.0.1519.16
Pivot Software
Portraiture Plug-in
Power Mask v1.0 for Photoshop
Power Stroke v1.0 for Adobe Photoshop & Photoshop Elements
PrintScreen
Privoxy 3.0.6
PunkBuster Services
QFolder
QuickPar 0.9
QuickProjects
QuickTime
R-Wipe&Clean 7.1
Razer Copperhead
Real Alternative 1.52 Lite
Registry Mechanic 5.0
RemodelCOST Estimator Trial
RepairCOST Estimator Trial
Rhapsody Player Engine
RoofCOST Estimator Trial
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Scan
SDK
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Setup IsoEdit
Ship Simulator 2006
SiSoftware Sandra Professional Home XII
SkinsHP1
Smithsonian's American Art Jigsaws
SnagIt 7
Snap v2.5 for Adobe Photoshop & Photoshop Elements
Solid State ION Internet Explorer Plugin
Sophos Anti-Rootkit 1.5.0
Sothink DHTMLMenu
Sothink SWF Quicker
Sothink Tree Menu
Sound Blaster X-Fi
Spb Pocket Plus
Spb Weather
Spy Sweeper
SpyHunter
Spyware Doctor 3.5
Stylus Studio 2007 XML Enterprise Suite
SWF Desktop 1.2.0u
SWiSHmax
System Requirements Lab
TOPO!
TopStyle Lite (Version 3.0)
Tor 0.2.0.34
TrayApp
TrueCrypt
TuneUp Utilities 2009
TurboCAD Deluxe v12
TweakNow RegCleaner Standard
UltraISO Premium V9.33
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
USB Storage Adapter FX (SM1)
VBA (2627.01)
Ventrilo Client
Vidalia 0.1.10
VideoLAN VLC media player 0.8.6a
Vistanita Duplicate Finder 3.7.2
Weather Display 10.36z
Weather Display Live 5.01
WebFldrs XP
WebLog Expert 4.0
Webmaster Color Picker Demo
WebReg
Windows Defender Signatures
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
zMatte v2.5 for Adobe Photoshop
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

7/16/2009 6:07:59 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/16/2009 6:04:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/16/2009 5:58:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a347bus atitray Si3114r5
7/16/2009 5:58:08 AM, error: Service Control Manager [7001] - The Sentinel service depends on the Parallel port driver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/16/2009 5:58:08 AM, error: Service Control Manager [7000] - The Windows Defender Service service failed to start due to the following error: The system cannot find the path specified.
7/16/2009 5:58:08 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/16/2009 5:58:08 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
7/16/2009 5:58:08 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
7/16/2009 5:58:08 AM, error: Service Control Manager [7000] - The ASInsHelp service failed to start due to the following error: The system cannot find the file specified.
7/16/2009 5:58:05 AM, error: Print [23] - Printer Send To OneNote 2007 failed to initialize because a suitable Send To Microsoft OneNote Driver driver could not be found.
7/16/2009 5:58:05 AM, error: Print [23] - Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
7/16/2009 5:46:29 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

[brew]

For informational purposes - The origional symptom/problem was the "SystemSecurity" malware as seen here - http://www.malwareby...showtopic=17583




Step 7 completed

Eset log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=d349b5bb819cf941b5e02d13c3612d21
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-16 03:56:02
# local_time=2009-07-16 08:56:02 (-0800, Pacific Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3585 63 50 0 0
# compatibility_mode=5121 63 259 1 128922333436641562
# compatibility_mode=5889 63 259 1 128922333436641562
# scanned=582383
# found=61
# cleaned=0
# scan_time=6667
C:\WINDOWS\system32\wuaumgr.exe Win32/Shark.NAB trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\comdw\svchost.exe probably a variant of Win32/TrojanDropper.Agent trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\comdw\winlogon.dll probably a variant of Win32/PSW.Delf trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\comoq\svchost.exe probably a variant of Win32/TrojanDropper.Agent trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\comoq\winlogon.dll probably a variant of Win32/PSW.Delf trojan 00000000000000000000000000000000 I
D:\4_8_06fullbu\public_html\error\bash- probably a variant of Win32/IRCBot trojan 00000000000000000000000000000000 I
D:\codetemp\MainConcept Mpeg Pro 1.0.4_ROR\Crack\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\Photoshop Plugin - Axion Flare Effects.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\CHCv10b\KeygenHighlightControl10bforAdobePhotsh.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\ChromaSoftware Suite\Highlight Control v1.0b\KEYGEN.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\ChromaSoftware Suite\Photographic Filters v1.0b\KEYGEN.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\ChromaSoftware Suite\Shadow Control v1.3b\KEYGEN.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\ChromaSoftware Suite\Smart Sharpen v1.0b\KEYGEN.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\CPFv10b\KeygenPhotographicFilters10b.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\CSCv13b\KeygenShadowControl13b.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\CSSv10b\KeygenSmartSharpen10b.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\FPearHueandCryv104\-= Keygen =-\KeygenHueandCry104forPhotoshop.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\IndiaInkv175\-= Keygen =-\KeygenIndiaInk175forPhotoshop.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Lens Pro III v3.6\keygen.exe probably a variant of Win32/TrojanDropper.Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\PathStyler v1.2\KEYGEN.EXE probably a variant of Win32/TrojanDropper.Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\234 PhotoShop Plugins\VizrosPluginsv41\KeygenVizrosPlugins41forPhotoshop.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Creative Pack v1.1\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Designer Sextet v1.4\flamingpear.multikeygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Flood v1.1\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Glitterato v1.1\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Hue and Cry v1.1\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear LunarCell v1.5\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Melancholytron v1.1\flamingpear.multikeygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Mr Contrast v1.1\KEYGEN.EXE probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Polymerge v1.1\flamingpear.multikeygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Flaming Pear\Flaming Pear Superblade Pro v1.4\flamingpear.multikeygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\codetemp\softdls\photoshop plugins\Panopticum Lens Pro III 3.6\KEYGEN.EXE probably a variant of Win32/TrojanDropper.Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Alien Skin BlowUp v1.0.2\Alien Skin - Multi-Key Generator\AlienSkin - Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Alien Skin Exposure v1.0\Alien Skin - Multi-Key Generator\AlienSkin - Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Alien Skin Eye Candy Textures v5.1.0\Alien Skin - Multi-Key Generator\AlienSkin - Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Alien Skin Image Doctor v1.1.0\Alien Skin - Multi-Key Generator\AlienSkin - Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Alien Skin Snap Art v1.0\AlienSkin - Multi-Key Generator\AlienSkin - Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Alien Skin Xenofex v2.1.1\AlienSkin - Multi-Key Generator\AlienSkin - Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear Creative Pack v1.30\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear Designer Sextet v1.55\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear Glitterato v1.12\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear Hue And Cry v1.20\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear India Ink v1.97\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear LunarCell v1.65\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear Photography Pack v1.1\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear SolarCell v1.60\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear SuperBladePro v1.50\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Flaming Pear Tesselation v1.35\Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\onOne Genuine Fractals PrintPro v.5.0.3\KEY GENERATOR\onOne Software Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\OnOne Intellihance Pro v4.2.1\KEY GENERATOR\onOne Software Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\OnOne Mask Pro v4.1.1\KEY GENERATOR\onOne Software Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\onOne PhotoFrame Pro v3.1.1\KEY GENERATOR\onOne Software Multi-Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Adobe Photoshop CS3 Plugins Pack\Photomatix Tone Mapping v1.1.2\Photomatix Tone Mapping v1.1.2 Key Generator.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\DataDirect.Stylus.Studio.2007.XML.Enterprise.Suite.v8.1.735f-ZWT\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\efd299\crack.exe Win32/TrojanDownloader.Small.DDP trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\MagicISO.Maker.v5.4.Build.0239.Incl.Key.WinAll-FYSP\magicisokgn.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\Selteco.Alligator.Flash.Designer.v7.0.REPACK-VTX\vx-01100\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
F:\codetemp6\soft\SiSoftware.Sandra.Pro.Home.XI.SP1.v2007.3.11.22.Multilingual.Retail-ZWT\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
I:\codetempa\ShareO.v2.70.0294.for.Microsoft.Outlook-BRD\keygen\keygen.exe probably a variant of Win32/TrojanDownloader.Banload trojan 00000000000000000000000000000000 I
I:\Ipod Copy Expert 3.1.2.0\Ipod Copy Expert 3.1.2.0.exe probably a variant of Win32/Inject trojan 00000000000000000000000000000000 I
I:\iPod2PC 3 9 2 Full\iPod2PC 3 9 2 Full .exe probably a variant of Win32/Injector.DW trojan 00000000000000000000000000000000 I

[AdvancedSetup]

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.


HiJack This! Forum Policy
[indent]

Quote

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

[/indent]

[AdvancedSetup]

Okay, after further review I've re-opened the post. If I find out otherwise though that the information you provided is/was not true then I will permanently close the post.

Please go ahead and delete your current copy of Combofix.exe on the desktop and download a NEW fresh copy and run that again and post back that log. Also UPDATE MBAM and post back a new Quick Scan log from that and we'll go from there.

Thanks.

[brew]

Your continued help is much appreciated!

It appears mbam is no longer picking up the rootkit (good news?)

I am getting a random windows error now though. -

Windows - System Error
There is an IP address conflict with another system on the network.

There is no other machines connected and/or powered on.



The new combo log -

ComboFix 09-07-14.08 - me 07/17/2009 22:50.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1426 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-16 13:59 . 2009-07-16 13:59 -------- d-----w- c:\program files\ESET
2009-07-16 13:28 . 2009-07-16 13:28 -------- d-----w- c:\program files\Java
2009-07-16 12:51 . 2009-07-16 12:51 -------- d-----w- c:\program files\CCleaner
2009-07-16 01:32 . 2009-07-16 01:32 -------- d-----w- c:\program files\Trend Micro
2009-07-16 00:03 . 2009-07-16 00:23 -------- d-----w- C:\123Qoobox
2009-07-15 22:26 . 2009-07-15 22:26 -------- d-----w- c:\program files\Sophos
2009-07-15 21:42 . 2009-07-15 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\windows\system32\AGEIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 06:01 . 2007-03-03 01:08 -------- d-----w- c:\documents and settings\me\Application Data\DMCache
2009-07-17 18:58 . 2007-02-21 05:24 -------- d-----w- c:\documents and settings\me\Application Data\R-Wipe&Clean
2009-07-16 23:42 . 2007-01-24 06:56 -------- d-----w- c:\program files\CoffeeCup Software
2009-07-16 20:19 . 2005-10-21 17:09 -------- d-----w- c:\program files\MasterSplitter
2009-07-16 13:28 . 2009-05-28 15:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-16 00:31 . 2005-06-10 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-15 21:10 . 2009-01-13 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2009-01-13 17:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-13 17:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 15:22 . 2009-02-22 00:26 -------- d-----w- c:\documents and settings\me\Application Data\Vidalia
2009-07-12 15:22 . 2009-02-22 00:38 -------- d-----w- c:\documents and settings\me\Application Data\tor
2009-06-25 00:17 . 2005-06-10 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 21:50 . 2008-10-15 16:15 889360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 18:58 . 2009-06-09 13:48 -------- d-----w- c:\documents and settings\me\Application Data\nHancer
2009-06-17 02:02 . 2007-03-31 04:43 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-17 02:02 . 2007-03-31 04:43 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 19:54 . 2009-06-16 19:54 -------- d-----w- c:\program files\PopCap Games
2009-06-12 14:42 . 2009-06-12 14:39 -------- d-----w- c:\program files\nLite
2009-06-10 22:53 . 2009-06-06 15:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA3DeployClient
2009-06-10 22:35 . 2005-09-03 18:16 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 16:46 . 2007-04-10 04:13 -------- d-----w- c:\documents and settings\me\Application Data\IDM
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\documents and settings\me\Application Data\IGN_DLM
2009-06-10 13:39 . 2005-06-10 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 13:38 . 2005-06-10 12:07 -------- d-----w- c:\program files\Symantec
2009-06-10 13:28 . 2009-01-29 00:25 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum Edition
2009-06-10 13:03 . 2009-06-10 13:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-12-31 04:30 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-09 13:49 . 2006-12-31 04:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NVIDIA
2009-06-09 13:49 . 2009-06-09 13:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nHancer
2009-06-09 13:34 . 2009-06-09 13:34 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 03:55 . 2008-05-08 05:01 -------- d-----w- c:\program files\UltraLeecher
2009-06-09 03:54 . 2005-09-28 00:06 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-09 03:44 . 2009-06-09 03:44 -------- d--h--w- c:\program files\Zero G Registry
2009-06-09 03:42 . 2007-10-06 16:57 -------- d-----w- c:\program files\IrfanView
2009-06-09 03:42 . 2005-06-10 12:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-09 03:42 . 2006-09-15 06:03 -------- d-----w- c:\program files\IGN
2009-06-09 03:28 . 2005-06-10 12:01 -------- d-----w- c:\program files\Fraps
2009-06-09 03:27 . 2008-09-09 21:44 -------- d-----w- c:\program files\Exodus
2009-06-09 03:27 . 2005-08-12 06:52 -------- d-----w- c:\documents and settings\me\Application Data\Exodus
2009-06-09 03:26 . 2007-03-30 02:30 -------- d-----w- c:\program files\DAZ
2009-06-09 03:23 . 2005-06-10 11:59 -------- d-----w- c:\program files\ASUS
2009-06-09 03:22 . 2005-06-10 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:22 . 2006-12-26 04:19 -------- d-----w- c:\documents and settings\me\Application Data\Lavasoft
2009-06-09 03:21 . 2007-06-27 04:15 -------- d-----w- c:\program files\123Movies2PSP
2009-06-08 03:57 . 2006-10-15 10:01 4764 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-08 03:27 . 2009-06-08 03:27 906 ----a-w- C:\fix.bat
2009-06-06 02:32 . 2007-03-31 04:43 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 02:17 . 2009-06-06 02:16 -------- d-----w- c:\program files\America's Army test
2009-06-06 01:43 . 2008-03-08 22:17 142200 ----a-w- c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 01:01 . 2009-06-06 00:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA2DeployClient
2009-06-04 23:39 . 2006-06-20 12:18 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 22:41 . 2008-05-08 05:02 37472 ----a-w- c:\windows\Fonts\INFOview.fon\infoview.fon
2009-06-03 22:41 . 2008-05-08 05:02 -------- d-----w- c:\windows\Fonts\INFOview.fon
2009-05-31 17:12 . 2009-05-31 17:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\documents and settings\me\Application Data\EPSON
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\program files\epson
2009-05-28 18:59 . 2007-08-22 04:46 59160 ----a-w- c:\windows\system32\zlib.dll
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\program files\VMware
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware
2009-05-27 01:03 . 2009-05-27 01:03 -------- d-----w- c:\program files\Electronic Arts
2009-05-05 20:35 . 2009-05-05 20:35 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-05 20:35 . 2009-05-05 20:35 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-04-28 16:55 . 2009-04-28 16:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2003-08-27 22:19 . 2005-01-30 19:29 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-06-16 15:58 . 2009-02-22 00:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2002-08-01 02:55 . 2007-01-24 06:56 106 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_04.10.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-16 04:09 . 2009-07-16 04:09 16384 c:\windows\Temp\Perflib_Perfdata_734.dat
+ 2009-07-18 05:45 . 2009-07-18 05:45 16384 c:\windows\temp\Perflib_Perfdata_734.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-16 04:19 . 2009-07-18 05:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-15 23:04 . 2009-07-18 05:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-15 21:42 . 2009-07-15 21:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-15 21:42 . 2009-07-18 05:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2005-01-15 23:04 . 2009-07-18 05:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 15:06 . 2009-07-16 13:28 148888 c:\windows\system32\javaws.exe
- 2009-05-28 15:06 . 2009-05-28 15:06 148888 c:\windows\system32\javaws.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\javaw.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\javaw.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\java.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\java.exe
+ 2009-07-16 13:28 . 2009-07-16 13:28 1563648 c:\windows\Installer\1c1f9b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-04-10 894720]
"RWipeD"="c:\program files\R-Wipe&Clean\rwiped.exe" [2007-02-15 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-07-11 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 23:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 23:36 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aliasdocserver"=2 (0x2)
"Norton Ghost"=3 (0x3)
"MskService"=2 (0x2)
"x10nets"=3 (0x3)
"Speed Disk service"=2 (0x2)
"RadClock"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"TapiSrv"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"svcWRSSSDK"=2 (0x2)
"SQLWriter"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"SCardSvr"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"NProtectService"=2 (0x2)
"Multiplicity"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"mnmsrvc"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GuardDogEXE"=3 (0x3)
"GoToMyPC"=2 (0x2)
"DTSRVC"=2 (0x2)
"ColdFusion MX 7 Search Server"=3 (0x3)
"ColdFusion MX 7 Application Server"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Asset Management Daemon"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"|MicServiceAP"=2 (0x2)
"|MicServiceA8"=2 (0x2)
"SwPrv"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"igndlm.exe"=c:\program files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe"
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office7\Office12\GrooveMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Copperhead"=c:\program files\Razer\Copperhead\razerhid.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America's Army test\\System\\ArmyOps.exe"=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/13/2005 2:18 AM 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [10/13/2005 2:19 AM 16640]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3/6/2005 5:19 PM 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [1/29/2005 12:46 PM 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [9/17/2003 7:00 AM 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [9/17/2003 7:00 AM 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [10/13/2005 5:32 AM 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [3/6/2005 5:19 PM 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/17/2007 11:02 PM 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 1:35 PM 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
S1 atitray;atitray;\??\c:\program files\Ray Adams\ATI Tray Tools\atitray.sys --> c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [?]
S2 WinDefend;Windows Defender Service;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [1/15/2005 4:12 PM 5824]
S3 BS_DEF;BS_DEF;\??\c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/22/2008 10:18 PM 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [1/30/2005 12:38 PM 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [10/13/2005 5:32 AM 11351]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [4/15/2006 9:03 PM 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [10/13/2005 5:32 AM 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [12/3/2004 4:54 PM 56704]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\UltraLeecher\UltraCrypt.sys --> c:\program files\UltraLeecher\UltraCrypt.sys [?]
S4 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [3/22/2006 2:00 PM 61440]
S4 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [3/22/2006 1:59 PM 2732608]
S4 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE --> c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI8C0D~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\Eltima Software\Flash Decompiler\iebt.html
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\docume~1\me\APPLIC~1\Mozilla\Firefox\Profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 23:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
geyekrkcxxccqt.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

- - - - - - - > 'explorer.exe'(2052)
geyekrkcxxccqt.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-07-18 23:04
ComboFix-quarantined-files.txt 2009-07-18 06:04
ComboFix2.txt 2009-07-16 13:19
ComboFix3.txt 2009-07-16 04:17

Pre-Run: 15,779,377,152 bytes free
Post-Run: 15,792,390,144 bytes free

365 --- E O F --- 2008-10-15 15:56

MBAM Log

Malwarebytes' Anti-Malware 1.39
Database version: 2459
Windows 5.1.2600 Service Pack 2

7/18/2009 7:52:36 AM
mbam-log-2009-07-18 (07-52-36).txt

Scan type: Quick Scan
Objects scanned: 97540
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[AdvancedSetup]

Please click on START - RUN and type in MSCONFIG and click on OK
Go to the Services tab and click on ENABLE ALL , then click OK and reboot the computer.

[brew]

OK, after reboot do I need to run something or post a log file?

[AdvancedSetup]

Please run Combofix again so that I can see if it made any difference or not. Did MSCONFIG give you any problems reenabling the services?


Sorry, I'm in the process of rebuilding my main computer. Will try to get back to you in a day or so.

[brew]

MSCONFIG gave no issues when I selected "enable all" and rebooted.

I deleted and re-downloaded a fresh copy of combofix. Below is the log -

Combo Log

ComboFix 09-07-19.01 - me 07/19/2009 10:08.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1537 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-16 13:59 . 2009-07-16 13:59 -------- d-----w- c:\program files\ESET
2009-07-16 13:28 . 2009-07-16 13:28 -------- d-----w- c:\program files\Java
2009-07-16 12:51 . 2009-07-16 12:51 -------- d-----w- c:\program files\CCleaner
2009-07-16 01:32 . 2009-07-16 01:32 -------- d-----w- c:\program files\Trend Micro
2009-07-16 00:03 . 2009-07-16 00:23 -------- d-----w- C:\123Qoobox
2009-07-15 22:26 . 2009-07-15 22:26 -------- d-----w- c:\program files\Sophos
2009-07-15 21:42 . 2009-07-15 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\windows\system32\AGEIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 16:50 . 2007-03-03 01:08 -------- d-----w- c:\documents and settings\me\Application Data\DMCache
2009-07-19 07:01 . 2007-02-21 05:24 -------- d-----w- c:\documents and settings\me\Application Data\R-Wipe&Clean
2009-07-16 23:42 . 2007-01-24 06:56 -------- d-----w- c:\program files\CoffeeCup Software
2009-07-16 20:19 . 2005-10-21 17:09 -------- d-----w- c:\program files\MasterSplitter
2009-07-16 13:28 . 2009-05-28 15:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-16 00:31 . 2005-06-10 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-15 21:10 . 2009-01-13 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2009-01-13 17:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-13 17:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 15:22 . 2009-02-22 00:26 -------- d-----w- c:\documents and settings\me\Application Data\Vidalia
2009-07-12 15:22 . 2009-02-22 00:38 -------- d-----w- c:\documents and settings\me\Application Data\tor
2009-06-25 00:17 . 2005-06-10 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 21:50 . 2008-10-15 16:15 889360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 18:58 . 2009-06-09 13:48 -------- d-----w- c:\documents and settings\me\Application Data\nHancer
2009-06-17 02:02 . 2007-03-31 04:43 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-17 02:02 . 2007-03-31 04:43 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 19:54 . 2009-06-16 19:54 -------- d-----w- c:\program files\PopCap Games
2009-06-12 14:42 . 2009-06-12 14:39 -------- d-----w- c:\program files\nLite
2009-06-10 22:53 . 2009-06-06 15:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA3DeployClient
2009-06-10 22:35 . 2005-09-03 18:16 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 16:46 . 2007-04-10 04:13 -------- d-----w- c:\documents and settings\me\Application Data\IDM
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\documents and settings\me\Application Data\IGN_DLM
2009-06-10 13:39 . 2005-06-10 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 13:38 . 2005-06-10 12:07 -------- d-----w- c:\program files\Symantec
2009-06-10 13:28 . 2009-01-29 00:25 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum Edition
2009-06-10 13:03 . 2009-06-10 13:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-12-31 04:30 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-09 13:49 . 2006-12-31 04:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NVIDIA
2009-06-09 13:49 . 2009-06-09 13:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nHancer
2009-06-09 13:34 . 2009-06-09 13:34 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 03:55 . 2008-05-08 05:01 -------- d-----w- c:\program files\UltraLeecher
2009-06-09 03:54 . 2005-09-28 00:06 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-09 03:44 . 2009-06-09 03:44 -------- d--h--w- c:\program files\Zero G Registry
2009-06-09 03:42 . 2007-10-06 16:57 -------- d-----w- c:\program files\IrfanView
2009-06-09 03:42 . 2005-06-10 12:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-09 03:42 . 2006-09-15 06:03 -------- d-----w- c:\program files\IGN
2009-06-09 03:28 . 2005-06-10 12:01 -------- d-----w- c:\program files\Fraps
2009-06-09 03:27 . 2008-09-09 21:44 -------- d-----w- c:\program files\Exodus
2009-06-09 03:27 . 2005-08-12 06:52 -------- d-----w- c:\documents and settings\me\Application Data\Exodus
2009-06-09 03:26 . 2007-03-30 02:30 -------- d-----w- c:\program files\DAZ
2009-06-09 03:23 . 2005-06-10 11:59 -------- d-----w- c:\program files\ASUS
2009-06-09 03:22 . 2005-06-10 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:22 . 2006-12-26 04:19 -------- d-----w- c:\documents and settings\me\Application Data\Lavasoft
2009-06-09 03:21 . 2007-06-27 04:15 -------- d-----w- c:\program files\123Movies2PSP
2009-06-08 03:57 . 2006-10-15 10:01 4764 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-08 03:27 . 2009-06-08 03:27 906 ----a-w- C:\fix.bat
2009-06-06 02:32 . 2007-03-31 04:43 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 02:17 . 2009-06-06 02:16 -------- d-----w- c:\program files\America's Army test
2009-06-06 01:43 . 2008-03-08 22:17 142200 ----a-w- c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 01:01 . 2009-06-06 00:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA2DeployClient
2009-06-04 23:39 . 2006-06-20 12:18 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 22:41 . 2008-05-08 05:02 37472 ----a-w- c:\windows\Fonts\INFOview.fon\infoview.fon
2009-06-03 22:41 . 2008-05-08 05:02 -------- d-----w- c:\windows\Fonts\INFOview.fon
2009-05-31 17:12 . 2009-05-31 17:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\documents and settings\me\Application Data\EPSON
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\program files\epson
2009-05-28 18:59 . 2007-08-22 04:46 59160 ----a-w- c:\windows\system32\zlib.dll
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\program files\VMware
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware
2009-05-27 01:03 . 2009-05-27 01:03 -------- d-----w- c:\program files\Electronic Arts
2009-05-05 20:35 . 2009-05-05 20:35 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-05 20:35 . 2009-05-05 20:35 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-04-28 16:55 . 2009-04-28 16:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2003-08-27 22:19 . 2005-01-30 19:29 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-06-16 15:58 . 2009-02-22 00:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2002-08-01 02:55 . 2007-01-24 06:56 106 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_04.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-19 17:07 . 2009-07-19 17:07 16384 c:\windows\temp\Perflib_Perfdata_4f0.dat
+ 2009-07-16 04:19 . 2009-07-19 17:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-15 23:04 . 2009-07-19 17:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-15 21:42 . 2009-07-15 21:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-15 21:42 . 2009-07-19 16:36 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-01-15 23:04 . 2009-07-19 17:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 15:06 . 2009-07-16 13:28 148888 c:\windows\system32\javaws.exe
- 2009-05-28 15:06 . 2009-05-28 15:06 148888 c:\windows\system32\javaws.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\javaw.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\javaw.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\java.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\java.exe
+ 2009-07-16 13:28 . 2009-07-16 13:28 1563648 c:\windows\Installer\1c1f9b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-04-10 894720]
"RWipeD"="c:\program files\R-Wipe&Clean\rwiped.exe" [2007-02-15 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-07-11 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 23:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 23:36 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aliasdocserver"=2 (0x2)
"MskService"=2 (0x2)
"MCVSRte"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Multiplicity"=2 (0x2)
"GoToMyPC"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"|MicServiceAP"=2 (0x2)
"|MicServiceA8"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"igndlm.exe"=c:\program files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe"
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office7\Office12\GrooveMonitor.exe"
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Copperhead"=c:\program files\Razer\Copperhead\razerhid.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Microsoft® Windows® Operating System"="c:\windows\system32\wuaumgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America's Army test\\System\\ArmyOps.exe"=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/13/2005 2:18 AM 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [10/13/2005 2:19 AM 16640]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3/6/2005 5:19 PM 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [1/29/2005 12:46 PM 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [9/17/2003 7:00 AM 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [9/17/2003 7:00 AM 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [10/13/2005 5:32 AM 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [3/6/2005 5:19 PM 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/17/2007 11:02 PM 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 1:35 PM 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
S1 atitray;atitray;\??\c:\program files\Ray Adams\ATI Tray Tools\atitray.sys --> c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [?]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE --> c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [?]
S2 WinDefend;Windows Defender Service;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [1/15/2005 4:12 PM 5824]
S3 BS_DEF;BS_DEF;\??\c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys [?]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [3/22/2006 2:00 PM 61440]
S3 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [3/22/2006 1:59 PM 2732608]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/22/2008 10:18 PM 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [1/30/2005 12:38 PM 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [10/13/2005 5:32 AM 11351]
S3 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [4/15/2006 9:03 PM 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [10/13/2005 5:32 AM 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [12/3/2004 4:54 PM 56704]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\UltraLeecher\UltraCrypt.sys --> c:\program files\UltraLeecher\UltraCrypt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI8C0D~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\Eltima Software\Flash Decompiler\iebt.html
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\docume~1\me\APPLIC~1\Mozilla\Firefox\Profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 10:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1752)
geyekrkcxxccqt.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
.
Completion time: 2009-07-19 10:21
ComboFix-quarantined-files.txt 2009-07-19 17:21
ComboFix2.txt 2009-07-18 06:04
ComboFix3.txt 2009-07-16 13:19
ComboFix4.txt 2009-07-16 04:17

Pre-Run: 15,608,823,808 bytes free
Post-Run: 15,587,803,136 bytes free

316 --- E O F --- 2008-10-15 15:56

[brew]

Latest MBAM log -

Malwarebytes' Anti-Malware 1.39
Database version: 2475
Windows 5.1.2600 Service Pack 2

7/21/2009 2:44:58 PM
mbam-log-2009-07-21 (14-44-58).txt

Scan type: Quick Scan
Objects scanned: 97986
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

[AdvancedSetup]

Sorry for the delay. I've been busy and had to rebuild my main system over the weekend. Then I have like 50 open posts for help that I've been trying to catch up with. I will try to get back later tonight and provide feedback.

[AdvancedSetup]

STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
Driver::
MEMSWEEP2
geyekrkcxxccqt
File::
c:\windows\WSYS049.SYS
c:\windows\system32\3.tmp
c:\windows\system32\geyekrkcxxccqt.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
RegLock::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disconnect from the Internet.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply

STEP 03
Please download to your Desktop: Dr.Web CureIt

• After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  
• Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click on the Complete scan radio button.
  
• Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  
• Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  
• On the File types tab ensure you select All files
  
• Click on the Actions tab and set the following:
  
  • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    
  • Infected packages Archive = Move, E-mails = Report, Containers = Move
    
  • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    
  • Do not change the Rename extension - default is: #??
    
  • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    
  • Leave prompt on Action checked
• On the Log file tab leave the Log to file checked.
  
• Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log
  
• Log mode = Append
  
• Encoding = ANSI
  
• Details Leave Names of file packers and Statistics checked.
  
• Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.
  
• On the General tab leave the Scan Priority on High
  
• Click the Apply button at the bottom, and then the OK button.
  
• On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.
  
• In this mode it will scan Boot sectors of all disks, All removable media, and all local drives
  
• The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.
  
• When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.
  
• Click 'Yes to all' if it asks if you want to cure/move the files.
  
• This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.
  [indent][/indent]

[brew]

Step 1 - completed, log follows
Step 2 - completed, log follows
Step 3 - unable to complete, after selecting the OK button to perform an Express Scan, I get an windows error message - q5qdy.exe has encountered a problem and needs to close. After selecting not to send to MS, I get the error message
q5qdy.exe - Application Error
The instruction at "0x10001b5a" referenced memory at "0x00000028". The memory could not be "read". Click on ok to terminate the program.

I have also included a new Hijack this log

Combo Log

ComboFix 09-07-22.08 - me 07/23/2009 8:00.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1529 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\me\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"c:\windows\system32\3.tmp"
"c:\windows\system32\geyekrkcxxccqt.dll"
"c:\windows\WSYS049.SYS"
.

((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-21 14:51 . 2009-07-21 14:51 -------- d-----w- c:\windows\Sun
2009-07-16 13:59 . 2009-07-16 13:59 -------- d-----w- c:\program files\ESET
2009-07-16 13:28 . 2009-07-16 13:28 -------- d-----w- c:\program files\Java
2009-07-16 12:51 . 2009-07-16 12:51 -------- d-----w- c:\program files\CCleaner
2009-07-16 01:32 . 2009-07-16 01:32 -------- d-----w- c:\program files\Trend Micro
2009-07-16 00:03 . 2009-07-16 00:23 -------- d-----w- C:\123Qoobox
2009-07-15 22:26 . 2009-07-15 22:26 -------- d-----w- c:\program files\Sophos
2009-07-15 21:42 . 2009-07-15 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\windows\system32\AGEIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 14:53 . 2007-03-03 01:08 -------- d-----w- c:\documents and settings\me\Application Data\DMCache
2009-07-23 07:00 . 2007-02-21 05:24 -------- d-----w- c:\documents and settings\me\Application Data\R-Wipe&Clean
2009-07-16 23:42 . 2007-01-24 06:56 -------- d-----w- c:\program files\CoffeeCup Software
2009-07-16 20:19 . 2005-10-21 17:09 -------- d-----w- c:\program files\MasterSplitter
2009-07-16 13:28 . 2009-05-28 15:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-16 00:31 . 2005-06-10 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-15 21:10 . 2009-01-13 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2009-01-13 17:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-13 17:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 15:22 . 2009-02-22 00:26 -------- d-----w- c:\documents and settings\me\Application Data\Vidalia
2009-07-12 15:22 . 2009-02-22 00:38 -------- d-----w- c:\documents and settings\me\Application Data\tor
2009-06-25 00:17 . 2005-06-10 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 21:50 . 2008-10-15 16:15 889360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 18:58 . 2009-06-09 13:48 -------- d-----w- c:\documents and settings\me\Application Data\nHancer
2009-06-17 02:02 . 2007-03-31 04:43 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-17 02:02 . 2007-03-31 04:43 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 19:54 . 2009-06-16 19:54 -------- d-----w- c:\program files\PopCap Games
2009-06-12 14:42 . 2009-06-12 14:39 -------- d-----w- c:\program files\nLite
2009-06-10 22:53 . 2009-06-06 15:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA3DeployClient
2009-06-10 22:35 . 2005-09-03 18:16 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 16:46 . 2007-04-10 04:13 -------- d-----w- c:\documents and settings\me\Application Data\IDM
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\documents and settings\me\Application Data\IGN_DLM
2009-06-10 13:39 . 2005-06-10 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 13:38 . 2005-06-10 12:07 -------- d-----w- c:\program files\Symantec
2009-06-10 13:28 . 2009-01-29 00:25 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum Edition
2009-06-10 13:03 . 2009-06-10 13:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-12-31 04:30 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-09 13:49 . 2006-12-31 04:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NVIDIA
2009-06-09 13:49 . 2009-06-09 13:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nHancer
2009-06-09 13:34 . 2009-06-09 13:34 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 03:55 . 2008-05-08 05:01 -------- d-----w- c:\program files\UltraLeecher
2009-06-09 03:54 . 2005-09-28 00:06 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-09 03:44 . 2009-06-09 03:44 -------- d--h--w- c:\program files\Zero G Registry
2009-06-09 03:42 . 2007-10-06 16:57 -------- d-----w- c:\program files\IrfanView
2009-06-09 03:42 . 2005-06-10 12:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-09 03:42 . 2006-09-15 06:03 -------- d-----w- c:\program files\IGN
2009-06-09 03:28 . 2005-06-10 12:01 -------- d-----w- c:\program files\Fraps
2009-06-09 03:27 . 2008-09-09 21:44 -------- d-----w- c:\program files\Exodus
2009-06-09 03:27 . 2005-08-12 06:52 -------- d-----w- c:\documents and settings\me\Application Data\Exodus
2009-06-09 03:26 . 2007-03-30 02:30 -------- d-----w- c:\program files\DAZ
2009-06-09 03:23 . 2005-06-10 11:59 -------- d-----w- c:\program files\ASUS
2009-06-09 03:22 . 2005-06-10 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:22 . 2006-12-26 04:19 -------- d-----w- c:\documents and settings\me\Application Data\Lavasoft
2009-06-09 03:21 . 2007-06-27 04:15 -------- d-----w- c:\program files\123Movies2PSP
2009-06-08 03:57 . 2006-10-15 10:01 4764 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-08 03:27 . 2009-06-08 03:27 906 ----a-w- C:\fix.bat
2009-06-06 02:32 . 2007-03-31 04:43 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 02:17 . 2009-06-06 02:16 -------- d-----w- c:\program files\America's Army test
2009-06-06 01:43 . 2008-03-08 22:17 142200 ----a-w- c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 01:01 . 2009-06-06 00:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA2DeployClient
2009-06-04 23:39 . 2006-06-20 12:18 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 22:41 . 2008-05-08 05:02 37472 ----a-w- c:\windows\Fonts\INFOview.fon\infoview.fon
2009-06-03 22:41 . 2008-05-08 05:02 -------- d-----w- c:\windows\Fonts\INFOview.fon
2009-05-31 17:12 . 2009-05-31 17:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\documents and settings\me\Application Data\EPSON
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\program files\epson
2009-05-28 18:59 . 2007-08-22 04:46 59160 ----a-w- c:\windows\system32\zlib.dll
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\program files\VMware
2009-05-27 01:24 . 2008-03-13 00:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware
2009-05-27 01:03 . 2009-05-27 01:03 -------- d-----w- c:\program files\Electronic Arts
2009-05-05 20:35 . 2009-05-05 20:35 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-05 20:35 . 2009-05-05 20:35 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-04-28 16:55 . 2009-04-28 16:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2003-08-27 22:19 . 2005-01-30 19:29 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-22 21:00 . 2009-02-22 00:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_04.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 14:58 . 2009-07-23 14:58 16384 c:\windows\temp\Perflib_Perfdata_714.dat
+ 2009-07-23 13:44 . 2009-07-23 14:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-15 23:04 . 2009-07-23 14:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-15 21:42 . 2009-07-15 21:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-15 21:42 . 2009-07-23 14:57 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-01-15 23:04 . 2009-07-23 14:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 15:06 . 2009-07-16 13:28 148888 c:\windows\system32\javaws.exe
- 2009-05-28 15:06 . 2009-05-28 15:06 148888 c:\windows\system32\javaws.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\javaw.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\javaw.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\java.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\java.exe
+ 2009-07-16 13:28 . 2009-07-16 13:28 1563648 c:\windows\Installer\1c1f9b.msi
+ 2005-06-20 22:34 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-04-10 894720]
"RWipeD"="c:\program files\R-Wipe&Clean\rwiped.exe" [2007-02-15 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-07-11 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 23:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Multi]
2005-04-17 23:36 90112 ----a-w- c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
backup=c:\windows\pss\Windows Home Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aliasdocserver"=2 (0x2)
"MskService"=2 (0x2)
"MCVSRte"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Multiplicity"=2 (0x2)
"GoToMyPC"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"|MicServiceAP"=2 (0x2)
"|MicServiceA8"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America's Army test\\System\\ArmyOps.exe"=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/13/2005 2:18 AM 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [10/13/2005 2:19 AM 16640]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3/6/2005 5:19 PM 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [1/29/2005 12:46 PM 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [9/17/2003 7:00 AM 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [9/17/2003 7:00 AM 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [10/13/2005 5:32 AM 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [3/6/2005 5:19 PM 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/17/2007 11:02 PM 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 1:35 PM 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
S1 atitray;atitray;\??\c:\program files\Ray Adams\ATI Tray Tools\atitray.sys --> c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [?]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE --> c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [?]
S2 WinDefend;Windows Defender Service;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [1/15/2005 4:12 PM 5824]
S3 BS_DEF;BS_DEF;\??\c:\windows\BS_DEF.sys --> c:\windows\BS_DEF.sys [?]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [3/22/2006 2:00 PM 61440]
S3 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [3/22/2006 1:59 PM 2732608]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/22/2008 10:18 PM 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [1/30/2005 12:38 PM 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [10/13/2005 5:32 AM 11351]
S3 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [4/15/2006 9:03 PM 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [10/13/2005 5:32 AM 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [12/3/2004 4:54 PM 56704]
S3 UltraCrypt;UltraCrypt;\??\c:\program files\UltraLeecher\UltraCrypt.sys --> c:\program files\UltraLeecher\UltraCrypt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI8C0D~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\Eltima Software\Flash Decompiler\iebt.html
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\docume~1\me\APPLIC~1\Mozilla\Firefox\Profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 08:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1248)
geyekrkcxxccqt.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
.
Completion time: 2009-07-23 8:14
ComboFix-quarantined-files.txt 2009-07-23 15:14
ComboFix2.txt 2009-07-23 13:42
ComboFix3.txt 2009-07-19 17:21
ComboFix4.txt 2009-07-18 06:04
ComboFix5.txt 2009-07-23 14:54

Pre-Run: 17,627,566,080 bytes free
Post-Run: 17,607,114,752 bytes free

303 --- E O F --- 2008-10-15 15:56

MBAM Log

Malwarebytes' Anti-Malware 1.39
Database version: 2487
Windows 5.1.2600 Service Pack 2

7/23/2009 8:38:54 AM
mbam-log-2009-07-23 (08-38-54).txt

Scan type: Quick Scan
Objects scanned: 97110
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:30 AM, on 7/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Autodesk Network License Manager\lmgrd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Autodesk Network License Manager\adskflex.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI8C0D~1\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RWipeD] C:\Program Files\R-Wipe&Clean\rwiped.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8C0D~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI8C0D~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI8C0D~1\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI8C0D~1\Office12\REFIEBAR.DLL
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.9.113.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...677/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI8C0D~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\macromedia\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\macromedia\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe (file missing)
O23 - Service: FLEXlm Service 1 - Macrovision Corporation - C:\Autodesk Network License Manager\lmgrd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
O23 - Service: wampapache - Unknown owner - F:\wamp\apache2\bin\Apache.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - F:\wamp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 15157 bytes

[AdvancedSetup]

STEP 01
Please click on START - RUN and Copy/Paste the following into the RUN line and click OK

CMD /K REG DELETE "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig" /F

Let me know if it produces an error or not. Then restart the computer again and run the following

STEP 02
Please download the following scanning tool. GMER
[indent]

• Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.
  
• Double click on random named exe file and run it.
  
• It may take a minute to load and become available.
  
• Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
  
• Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
  
• Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
  
• DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
  
• Click OK and quit the GMER program.

[/indent]

STEP 03
RootRepeal - Rootkit Detector
[indent]

Close ALL applications and as many items in the task tray that will stop and exit.

• Please download the following tool: RootRepeal - Rootkit Detector
  
• Direct download link is here: RootRepeal.rar
  
• If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  
• Extract the program file to a new folder such as C:\RootRepeal
  
• Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the same location where you ran it from, such as C:\RootRepeal
  
• Save it as your_name_rootrepeal.txt - where your_name is your forum name
  
• This makes it more easy to track who the log belongs to.
  
• Then open that log and select all and copy/paste it back on your next reply please.
  
• Quit the RootRepeal program.

[/indent]

STEP 04
Make sure you delete the current bootlog file if it exists.

Please create a BOOTLOG

• Delete the following file if it exists. C:\Windows\ntbtlog.txt
  
• Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  
• Select "Enable Boot Logging" option and press enter.
  
• Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  
• This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
   
  If you're already running inside Windows you can enable it the following way.
   
  
• Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  
• Click on OK and you will be prompted to RESTART Windows. Please do restart now.
  
• After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  
• From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  
• NOTE: If the file is over about 150 lines or so then DELETE the C:\Windows\ntbtlog.txt file and restart the computer and post the NEW one it creates.
  
• NOTE: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  
• The tab is called BOOT on Vista. Then choose Boot log

[brew]

Step 1 - Completed - no errors
Step 2 - Completed - gmerlog.zip attached
Step 3 - Not completed -
When I try to run RootRepeal, I get this error message -
Mismatch between the kernal reported by windows and the one reported by a hardware scan. Do you want to use the kernal reported by windows?

After selecting either yes or no, I get this error message -
Could not read the boot sector. Try adjusting the disk access level in the options dialog.

Adjusting disk access has no impact, I get the following -
Could not find module on disk.

Step 4 - Completed - log follows
Not sure if its relevent, all options under boot.ini in msconfig are greyed out.

ntbtlog

Service Pack 2 7 24 2009 07:19:42.500
Loaded driver \WINDOWS\system32\TUKERNEL.EXE
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver nvraid.sys
Loaded driver \WINDOWS\system32\drivers\CLASSPNP.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver nvatabus.sys
Loaded driver SI3132.sys
Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Loaded driver nvata.sys
Loaded driver disk.sys
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver SiWinAcc.sys
Loaded driver PQV2i.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver sbp2port.sys
Loaded driver nvcchflt.sys
Loaded driver Mup.sys
Loaded driver ABIT-IO.sys
Loaded driver \SystemRoot\System32\DRIVERS\processr.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\drivers\pivot.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\nvnetbus.sys
Loaded driver \SystemRoot\System32\DRIVERS\ASACPI.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\Drivers\PdiPorts.sys
Loaded driver \SystemRoot\system32\DRIVERS\RadProbe.sys
Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\drivers\SaiNtBus.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\System32\Drivers\wdf01000.sys
Loaded driver \SystemRoot\system32\DRIVERS\zumbus.sys
Loaded driver \SystemRoot\system32\drivers\windrvr6.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\SaiMini.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\system32\DRIVERS\NVENETFD.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\system32\drivers\ha20x2k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\system32\drivers\ctac32k.sys
Loaded driver \SystemRoot\system32\CTHWIUT.DLL
Loaded driver \SystemRoot\system32\CT20XUT.DLL
Loaded driver \SystemRoot\system32\CTEXFIFX.DLL
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\System32\Drivers\pwd_2k.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Did not load driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\cdudf_xp.SYS
Loaded driver \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
Loaded driver \systemroot\system32\drivers\geyekrclkkmxow.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\Drivers\UDFReadr.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\Drivers\PQIMount.SYS
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\ikhlayer.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Did not load driver \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
Did not load driver \SystemRoot\system32\DRIVERS\ATITool.sys
Loaded driver \SystemRoot\system32\drivers\AsIO.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\System32\Drivers\LHidUsbK.Sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\LHidKE.Sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouKE.Sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \??\C:\WINDOWS\system32\Drivers\GDFSHK.SYS
Loaded driver \SystemRoot\system32\DRIVERS\RadProbe.sys
Did not load driver \SystemRoot\system32\DRIVERS\a347bus.sys
Loaded driver \??\C:\WINDOWS\system32\Drivers\GDTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\LANPkt.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \SystemRoot\System32\DRIVERS\parport.sys
Did not load driver \SystemRoot\SYSTEM32\drivers\DS1410D.SYS
Did not load driver \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys
Loaded driver \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
Loaded driver \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\PfModNT.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

[brew]

Sorry, forgot to attach gmerlog.zip

Attached Files

•  gmerlog.zip   2.92K   18 downloads

[AdvancedSetup]

I think that is possibly due to the Tuneup Utilities that are installed why it has an issue with MSCONFIG on that part.
Might be best to try and uninstall the product for now and if you really want it re-install it later or update it to a recent version.
Appears to be a lot of old security software on the system that should probably be removed and or updated to latest versions, but lets try to clean out this other part of infection if we can. The boot log and GMER show a file that should not be loading that may be protecting the infection from removal.


STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

Rootkit::
c:\windows\system32\drivers\najam.sys
c:\windows\system32\geyekrkcxxccqt.dll
File::
c:\windows\system32\drivers\najam.sys
c:\windows\system32\geyekrkcxxccqt.dll

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disconnect from the Internet.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 021
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

STEP 03
Please download the following scanning tool. GMER
[indent]

• Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.
  
• Double click on random named exe file and run it.
  
• It may take a minute to load and become available.
  
• Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
  
• Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
  
• Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
  
• DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
  
• Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista
[/indent]

[brew]

Step 1 - Completed and log follows. However, after running combofix, I now am getting several random "application errors" ie..

Firefox.exe - Application Error
The instruction at "0x7b2f6231" referenced memory at "0x7b2f6231". The memory could not be read.
Click on ok to terminate the program.

Step 2 - Completed, Log follows.
Step 3 - Completed log attached

Combofix Log

ComboFix 09-07-25.06 - me 07/26/2009 9:05.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1532 [GMT -7:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\me\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"c:\windows\system32\drivers\najam.sys"
"c:\windows\system32\geyekrkcxxccqt.dll"
.
The following files were disabled during the run:
c:\windows\system32\rbadzm.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a99k.bin
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys
c:\windows\system32\rbadza.sys
c:\windows\system32\rbadza.sys . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 16:18 . 2009-07-26 16:18 0 ------w- c:\windows\system32\rbadza.sys
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\system32\drivers\Si3114r5.sys
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-07-25 10:35 . 2009-07-25 10:35 8416 ----a-w- c:\windows\BS_DEF.sys
2009-07-25 10:35 . 2009-07-25 10:35 23172 ----a-w- c:\windows\system32\rbadzm.dll
2009-07-24 14:09 . 2009-07-24 14:09 -------- d-----w- C:\rootrepeal
2009-07-21 14:51 . 2009-07-21 14:51 -------- d-----w- c:\windows\Sun
2009-07-16 13:59 . 2009-07-16 13:59 -------- d-----w- c:\program files\ESET
2009-07-16 13:28 . 2009-07-16 13:28 -------- d-----w- c:\program files\Java
2009-07-16 12:51 . 2009-07-16 12:51 -------- d-----w- c:\program files\CCleaner
2009-07-16 01:32 . 2009-07-16 01:32 -------- d-----w- c:\program files\Trend Micro
2009-07-16 00:03 . 2009-07-16 00:23 -------- d-----w- C:\123Qoobox
2009-07-15 22:26 . 2009-07-15 22:26 -------- d-----w- c:\program files\Sophos
2009-07-15 21:42 . 2009-07-15 21:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 16:19 . 2007-03-03 01:08 -------- d-----w- c:\documents and settings\me\Application Data\DMCache
2009-07-26 07:00 . 2007-02-21 05:24 -------- d-----w- c:\documents and settings\me\Application Data\R-Wipe&Clean
2009-07-25 10:35 . 2008-05-08 05:01 -------- d-----w- c:\program files\UltraLeecher
2009-07-24 01:56 . 2007-03-09 03:02 -------- d-----w- c:\program files\MagicISO
2009-07-16 23:42 . 2007-01-24 06:56 -------- d-----w- c:\program files\CoffeeCup Software
2009-07-16 20:19 . 2005-10-21 17:09 -------- d-----w- c:\program files\MasterSplitter
2009-07-16 13:28 . 2009-05-28 15:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-16 00:31 . 2005-06-10 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-15 21:10 . 2009-01-13 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2009-01-13 17:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-01-13 17:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 15:22 . 2009-02-22 00:26 -------- d-----w- c:\documents and settings\me\Application Data\Vidalia
2009-07-12 15:22 . 2009-02-22 00:38 -------- d-----w- c:\documents and settings\me\Application Data\tor
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nView_Profiles
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-25 00:17 . 2005-06-10 12:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 21:50 . 2008-10-15 16:15 889360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 18:58 . 2009-06-09 13:48 -------- d-----w- c:\documents and settings\me\Application Data\nHancer
2009-06-17 02:02 . 2007-03-31 04:43 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-17 02:02 . 2007-03-31 04:43 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-16 19:54 . 2009-06-16 19:54 -------- d-----w- c:\program files\PopCap Games
2009-06-12 14:42 . 2009-06-12 14:39 -------- d-----w- c:\program files\nLite
2009-06-10 22:53 . 2009-06-06 15:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA3DeployClient
2009-06-10 22:35 . 2005-09-03 18:16 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 16:46 . 2007-04-10 04:13 -------- d-----w- c:\documents and settings\me\Application Data\IDM
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\documents and settings\me\Application Data\IGN_DLM
2009-06-10 13:39 . 2005-06-10 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 13:38 . 2005-06-10 12:07 -------- d-----w- c:\program files\Symantec
2009-06-10 13:28 . 2009-01-29 00:25 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum Edition
2009-06-10 13:03 . 2009-06-10 13:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-12-31 04:30 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-09 13:49 . 2006-12-31 04:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NVIDIA
2009-06-09 13:49 . 2009-06-09 13:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\nHancer
2009-06-09 13:34 . 2009-06-09 13:34 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 03:54 . 2005-09-28 00:06 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 03:53 . 2006-09-19 13:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-09 03:46 . 2006-04-20 13:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-09 03:44 . 2009-06-09 03:44 -------- d--h--w- c:\program files\Zero G Registry
2009-06-09 03:42 . 2007-10-06 16:57 -------- d-----w- c:\program files\IrfanView
2009-06-09 03:42 . 2005-06-10 12:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-09 03:42 . 2006-09-15 06:03 -------- d-----w- c:\program files\IGN
2009-06-09 03:28 . 2005-06-10 12:01 -------- d-----w- c:\program files\Fraps
2009-06-09 03:27 . 2008-09-09 21:44 -------- d-----w- c:\program files\Exodus
2009-06-09 03:27 . 2005-08-12 06:52 -------- d-----w- c:\documents and settings\me\Application Data\Exodus
2009-06-09 03:26 . 2007-03-30 02:30 -------- d-----w- c:\program files\DAZ
2009-06-09 03:23 . 2005-06-10 11:59 -------- d-----w- c:\program files\ASUS
2009-06-09 03:22 . 2005-06-10 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:22 . 2006-12-26 04:19 -------- d-----w- c:\documents and settings\me\Application Data\Lavasoft
2009-06-09 03:21 . 2007-06-27 04:15 -------- d-----w- c:\program files\123Movies2PSP
2009-06-08 03:57 . 2006-10-15 10:01 4764 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-08 03:27 . 2009-06-08 03:27 906 ----a-w- C:\fix.bat
2009-06-06 02:32 . 2007-03-31 04:43 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 02:17 . 2009-06-06 02:16 -------- d-----w- c:\program files\America's Army test
2009-06-06 01:43 . 2008-03-08 22:17 142200 ----a-w- c:\documents and settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 01:01 . 2009-06-06 00:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AA2DeployClient
2009-06-04 23:39 . 2006-06-20 12:18 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-03 22:41 . 2008-05-08 05:02 37472 ----a-w- c:\windows\Fonts\INFOview.fon\infoview.fon
2009-06-03 22:41 . 2008-05-08 05:02 -------- d-----w- c:\windows\Fonts\INFOview.fon
2009-05-31 17:12 . 2009-05-31 17:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MumboJumbo
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\documents and settings\me\Application Data\EPSON
2009-05-29 21:12 . 2009-05-29 21:12 -------- d-----w- c:\program files\epson
2009-05-28 18:59 . 2007-08-22 04:46 59160 ----a-w- c:\windows\system32\zlib.dll
2009-05-05 20:35 . 2009-05-05 20:35 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-05 20:35 . 2009-05-05 20:35 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-04-28 16:55 . 2009-04-28 16:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2003-08-27 22:19 . 2005-01-30 19:29 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-22 21:00 . 2009-02-22 00:34 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_04.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-26 16:19 . 2009-07-26 16:19 16384 c:\windows\temp\Perflib_Perfdata_314.dat
+ 2009-07-23 13:44 . 2009-07-26 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-15 23:04 . 2009-07-26 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-15 21:42 . 2009-07-15 21:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-15 21:42 . 2009-07-26 16:01 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2005-01-15 23:04 . 2009-07-16 00:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-01-15 23:04 . 2009-07-26 16:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-28 15:06 . 2009-07-16 13:28 148888 c:\windows\system32\javaws.exe
- 2009-05-28 15:06 . 2009-05-28 15:06 148888 c:\windows\system32\javaws.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\javaw.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\javaw.exe
+ 2005-07-01 14:01 . 2009-07-16 13:28 144792 c:\windows\system32\java.exe
- 2005-07-01 14:01 . 2009-05-28 15:06 144792 c:\windows\system32\java.exe
+ 2009-07-16 13:28 . 2009-07-16 13:28 1563648 c:\windows\Installer\1c1f9b.msi
+ 2005-06-20 22:34 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-04-10 894720]
"RWipeD"="c:\program files\R-Wipe&Clean\rwiped.exe" [2007-02-15 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-07-11 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-10-19 293888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\America's Army test\\System\\ArmyOps.exe"=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/13/2005 2:18 AM 7680]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [10/13/2005 2:19 AM 16640]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3/6/2005 5:19 PM 3744]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\autodesk network license manager\lmgrd.exe [1/29/2005 12:46 PM 659456]
R2 GdFsHook;McAfee Privacy Service File Guardian;c:\windows\system32\drivers\gdfshk.sys [9/17/2003 7:00 AM 26816]
R2 GdTdi;McAfee Privacy Service Transport Filter;c:\windows\system32\drivers\gdtdi.sys [9/17/2003 7:00 AM 33330]
R2 LANPkt;Linksys LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [10/13/2005 5:32 AM 8568]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [3/6/2005 5:19 PM 3904]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/17/2007 11:02 PM 15896]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 1:35 PM 604416]
S0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
S1 atitray;atitray;\??\c:\program files\Ray Adams\ATI Tray Tools\atitray.sys --> c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [?]
S1 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [7/25/2009 3:35 AM 8416]
S1 esihdrv;esihdrv;\??\c:\docume~1\me\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\me\LOCALS~1\Temp\esihdrv.sys [?]
S1 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S1 UltraCrypt;UltraCrypt;c:\program files\UltraLeecher\UltraCrypt.sys [7/25/2009 3:35 AM 8416]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE --> c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [?]
S2 WinDefend;Windows Defender Service;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [1/15/2005 4:12 PM 5824]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\macromedia\runtime\bin\jrunsvc.exe [3/22/2006 2:00 PM 61440]
S3 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\macromedia\verity\k2\_nti40\bin\k2admin.exe [3/22/2006 1:59 PM 2732608]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/22/2008 10:18 PM 79360]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [1/30/2005 12:38 PM 24059]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [10/13/2005 5:32 AM 11351]
S3 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [4/15/2006 9:03 PM 19020]
S3 RTLVLANXP;Linksys VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLANXP.SYS [10/13/2005 5:32 AM 15360]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [12/3/2004 4:54 PM 56704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI8C0D~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SWF Capture tool - c:\program files\Eltima Software\Flash Decompiler\iebt.html
Trusted Zone: homeserver.com\sten
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\docume~1\me\APPLIC~1\Mozilla\Firefox\Profiles\zrm9qe1b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\zrm9qe1b.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 09:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1396)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
c:\windows\system32\rbadzm.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\stardock\SDMCP.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\progra~1\MICROS~1\rapimgr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-26 9:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 16:26
ComboFix2.txt 2009-07-26 06:47
ComboFix3.txt 2009-07-23 15:14
ComboFix4.txt 2009-07-23 13:42
ComboFix5.txt 2009-07-26 15:54

Pre-Run: 17,825,570,816 bytes free
Post-Run: 17,806,221,312 bytes free

318 --- E O F --- 2008-10-15 15:56

MBAM Log

Malwarebytes' Anti-Malware 1.39
Database version: 2505
Windows 5.1.2600 Service Pack 2

7/26/2009 9:38:26 AM
mbam-log-2009-07-26 (09-38-17).txt

Scan type: Quick Scan
Objects scanned: 98176
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrkcxxccqt.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\a99k.bin (Trojan.Agent) -> No action taken.

Attached Files

•  gmerlog2.zip   2.99K   16 downloads