Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
MalwareBytes Anti-Malware Download

> Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


DO NOT RUN ComboFix unless requested to.


Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages V  < 1 2 3 4 >  
Closed TopicStart new topic
> dwwin.exe - bad image error
pringles06
post Jan 15 2010, 09:07 AM
Post #16


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
How's it doing now???

ComboFix 10-01-13.07 - Cole 01/15/2010 7:48.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.211 [GMT -5:00]
Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cole\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

FILE ::
"k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe"
.

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 12:59 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-15 04:28 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-14 21:44 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 21:44 . 2000-04-29 10:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:49 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 17:01 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:13 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 15:10 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-10-29 07:45 . 2005-10-21 18:51 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2009-12-30 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00 . 2009-12-30 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2009-12-30 23:03 263552 ----a-w- c:\windows\system32\drivers\http.sys
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-03-11 22:18 . 2004-11-19 02:42 135168 c:\program files\eMachines Bay Reader\bak\shwiconem.exe

2006-06-14 21:24 . 2006-06-14 21:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-11-12 21:33 . 2009-11-12 21:33 141600 c:\program files\iTunes\iTunesHelper.exe

2006-07-17 01:21 . 2006-07-17 01:21 282624 c:\program files\QuickTime\bak\qttask.exe
2009-11-11 04:08 . 2009-11-11 04:08 417792 c:\program files\QuickTime\QTTask.exe

2001-09-14 16:34 . 2004-11-19 02:41 684032 c:\qoobox\Quarantine\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe.vir

2000-04-29 10:30 . 2005-08-05 20:08 67160 c:\qoobox\Quarantine\C\Program Files\aim\bak\aim.exe.vir

2005-10-11 16:02 . 2005-10-11 16:02 180269 c:\qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2004-10-09 20:30 . 2004-11-19 02:42 73728 c:\qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2004-11-02 22:59 . 2004-11-02 22:59 218240 c:\qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe.vir

2068-02-23 04:44 . 2004-11-19 02:40 36864 c:\qoobox\Quarantine\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe.vir

2000-07-14 03:00 . 2004-11-19 02:41 32768 c:\qoobox\Quarantine\C\Program Files\Microsoft Works\bak\WkDetect.exe.vir

2004-10-23 14:41 . 2004-11-19 02:41 114688 c:\qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe.vir

2010-01-13 22:53 . 2005-08-05 21:08 67160 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\aim\bak\aim.exe.vir

2010-01-14 19:55 . 2005-10-11 17:02 180269 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2010-01-13 22:53 . 2004-11-19 03:42 73728 c:\qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2010-01-13 22:53 . 2004-08-27 05:43 56320 c:\qoobox\Quarantine\k\C\C backup\C\WINDOWS\system32\bak\DeltTray.exe.vir

2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [N/A]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/4/2004 2:20 PM 188276]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [5/31/2004 11:41 AM 54784]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?]
S3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys --> c:\windows\system32\Drivers\mscnr.sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [12/28/2004 4:48 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [12/28/2004 4:48 PM 22304]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 08:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\zHotkey.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-15 08:55:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 13:54
ComboFix2.txt 2010-01-14 22:03
ComboFix3.txt 2010-01-14 20:03
ComboFix4.txt 2010-01-13 23:44
ComboFix5.txt 2010-01-15 12:47

Pre-Run: 6,023,061,504 bytes free
Post-Run: 5,984,600,064 bytes free

- - End Of File - - F4CC17BD4A3C796003520E48C67675D2
Go to the top of the page
 
+Quote Post
elise025
post Jan 15 2010, 09:29 AM
Post #17


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
Nope, still no luck.

Lets try this with a special tool:

Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 15 2010, 12:47 PM
Post #18


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 01/15/2010
The current time is: 9:34:24.73


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\EMACHI~1\BAK

11/18/2004 09:42 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

06/14/2006 04:24 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

07/16/2006 08:21 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/26/2004 11:43 PM 56,320 DeltTray.exe
1 File(s) 56,320 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\AIM\BAK

08/05/2005 03:08 PM 67,160 aim.exe.vir
1 File(s) 67,160 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\MICROS~1\BAK

11/18/2004 09:41 PM 32,768 WkDetect.exe.vir
1 File(s) 32,768 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\COMMON~1\SYMANT~1\BAK

11/18/2004 09:42 PM 73,728 ccApp.exe.vir
1 File(s) 73,728 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\VIEWPO~1\VIEWPO~1\BAK

11/18/2004 09:41 PM 114,688 ViewMgr.exe.vir
1 File(s) 114,688 bytes


11/18/2004 09:41 PM 684,032 DirectCD.exe.vir
1 File(s) 684,032 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\COMMON~1\REAL\UPDATE~1\BAK

10/11/2005 11:02 AM 180,269 realsched.exe.vir
1 File(s) 180,269 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\COMMON~1\SYMANT~1\SECURI~1\BAK

11/02/2004 05:59 PM 218,240 UsrPrmpt.exe.vir
1 File(s) 218,240 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~2\JAVA\J2RE14~1.2_~\BIN\BAK

11/18/2004 09:40 PM 36,864 jusched.exe.vir
1 File(s) 36,864 bytes

Directory of C:\QOOBOX\QUARAN~1\K\C\CBACKU~1\C\PROGRA~1\AIM\BAK

08/05/2005 04:08 PM 67,160 aim.exe.vir
1 File(s) 67,160 bytes

Directory of C:\QOOBOX\QUARAN~1\K\C\CBACKU~1\C\WINDOWS\SYSTEM32\BAK

08/27/2004 12:43 AM 56,320 DeltTray.exe.vir
1 File(s) 56,320 bytes

Directory of C:\QOOBOX\QUARAN~1\K\C\CBACKU~1\C\PROGRA~1\COMMON~1\SYMANT~1\BAK

11/18/2004 10:42 PM 73,728 ccApp.exe.vir
1 File(s) 73,728 bytes

Directory of C:\QOOBOX\QUARAN~1\K\C\CBACKU~1\C\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

10/11/2005 12:02 PM 180,269 realsched.exe.vir
1 File(s) 180,269 bytes

Directory of K:\C\CBACKU~1\C\PROGRA~1\EMACHI~1\BAK

11/18/2004 10:42 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

135168 Nov 18 2004 "C:\Program Files\eMachines Bay Reader\bak\shwiconem.exe"
38924 Jan 15 2007 "K:\C\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe"
135168 Nov 18 2004 "K:\C\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe"
141600 Nov 12 2009 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Jun 14 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Jan 1 2010 "C:\WINDOWS\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe"
278528 Jun 14 2006 "K:\C\C backup\C\Program Files\iTunes\iTunesHelper.exe"
102400 Jul 17 2007 "K:\C\C backup\C\WINDOWS\Installer\{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}\iTunesIco.exe"
102400 Jan 1 2010 "K:\C\C backup\C\WINDOWS\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe"
116024 Jul 10 2007 "K:\C\C backup\C\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.1.3\iTunesSetupAdmin.exe"
417792 Nov 10 2009 "C:\Program Files\QuickTime\QTTask.exe"
282624 Jul 16 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
282624 Jul 16 2006 "K:\C\C backup\C\Program Files\QuickTime\qttask.exe"
56320 Aug 26 2004 "C:\WINDOWS\system32\bak\DeltTray.exe"
56320 Aug 27 2004 "K:\C\C backup\C\Documents and Settings\Cole\Local Settings\Temp\{C11DDB3B-6C08-4E1F-9004-8B37AAA7DA8F}\{A4810699-E859-43A6-8F40-1743873E72AB}\DeltTray.exe"
67160 Aug 5 2005 "C:\Qoobox\Quarantine\C\Program Files\aim\bak\aim.exe.vir"
67160 Aug 5 2005 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\aim\bak\aim.exe.vir"
32768 Nov 18 2004 "C:\Qoobox\Quarantine\C\Program Files\Microsoft Works\bak\WkDetect.exe.vir"
38924 Jan 15 2007 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Microsoft Works\WkDetect.exe.vir"
73728 Nov 18 2004 "C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir"
73728 Nov 18 2004 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir"
114688 Nov 18 2004 "C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe.vir"
38924 Jan 15 2007 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe.vir"
684032 Nov 18 2004 "C:\Qoobox\Quarantine\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe.vir"
38924 Jan 15 2007 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe.vir"
180269 Oct 11 2005 "C:\Qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir"
180269 Oct 11 2005 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir"
218240 Nov 2 2004 "C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe.vir"
38924 Jan 15 2007 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe.vir"
36864 Nov 18 2004 "C:\Qoobox\Quarantine\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe.vir"
38924 Jan 15 2007 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Java\j2re1.4.2_04\bin\jusched.exe.vir"
67160 Aug 5 2005 "C:\Qoobox\Quarantine\C\Program Files\aim\bak\aim.exe.vir"
67160 Aug 5 2005 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\aim\bak\aim.exe.vir"
56320 Aug 27 2004 "C:\Qoobox\Quarantine\k\C\C backup\C\WINDOWS\system32\bak\DeltTray.exe.vir"
73728 Nov 18 2004 "C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir"
73728 Nov 18 2004 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir"
180269 Oct 11 2005 "C:\Qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir"
180269 Oct 11 2005 "C:\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir"
135168 Nov 18 2004 "C:\Program Files\eMachines Bay Reader\bak\shwiconem.exe"
38924 Jan 15 2007 "K:\C\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe"
135168 Nov 18 2004 "K:\C\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe"


end of report
Go to the top of the page
 
+Quote Post
elise025
post Jan 15 2010, 01:44 PM
Post #19


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

QUOTE
"C:\Program Files\eMachines Bay Reader\bak\shwiconem.exe"
"K:\C\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\DeltTray.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 15 2010, 04:05 PM
Post #20


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
the scan's been running for about two hours now...shouldn't it be over?
Go to the top of the page
 
+Quote Post
elise025
post Jan 15 2010, 04:10 PM
Post #21


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
Strange, should only take a few minutes. Can you close the application and try again?


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 15 2010, 04:30 PM
Post #22


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
same thing
Go to the top of the page
 
+Quote Post
elise025
post Jan 15 2010, 04:49 PM
Post #23


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
Please take out the second line (the one that starts with "k:... ) and try again.


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 18 2010, 10:11 PM
Post #24


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
same old story
Go to the top of the page
 
+Quote Post
elise025
post Jan 19 2010, 04:39 AM
Post #25


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
Well, in that case lets do it with Combofix manually. Please download a new copy of combofix and delete your old one.

Run Combofix and post me the log.


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 19 2010, 08:56 AM
Post #26


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
ComboFix 10-01-18.02 - Cole 01/19/2010 8:25.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.119 [GMT -5:00]
Running from: i:\documents\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-15 18:57 . 2004-08-27 04:43 56320 ----a-w- c:\windows\system32\DeltTray.exe
2010-01-12 11:11 . 2010-01-12 11:11 -------- d-----w- C:\spoolerlogs
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\Cole\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-01-12 05:07 . 2010-01-12 05:07 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\PACE Anti-Piracy
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\InterLok
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\documents and settings\Cole\Application Data\Antares
2010-01-12 04:52 . 2010-01-12 04:52 -------- d-----w- c:\program files\Antares Audio Technologies
2010-01-11 22:32 . 2010-01-11 22:32 -------- d-----w- c:\documents and settings\Cole\Application Data\SynthMaker
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-07 18:39 . 2010-01-07 18:42 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Temp
2010-01-07 15:24 . 2010-01-07 15:24 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 15:53 . 2007-11-13 17:31 204288 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2010-01-06 15:53 . 2007-11-14 21:20 20168 ----a-w- c:\windows\system32\drivers\usb11ldr.sys
2010-01-06 15:53 . 2007-11-14 21:20 424456 ----a-w- c:\windows\system32\ma_cmidn.dll
2010-01-06 15:53 . 2007-11-14 21:20 31752 ----a-w- c:\windows\system32\drivers\ma_cmidi.sys
2010-01-06 15:53 . 2006-08-16 12:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2010-01-06 15:53 . 2006-08-16 12:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2010-01-06 15:53 . 2010-01-06 15:53 -------- d-----w- c:\program files\M-Audio
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\documents and settings\Cole\Application Data\InstallShield
2010-01-06 03:01 . 2010-01-06 03:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 14:14 . 2010-01-05 14:15 -------- dc-h--w- c:\windows\ie8
2010-01-05 04:31 . 2010-01-05 04:31 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2010-01-05 02:07 . 2010-01-05 02:07 -------- d-----w- c:\program files\SoulseekNS
2010-01-05 01:02 . 2010-01-05 01:02 -------- d-sh--w- c:\documents and settings\Cole\IECompatCache
2010-01-05 01:01 . 2010-01-05 01:01 -------- d-sh--w- c:\documents and settings\Cole\PrivacIE
2010-01-02 14:32 . 2010-01-02 14:32 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 15:11 . 2010-01-01 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 15:10 . 2010-01-01 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-01 15:08 . 2010-01-01 15:08 -------- d-----w- c:\program files\Apple Software Update
2010-01-01 15:06 . 2010-01-01 15:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-01 09:33 . 2010-01-01 09:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-31 14:47 . 2009-12-31 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-31 14:47 . 2010-01-05 02:27 -------- d-----w- c:\program files\RegCure
2009-12-31 14:37 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 14:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 14:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 14:37 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 14:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 14:37 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 14:37 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 14:37 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 14:37 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-31 14:37 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-12-31 14:35 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 14:34 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-12-31 14:33 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2009-12-31 14:32 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-31 14:31 . 2003-03-31 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-31 14:30 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-12-31 14:29 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\brmfrsmg.exe
2009-12-31 14:19 . 2009-12-31 14:19 -------- d-----w- c:\windows\system32\Registry Patrol
2009-12-31 14:19 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-12-31 14:19 . 2009-12-31 14:48 -------- d-----w- c:\program files\Registry Patrol
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-31 13:26 . 2009-12-31 13:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-31 06:22 . 2009-12-31 06:22 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-31 05:02 . 2009-12-31 05:02 -------- d-----w- c:\program files\Outsim
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 00:41 . 2009-12-31 00:41 -------- d-sh--w- c:\documents and settings\Cole\IETldCache
2009-12-30 23:56 . 2010-01-05 05:25 -------- d-----w- c:\windows\ie8updates
2009-12-30 23:49 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-30 23:49 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-30 23:49 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-30 23:49 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-30 23:48 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-30 23:48 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-30 23:47 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-30 23:44 . 2010-01-05 01:30 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-12-30 23:24 . 2009-12-30 23:24 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-12-30 23:04 . 2004-08-04 05:56 9216 -c--a-w- c:\windows\system32\dllcache\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 9216 ------w- c:\windows\system32\proxycfg.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 -c--a-w- c:\windows\system32\dllcache\logman.exe
2009-12-30 23:04 . 2004-08-04 05:56 59392 ------w- c:\windows\system32\logman.exe
2009-12-30 23:02 . 2004-08-04 05:56 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2009-12-30 23:01 . 2004-08-04 05:56 27136 -c--a-w- c:\windows\system32\dllcache\fxsdrv.dll
2009-12-30 23:01 . 2004-08-04 05:56 143360 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2009-12-30 23:01 . 2004-08-04 05:56 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-12-30 23:01 . 2004-08-04 05:56 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-12-30 23:01 . 2004-08-04 05:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-12-30 23:01 . 2004-08-04 05:56 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-12-30 23:01 . 2004-08-04 05:56 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2009-12-30 23:01 . 2010-01-01 08:02 -------- d-----w- c:\windows\ServicePackFiles
2009-12-30 22:55 . 2009-12-30 22:55 -------- d-----w- c:\windows\EHome
2009-12-30 19:44 . 2009-12-30 19:44 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-30 19:43 . 2009-12-30 19:44 -------- d-----w- c:\windows\Windows Update Setup Files
2009-12-30 19:35 . 2009-12-30 19:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 04:44 . 2009-12-26 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 13:30 . 2006-12-20 09:13 10 ----a-w- c:\windows\popcinfo.dat
2010-01-19 01:56 . 2006-07-17 01:21 -------- d-----w- c:\program files\QuickTime
2010-01-19 01:56 . 2004-06-01 02:26 -------- d-----w- c:\program files\iTunes
2010-01-18 22:52 . 2007-10-22 18:36 -------- d-----w- c:\documents and settings\Cole\Application Data\uTorrent
2010-01-15 18:50 . 2004-10-11 00:26 -------- d-----w- c:\documents and settings\Cole\Application Data\Skype
2010-01-14 21:44 . 2000-04-29 10:48 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 21:44 . 2000-04-29 10:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:49 . 2000-04-29 10:30 -------- d-----w- c:\program files\aim
2010-01-06 15:53 . 2000-04-29 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 02:09 . 2004-05-31 23:02 -------- d-----w- c:\program files\Soulseek
2010-01-05 02:00 . 2004-05-31 16:41 -------- d-----w- c:\program files\MA311 PCI Adapter Configuration Utility
2010-01-04 05:49 . 2004-06-01 02:27 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
2010-01-01 15:12 . 2005-10-11 14:06 -------- d-----w- c:\program files\iPod
2010-01-01 14:25 . 2004-06-13 14:17 -------- d-----w- c:\program files\Warcraft III
2010-01-01 14:14 . 2006-10-11 12:18 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-01-01 14:12 . 2007-08-26 18:58 -------- d-----w- c:\program files\QuickVideo weeCam
2010-01-01 05:44 . 2000-04-29 11:01 -------- d-----w- c:\program files\BigFix
2009-12-31 14:07 . 2007-10-03 22:15 -------- d-----w- c:\program files\Project64 1.6
2009-12-31 05:02 . 2004-10-16 22:36 -------- d-----w- c:\program files\Image-Line
2009-12-30 23:52 . 2004-04-20 17:31 -------- d-----w- c:\program files\eMachines Bay Reader
2009-12-30 23:33 . 2004-06-05 19:00 47552 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 23:07 . 2000-04-29 10:03 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-30 19:35 . 2004-07-15 19:07 -------- d-----w- c:\program files\Java
2009-10-29 07:45 . 2005-10-21 18:51 916480 ------w- c:\windows\system32\wininet.dll
2004-11-19 02:42 . 2004-09-01 02:27 165376 ----a-w- c:\program files\UNWISE.EXE
2004-11-19 02:42 . 2004-09-01 02:27 126976 ----a-w- c:\program files\AAT3 DirectX Register.exe
2001-11-18 02:29 . 2004-09-01 02:27 4550656 ----a-w- c:\program files\AutoTune.ax
2001-11-18 02:21 . 2004-09-01 02:27 49152 ----a-w- c:\program files\InstallShieldHelper.dll
2001-11-18 01:35 . 2004-09-01 02:27 20590 ----a-w- c:\program files\ReadMe.txt
2001-10-06 07:15 . 2004-09-01 02:27 370741 ----a-w- c:\program files\Auto-Tune3_Manual.pdf
2001-09-17 03:04 . 2004-09-01 02:27 3717 ----a-w- c:\program files\license.txt
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.55.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 13:01 . 2010-01-15 13:01 16384 c:\windows\Temp\Perflib_Perfdata_148.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-08 18:10 . 2004-11-19 03:42 135168 k:\c\C backup\C\Program Files\eMachines Bay Reader\bak\shwiconem.exe
2007-08-08 18:10 . 2007-01-16 01:46 38924 k:\c\C backup\C\Program Files\eMachines Bay Reader\shwiconem.exe

2010-01-18 08:18 . 2006-06-14 21:24 278528 k:\c\C backup\C\Program Files\iTunes\bak\iTunesHelper.exe
2007-08-08 18:30 . 2006-06-14 22:24 278528 k:\c\C backup\C\Program Files\iTunes\iTunesHelper.exe

2010-01-18 08:18 . 2006-07-17 01:21 282624 k:\c\C backup\C\Program Files\QuickTime\bak\qttask.exe
2007-08-08 18:42 . 2006-07-17 02:21 282624 k:\c\C backup\C\Program Files\QuickTime\qttask.exe

2010-01-18 08:20 . 2004-08-27 04:43 56320 k:\c\C backup\C\WINDOWS\system32\bak\DeltTray.exe
2010-01-18 08:20 . 2004-08-27 04:43 56320 k:\c\C backup\C\WINDOWS\system32\DeltTray.exe

2010-01-18 08:18 . 2004-11-19 02:41 684032 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe.vir

2010-01-18 08:18 . 2005-08-05 20:08 67160 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\aim\bak\aim.exe.vir

2010-01-18 08:18 . 2005-10-11 16:02 180269 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2010-01-18 08:18 . 2004-11-19 02:42 73728 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2010-01-18 08:18 . 2004-11-02 22:59 218240 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe.vir

2010-01-18 08:18 . 2004-11-19 02:41 36864 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Java\j2re1.4.2_04\bin\bak\jusched.exe.vir

2010-01-18 08:18 . 2004-11-19 02:41 32768 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Microsoft Works\bak\WkDetect.exe.vir

2010-01-18 08:18 . 2004-11-19 02:41 114688 k:\c\C backup\C\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe.vir

2010-01-18 08:18 . 2005-08-05 21:08 67160 k:\c\C backup\C\Qoobox\Quarantine\k\C\C backup\C\Program Files\aim\bak\aim.exe.vir

2010-01-18 08:18 . 2005-10-11 17:02 180269 k:\c\C backup\C\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Real\Update_OB\bak\realsched.exe.vir

2010-01-18 08:18 . 2004-11-19 03:42 73728 k:\c\C backup\C\Qoobox\Quarantine\k\C\C backup\C\Program Files\Common Files\Symantec Shared\bak\ccApp.exe.vir

2010-01-18 08:18 . 2004-08-27 05:43 56320 k:\c\C backup\C\Qoobox\Quarantine\k\C\C backup\C\WINDOWS\system32\bak\DeltTray.exe.vir

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" [N/A]
"EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"Google Update"="c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-11-19 741376]
"nForce Tray Options"="sstray.exe" [N/A]
"CHotkey"="zHotkey.exe" [2004-11-19 496640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"DeltTray"="DeltTray.exe" [2004-08-27 56320]
"findfast"="c:\documents and settings\Cole\Application Data\findfast.exe" [N/A]
"EarthLink Installer"="" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2006-07-17 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-07 5058560]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"{88707C22-0828-1033-0330-040805030001}"="c:\program files\Common Files\{88707C22-0828-1033-0330-040805030001}\Update.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-31 113664]
Configuration Utility.lnk - c:\program files\MA311 PCI Adapter Configuration Utility\wlanutil.exe [2010-1-4 890368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll
"Midi1"=usbmn1x1.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Cole\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [10/4/2004 2:20 PM 188276]
R3 MA311;NETGEAR Wireless LAN Driver;c:\windows\system32\drivers\ma311n51.sys [5/31/2004 11:41 AM 54784]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?]
S3 mscnr;SigmaTel MSCN Audio Player Control Driver;c:\windows\system32\Drivers\mscnr.sys --> c:\windows\system32\Drivers\mscnr.sys [?]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [12/28/2004 4:48 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [12/28/2004 4:48 PM 22304]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006Core.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675144800-245186961-2302628932-1006UA.job
- c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 18:39]

2010-01-18 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2000-04-29 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Cole\Application Data\Mozilla\Firefox\Profiles\l4rc2r85.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - plugin: c:\documents and settings\Cole\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Cole\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 08:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
.
Completion time: 2010-01-19 08:56:09
ComboFix-quarantined-files.txt 2010-01-19 13:55
ComboFix2.txt 2010-01-15 13:55
ComboFix3.txt 2010-01-14 22:03
ComboFix4.txt 2010-01-14 20:03
ComboFix5.txt 2010-01-19 13:23

Pre-Run: 5,937,303,552 bytes free
Post-Run: 5,952,102,400 bytes free

- - End Of File - - 0AA7F5740806C6DF16CBA9FCA57F2724
Go to the top of the page
 
+Quote Post
elise025
post Jan 19 2010, 11:03 AM
Post #27


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
Okay, before continuing here, can you explain what backup application you are using and if there is a possibility to turn this off?

Besides this infection, generally speaking, its most likely this backup drive has a copy of infected files from your main drive (which we might already have cleaned).


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 19 2010, 11:21 AM
Post #28


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
I'm using a program called EZBackItup which lets you run scheduled backups. Mine runs every Sunday night and backs up two internal hard drives onto one external hard drive. We could turn it off no problem.
Go to the top of the page
 
+Quote Post
elise025
post Jan 19 2010, 12:59 PM
Post #29


Bleepin' Blonde
******

Group: Moderator
Posts: 16,070
Joined: 5-October 07
From: Home
Member No.: 160,991
At this point, the only infected files are on your K:\ drive. Problem is that this is quite hard to clean. I would like you to consider scanning this drive with Norton antivirus (if you didn't do already so).

If you did so and it didn't pick up anything, let me know, and I will give you an alternative.

at this point, were you to use your backup, you would re-infect your system.


--------------------
Regards,
Elise
"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven."
John Milton

Become a BleepingComputer fan on Facebook
Follow us on Twitter
Go to the top of the page
 
+Quote Post
pringles06
post Jan 19 2010, 01:52 PM
Post #30


Member
**

Group: Members
Posts: 25
Joined: 31-December 09
Member No.: 426,844
Fails to even boot. Would welcome an alternative...
Go to the top of the page
 
+Quote Post
« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »
 

4 Pages V  < 1 2 3 4 >
Closed TopicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 6th September 2010 - 03:26 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2010  IPS, Inc.