Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 ChuckSeders

ChuckSeders

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 November 2008 - 01:19 PM

Ok, I have run every adware/malware program I can find as well as my Webroot AntiVirus with AntiSpyware. Every time I run any of them, the Virtumonde infection shows up. Occasionaly a pop-up shows up when I'm opening new pages online, but other than that, my computer seems to be running ok. I have followed the instructions as close as I could in the Preparation Guide. I appreciate any help you can provide me with and will answer any questions as best as I can. Here is the HijackThis Log from my computer. Thanks, Charlie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:15 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {03D28BAC-96F4-4D96-92A3-A13CA1CDFE19} - (no file)
O2 - BHO: (no name) - {209D8AB7-2A79-4CF9-822A-C485B8527B12} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: agadoo browser optimizer - {7e204661-c5a2-69ea-8847-7b4ce940718b} - C:\WINDOWS\system32\ekakzuxnvxjf.dll (file missing)
O2 - BHO: (no name) - {8BE07411-8AFD-4A69-9B3A-AA72F7E88AEB} - C:\WINDOWS\system32\vtUmKDsQ.dll (file missing)
O2 - BHO: (no name) - {9436f9b0-c6df-4782-962f-0ba3c1404883} - (no file)
O2 - BHO: {694437fa-57d7-8f4a-3ae4-5fae86dd3d79} - {97d3dd68-eaf5-4ea3-a4f8-7d75af734496} - C:\WINDOWS\system32\bincaz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {B58C9513-8896-4A6A-9BA8-0FBA3423F821} - (no file)
O2 - BHO: (no name) - {D5FEC5A9-F8C1-46BF-B256-8E3B08D607E0} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {EDAB0B84-5DA2-44C8-9E97-7370B0EC2FEF} - (no file)
O2 - BHO: (no name) - {F9A6BAD0-2350-4D09-88A2-1633426621AE} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\Sminst\Recguard.exe"
O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Scheduler] "C:\WINDOWS\SMINST\Scheduler.exe"
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [CognizanceTS] "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] "C:\WINDOWS\system32\AccelerometerSt.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Sederstrom\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpyZooka] "C:\Program Files\SpyZooka\SpyZookaLdr.exe"
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: apshook.dll jbqbha.dll gptica.dll bincaz.dll
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient Mini\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient Mini\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 14966 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 29 November 2008 - 07:23 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 ChuckSeders

ChuckSeders
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 01 December 2008 - 01:08 AM

1. SD Fix:

Checking Files :

No Trojan Files Found




Folder C:\Documents and Settings\Sederstrom\Application Data\gadcom - Removed
Folder C:\Temp\tn3 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 23:10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Wyzo\\wyzo.exe"="C:\\Program Files\\Wyzo\\wyzo.exe:*:Enabled:Wyzo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS00831766-80A6-411F-81B3-AEB7546480CC.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0539E826-31E9-4C69-98AE-C4A51A6EB455.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS0CDC8E00-C584-4903-BD48-4A4CFD8794D8.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS10A6C548-9222-4CC2-8594-502A3B7334CE.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS110ED07F-5D0C-45D0-B2D4-6C8FC74AD56B.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS172E989B-B335-413D-9189-481AEFE89D29.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1C8CBA97-8A49-49F8-AFA5-695556E542C1.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS1DCADDFE-A1AC-4774-831A-ED2D0C6ED3D5.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS20CCE030-5617-4D1A-B180-BE6AE520D9A4.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS24DCD8C2-CE16-440A-AD8C-E1393FE7CDC5.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2555E4DD-32D2-4D32-9ED2-100A9CF1083B.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2504F8F7-4A24-43C4-AE29-031108FBE7A9.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS28220B5C-1107-438F-A63C-AC13224F3D17.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2A54E2B5-9285-4892-BCA5-38BDB013F113.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2C436E95-11D6-49C4-8E39-97FB3EAE595A.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2D1773E4-A804-4512-988B-B673B3F07ED6.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2DA17A7D-4960-4B22-B289-BC67CE320D07.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS2D5D78A2-2A09-4117-A5A4-D2C663465AD7.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS3059C224-4B3E-4045-A64A-0F28A7946269.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS33516CCF-E4A4-4CED-91BC-381CEB8E93F1.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS34F9F46C-967F-419D-BD8B-1ABF7C9246E4.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS3661ED3A-6498-474C-825E-5043C8162636.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS3B9412C1-241F-4246-BE95-D8208A161E05.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS3D5BED2C-1DA7-4044-90C2-D75EB67AD8B9.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS40BB079A-CAFD-47A3-8EF6-72E9EA722A76.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS405AF387-F398-412C-8EB8-7A6128055562.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS43E5CC8E-D64F-434E-BB72-AF96B7CA56ED.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS437003DA-550A-4C97-9C3D-30636A4A236D.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS43687AE1-7D8F-4F0D-A46D-255A4F542397.tmp"
Sun 30 Nov 2008 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS51273A86-BE0D-4176-86CC-B059DA241636.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS530EC5D7-2C95-4A10-AFCE-81BCCD50AC3B.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5602D845-84BC-4FFC-A5BC-4A1C321AFA26.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5678FD2C-79FC-4530-9263-332DA134AB83.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS58D77F34-73A6-430D-9D2C-561A2CD9DB55.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5D22A007-970A-4DCD-87A9-BC8DC64FF5A2.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5DB56BA0-8C8F-4524-8525-47DE60EB41D8.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS5E647B63-0B8E-430C-8AF6-F92417DF8C30.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6022E50B-3F7B-4E42-A0A4-284A1F067043.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS61E15CE3-190D-4456-A2AB-9B674715CDAA.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS61DD20D7-ED63-4320-AC51-6725BC2A3BA3.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6489A96D-4670-423D-BC3D-59F61C223904.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6548C176-EAFB-4912-8ECD-6378B0750AC5.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS691D046E-D3B2-4E44-BC82-78F4594F87D9.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6A68B795-9BD9-4020-95AD-EB3AA175917A.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6A57B203-390D-47C3-8A01-4C770D6443D4.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6B3FCD6E-F2A5-4ED0-827E-45C8384592E5.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6BC41DA1-2397-40CB-B7AB-4DBB387BE611.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6C761F6E-D097-4947-B281-709C8CB7869C.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS6F4B956C-963F-428D-968A-BE6907507665.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS75F9535E-E27B-41AE-9517-3A3220170DC4.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7BF8DC45-05FC-4994-937D-8D3372F33D4D.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7BE323BB-09D2-4B8D-ADF2-EB42AE16627D.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7D8398B2-A902-45BC-B601-B3AED4414EC3.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7D5BD2DA-4A4B-48D5-88E1-99B4AB4B07B4.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS7FF902CB-E20F-4EF1-982F-727C5BF31DB1.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS848CEE79-85BF-4CDD-ADF7-B5AC2ADAB1D6.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS859622F3-AC23-48B0-B30B-9E93D1A2CECF.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8A6CE403-199E-47E7-86AC-D4571878C4B1.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS8FBCB22B-3A8E-4AF2-842C-E263BB5294B7.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS902D0578-1F96-48DD-BDA4-3AEEB03186C0.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS906FF130-87B7-460D-AFD9-72CC3B118508.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS91214833-139E-43CD-A733-658343C88977.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS92978E66-110C-4E43-BE41-4F49FB106BE5.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS974289C7-6E09-466B-B029-E5B5B5B04CE2.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMS9A1B3DB3-2413-4A39-A0C3-158E649235C5.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA301E79F-3B14-46AC-A09A-A981C59B81E9.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA63F8D04-60C2-4FBB-8C23-6F678AE80AD7.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA76799CD-38E1-44C0-865D-222F792D3C6C.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA7EB071F-EB47-42FE-93C4-843445589EE9.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA7A82ED0-9E38-4D25-987F-2E616BE9C633.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA9B31D06-0A48-4C9B-A4EF-8F7B87C224C8.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSA9D4D103-A309-49C1-83FF-108391E6B87B.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAA93FF16-00FF-42CB-9D26-58AC4954A034.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAD3E01C0-0917-45EE-8134-D80C22B1D0DD.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSAF165E2F-5209-4BC5-980F-8D18A8A6A34C.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB3B03B92-4FF5-4838-9E74-010DB2B354B4.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB50A5237-8A75-4FF4-81A6-B4C0225834AD.tmp"
Sun 30 Nov 2008 65,536 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB5CEB68F-5E04-4ACC-B479-3B56F86ED9C9.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB6C07601-E3A5-4A13-AFF5-CD82009D40BA.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSB6D98954-23BF-48DC-B0A2-1979B7CE2223.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBB422A21-B092-4AB1-8509-D36DF6683FCC.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBC9EEA73-954D-4144-B2B0-9996063BC10F.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBE685A8F-44BB-409E-A303-36424899D5F8.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSBF86A5C9-05DE-40E4-944A-FA3413D80402.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC1517B49-B98C-46D4-8DD9-4FB3B2AA3B51.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC3DFC05E-058D-4BDB-9596-5C855850489F.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC3BAA02B-6301-469C-9A52-AE7CA3263BBC.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC399465A-3453-4D56-A227-B1C05687F559.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC7D89F2F-26C4-4596-B014-E6CB265BD65C.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSC8E96B44-EB2E-4BED-8DA5-24E70D815336.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSCE6375F8-67F3-481B-863B-C1DAFFF1DC48.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD16770CD-2009-41D9-9F3B-2D044311C637.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSD212F882-B133-4F2A-BD69-66CE9737E074.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDA7EBCE1-16E0-4D5E-8C8D-4D2CB9CE12F0.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSDE277DFE-E559-4EB3-9D0E-1C0A752E019A.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE12630F3-64C3-48D9-9D84-97FB06682A88.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE2DCC3B3-0C62-4E4D-BD70-04335DEFB687.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE5259B20-2B45-4B68-BB93-3ACD8D36E455.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE601BEAA-87F0-4AAC-85EB-C8B3CA8CB9FB.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSE99019E0-B321-4F80-ADF5-F5F9E6E8B928.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFA969120-27F9-4B6A-B8EE-AB7EF5BC835B.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFC2B0E0A-77C5-4163-B4B8-712FCD9B77BB.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFCA61118-2898-4834-8F8B-078A40DB9970.tmp"
Sun 30 Nov 2008 0 A..H. --- "C:\WINDOWS\Temp\wrstemp\SSMSFE9B0213-B7C5-448B-8223-287340FDBC74.tmp"
Mon 20 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

2. ComboFix:

ComboFix 08-11-30.01 - Sederstrom 2008-11-30 23:41:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1257 [GMT -6:00]
Running from: c:\documents and settings\Sederstrom\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sederstrom\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\windows\system32\bincaz.dll
c:\windows\system32\dgdxeexg.ini
c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\drivers\core.cache(3).dsk
c:\windows\system32\gptica.dll
c:\windows\system32\gxeexdgd.dll
c:\windows\system32\kcjxjlwv.dll
c:\windows\system32\mpg4c32.dll
c:\windows\system32\QsDKmUtv.ini
c:\windows\system32\QsDKmUtv.ini2
c:\windows\system32\svm
c:\windows\system32\u2
c:\windows\system32\ustiosrx.ini
c:\windows\system32\winpfz33.sys
c:\windows\system32\wvfdkcdk.dll
c:\windows\system32\xrsoitsu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 23:07 . 2008-11-30 23:46 114,688 --a------ c:\windows\system32\chg.exe
2008-11-30 22:59 . 2008-11-30 22:59 <DIR> d-------- c:\windows\ERUNT
2008-11-30 22:49 . 2008-11-30 23:12 <DIR> d-------- C:\SDFix
2008-11-21 12:09 . 2008-11-21 12:09 <DIR> d-------- c:\program files\Trend Micro
2008-11-20 17:39 . 2008-11-20 17:40 127 --a------ c:\windows\system32\MRT.INI
2008-11-20 17:34 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 17:33 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-20 17:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-20 14:52 . 2008-11-20 14:52 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-20 14:52 . 2008-11-20 14:52 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-20 14:46 . 2008-11-20 14:46 <DIR> d-------- c:\windows\system32\logs
2008-11-20 14:43 . 2008-11-20 14:43 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\BitDefender
2008-11-20 14:41 . 2008-11-20 14:42 <DIR> d-------- c:\program files\BitDefender
2008-11-20 14:41 . 2008-11-20 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-11-20 14:39 . 2008-11-20 14:42 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-11-20 02:29 . 2008-11-20 02:29 <DIR> d-------- C:\VundoFix Backups
2008-11-20 01:36 . 2008-11-30 23:50 <DIR> d-------- c:\program files\SpyZooka
2008-11-20 01:35 . 2008-11-20 01:35 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-11-20 00:31 . 2008-11-20 00:31 <DIR> d-------- c:\program files\Lavasoft
2008-11-20 00:31 . 2008-11-20 00:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-19 22:15 . 2008-11-19 22:15 775,168 --a------ c:\windows\is-QGESV.exe
2008-11-19 22:15 . 2008-11-19 22:15 10,194 --a------ c:\windows\is-QGESV.msg
2008-11-19 22:15 . 2008-11-19 22:15 277 --a------ c:\windows\is-QGESV.lst
2008-11-19 20:03 . 2008-11-19 20:04 <DIR> d-------- c:\program files\Google
2008-11-18 12:54 . 2008-11-18 12:54 <DIR> d-------- c:\program files\Microsoft Baseline Security Analyzer 2
2008-11-18 12:54 . 2008-11-18 12:56 <DIR> d-------- c:\documents and settings\Sederstrom\SecurityScans
2008-11-18 12:51 . 2008-11-18 12:51 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-18 12:49 . 2008-11-18 12:50 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-18 12:46 . 2008-11-19 19:32 <DIR> d-------- c:\program files\NOS
2008-11-18 12:46 . 2008-11-19 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-09 19:06 . 2008-11-09 19:06 <DIR> d-------- c:\program files\Webroot
2008-11-09 19:06 . 2008-11-09 19:06 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\Webroot
2008-11-09 19:06 . 2008-11-09 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-11-09 19:06 . 2008-11-20 14:43 <DIR> d-------- C:\Binaries
2008-11-09 19:06 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-11-09 15:41 . 2008-11-09 16:34 227 --a------ c:\windows\wininit.ini
2008-11-09 15:33 . 2008-11-19 22:10 164 --a------ C:\install.dat
2008-11-09 10:59 . 2008-11-18 12:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 10:59 . 2008-11-18 12:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 10:50 . 2008-11-09 10:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Wyzo
2008-11-09 10:50 . 2008-11-09 10:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\.wyzo
2008-11-09 10:46 . 2008-11-09 22:35 <DIR> d--hs---- c:\windows\U2VkZXJzdHJvbQ
2008-11-09 10:46 . 2008-11-20 13:28 <DIR> d-------- c:\windows\system32\sX3i02
2008-11-09 10:46 . 2008-11-09 10:46 <DIR> d-------- c:\windows\system32\prt
2008-11-09 10:46 . 2008-11-09 10:46 <DIR> d-------- c:\windows\system32\db
2008-11-09 10:46 . 2008-11-09 22:35 <DIR> d-------- c:\windows\system32\AX5
2008-11-09 10:46 . 2008-11-09 10:46 <DIR> d-------- c:\temp\PRE45
2008-11-09 10:46 . 2008-11-30 23:10 <DIR> d-------- C:\Temp
2008-11-09 10:35 . 2008-11-09 10:35 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\.wyzo
2008-11-09 10:25 . 2008-11-24 22:30 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\LimeWire
2008-11-09 10:24 . 2008-11-09 10:24 <DIR> d-------- c:\windows\Sun
2008-11-09 10:24 . 2008-11-09 10:24 <DIR> d-------- c:\program files\Sun
2008-11-09 10:24 . 2008-11-09 10:24 <DIR> d-------- c:\program files\Java
2008-11-09 10:24 . 2008-11-09 10:24 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-09 10:24 . 2008-11-09 10:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-09 10:21 . 2008-11-09 10:22 <DIR> d-------- c:\program files\LimeWire
2008-11-09 09:17 . 2008-11-09 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-09 09:16 . 2008-11-09 10:16 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-11-09 09:16 . 2008-11-09 10:16 <DIR> d-------- c:\program files\AVS4YOU
2008-11-09 09:16 . 2007-09-27 15:22 524,288 --a------ c:\windows\system32\xvidcore.dll
2008-11-09 09:16 . 2007-09-27 15:22 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2008-11-09 09:16 . 2003-05-22 00:50 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-09 09:16 . 2007-09-27 15:22 139,264 --a------ c:\windows\system32\xvidvfw.dll
2008-11-09 09:16 . 2003-05-22 00:50 82,944 --a------ c:\windows\system32\vct3216.acm
2008-11-09 09:16 . 2004-02-04 22:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2008-11-09 09:16 . 2004-09-06 17:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-09 09:16 . 2003-05-22 00:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2008-11-09 09:16 . 2003-05-21 13:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-11-09 09:16 . 2000-03-14 21:55 13,239 --a------ c:\windows\system32\Scg726.acm
2008-11-08 22:53 . 2008-11-08 22:53 <DIR> d-------- C:\DECCHECK
2008-11-08 22:46 . 2008-11-08 22:46 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\Apple Computer
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\program files\iTunes
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\program files\iPod
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\program files\Bonjour
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-08 22:45 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-08 22:45 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-08 22:44 . 2008-11-08 22:45 <DIR> d-------- c:\program files\QuickTime
2008-11-08 22:44 . 2008-11-08 22:44 <DIR> d-------- c:\program files\Apple Software Update
2008-11-08 22:44 . 2008-11-08 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-08 22:43 . 2008-11-08 22:43 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-08 22:43 . 2008-11-08 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-08 19:32 . 2008-11-08 19:32 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\DivX
2008-11-08 19:30 . 2008-11-08 19:31 <DIR> d-------- c:\program files\DivX
2008-11-07 22:46 . 2008-11-07 22:46 376 --a------ c:\windows\ODBC.INI
2008-11-07 22:45 . 2008-11-07 22:46 <DIR> d-------- c:\windows\ShellNew
2008-11-05 21:51 . 2008-10-20 00:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-11-05 21:51 . 2008-11-09 14:20 <DIR> d-------- c:\documents and settings\Administrator
2008-11-05 21:38 . 2008-11-05 21:38 <DIR> d-------- c:\program files\Windows Mobile Device Handbook
2008-11-05 21:38 . 2008-11-07 22:46 <DIR> d-------- c:\program files\Microsoft ActiveSync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 22:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 22:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 22:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-10-30 05:35 --------- d-----w c:\documents and settings\Sederstrom\Application Data\acccore
2008-10-30 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-10-30 05:34 --------- d-----w c:\program files\Viewpoint
2008-10-30 05:34 --------- d-----w c:\program files\Common Files\AOL
2008-10-30 05:34 --------- d-----w c:\program files\AIM6
2008-10-30 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-30 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-30 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-10-29 05:10 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Windows Search
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 17:48 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Windows Desktop Search
2008-10-20 17:47 --------- d-----w c:\program files\Windows Desktop Search
2008-10-20 17:44 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-20 17:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 16:53 --------- d-----w c:\program files\MSXML 4.0
2008-10-20 06:50 --------- d-----w c:\program files\Synaptics
2008-10-20 06:50 --------- d-----w c:\program files\HPQ
2008-10-20 06:48 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-20 06:48 21,361 ----a-w c:\windows\AegisP.sys
2008-10-20 06:48 --------- d-----w c:\program files\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-10-20 06:47 --------- d-----w c:\program files\Hewlett-Packard
2008-10-20 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-20 06:40 155,136 ----a-w c:\windows\system32\imapihp.exe
2008-10-20 06:39 753,664 ----a-w c:\windows\system32\bcm1xsup.dll
2008-10-20 06:39 724,992 ----a-w c:\windows\system32\BCMLogon.dll
2008-10-20 06:39 69,632 ----a-w c:\windows\system32\bcmwlpkt.dll
2008-10-20 06:39 65,536 ----a-w c:\windows\system32\wltrynt.dll
2008-10-20 06:39 33,664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
2008-10-20 06:39 24,064 ----a-w c:\windows\system32\WLTRYSVC.EXE
2008-10-20 06:39 2,682,880 ----a-w c:\windows\system32\vcredist_x86.exe
2008-10-20 06:39 2,670,592 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL
2008-10-20 06:39 196,608 ----a-w c:\windows\system32\bcmwlu00.exe
2008-10-20 06:39 139,264 ----a-w c:\windows\system32\preflib.dll
2008-10-20 06:39 1,839,104 ----a-w c:\windows\system32\WLTRAY.EXE
2008-10-20 06:39 1,576,960 ----a-w c:\windows\system32\BCMWLTRY.EXE
2008-10-20 06:38 --------- d-----w c:\program files\ATI Technologies
2008-10-20 06:31 --------- d-----w c:\program files\Analog Devices
2008-10-20 06:25 --------- d-----w c:\program files\CONEXANT
2008-10-20 06:22 --------- d-----w c:\program files\TIVistadriver
2008-10-20 06:21 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-20 06:21 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-10-20 06:20 --------- d-----w c:\documents and settings\Sederstrom\Application Data\InstallShield
2008-10-20 06:16 --------- d-----w c:\program files\ActivIdentity
2008-10-20 06:14 --------- d-----w c:\program files\ProtectTools
2008-10-20 06:14 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Infineon
2008-10-20 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Infineon
2008-10-20 06:13 --------- d-----w c:\documents and settings\Sederstrom\Application Data\hpqLog
2008-10-20 06:09 --------- d-----w c:\program files\Fingerprint Sensor
2008-10-20 06:07 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-20 06:03 --------- d-----w c:\documents and settings\Sederstrom\Application Data\SampleView
2008-10-20 05:55 --------- d-----w c:\documents and settings\Sederstrom\Application Data\ATI
2008-10-20 05:38 --------- d-----w c:\program files\Broadcom
2008-10-20 04:31 --------- d-----w c:\program files\Microsoft Broadband Networking
2008-10-20 03:49 --------- d-----w c:\program files\microsoft frontpage
2008-10-17 20:01 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-09 21:31 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll
2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe
2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Google Update"="c:\documents and settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-19 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]
"SpyZooka"="c:\program files\SpyZooka\SpyZookaLdr.exe" [2007-04-06 39656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"accrdsub"="c:\program files\ActivIdentity\ActivClient Mini\accrdsub.exe" [2006-04-20 176128]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-20 1839104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-10-27 241726]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\Sederstrom\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-07-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - c:\windows\Installer\{06B2B442-19FE-4398-BD4B-F5C00928DD8E}\_18be6784.exe [2008-10-19 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~1\SpyZooka\spyguard.dll" [2005-05-07 173568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2006-04-27 14:43 98304 c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2006-04-14 14:55 94208 c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 07:19 49152 c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 14:08 434176 c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 acachsrv;ActivClient Authentication Service;"c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe" [2006-04-12 81920]
R2 accoca;ActivClient Middleware Service;"c:\program files\ActivIdentity\ActivClient Mini\accoca.exe" [2006-05-02 135168]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-09-04 82440]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-29 24652]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-11-09 1086840]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-10-17 104328]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2008-10-20 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
S1 updatee;updatee;c:\windows\system32\drivers\updatee.sys []
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-04-30 172131]
S3 tcpip_patcher;tcpip_patcher;\??\c:\progra~1\wyzo\extensions\firetorrent@wyzo.com\components\tcpip_patcher.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6c6ac0-9e5d-11dd-a8ad-ed90c954bd9c}]
\Shell\AutoRun\command - F:\PortableVault.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 20:00]

2008-11-28 c:\windows\Tasks\wrSpySweeper_L1B68ECA27F834E2893E6FB0B9CB85CE4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2008-11-28 c:\windows\Tasks\wrSpySweeper_L1B68ECA27F834E2893E6FB0B9CB85CE4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2008-11-28 c:\windows\Tasks\wrSpySweeper_L1B68ECA27F834E2893E6FB0B9CB85CE4.job
- c:\","d:\" []
.
- - - - ORPHANS REMOVED - - - -

BHO-{03D28BAC-96F4-4D96-92A3-A13CA1CDFE19} - (no file)
BHO-{209D8AB7-2A79-4CF9-822A-C485B8527B12} - (no file)
BHO-{7e204661-c5a2-69ea-8847-7b4ce940718b} - (no file)
BHO-{8BE07411-8AFD-4A69-9B3A-AA72F7E88AEB} - c:\windows\system32\vtUmKDsQ.dll
BHO-{9436f9b0-c6df-4782-962f-0ba3c1404883} - (no file)
BHO-{97d3dd68-eaf5-4ea3-a4f8-7d75af734496} - c:\windows\system32\bincaz.dll
BHO-{B58C9513-8896-4A6A-9BA8-0FBA3423F821} - (no file)
BHO-{D5FEC5A9-F8C1-46BF-B256-8E3B08D607E0} - (no file)
BHO-{EDAB0B84-5DA2-44C8-9E97-7370B0EC2FEF} - (no file)
BHO-{F9A6BAD0-2350-4D09-88A2-1633426621AE} - (no file)
ShellExecuteHooks-{B58C9513-8896-4A6A-9BA8-0FBA3423F821} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Sederstrom\Application Data\Mozilla\Firefox\Profiles\a8alzwr6.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 23:48:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acauth.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\windows\system32\xenroll.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\IFXTCSps.dll
c:\program files\ProtectTools\Embedded Security Software\IfxSpURsUS.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\ProtectTools\Embedded Security Software\IfxTRsUS.dll
c:\program files\ProtectTools\Embedded Security Software\IfxTrsMs.dll
c:\windows\system32\capicom.dll
c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\IfxWlxEN.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\searchindexer.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Microsoft Broadband Networking\MSBNTray.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2008-11-30 23:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 05:53:26

Pre-Run: 87,843,676,160 bytes free
Post-Run: 87,918,653,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

473 --- E O F --- 2008-10-30 05:32:54

3. A fresh HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:16 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\Sminst\Recguard.exe"
O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Scheduler] "C:\WINDOWS\SMINST\Scheduler.exe"
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [CognizanceTS] "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] "C:\WINDOWS\system32\AccelerometerSt.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpyZooka] "C:\Program Files\SpyZooka\SpyZookaLdr.exe"
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient Mini\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient Mini\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 13502 bytes


I hope I did everything correctly, thanks for all of your help. Charlie

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 01 December 2008 - 01:30 AM

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\chg.exe
      c:\windows\is-QGESV.exe
      c:\windows\is-QGESV.msg
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.



NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
updatee
Viewpoint Manager Service

File::
c:\windows\system32\drivers\updatee.sys

Folder::
c:\program files\Viewpoint

DirLook::
c:\windows\U2VkZXJzdHJvbQ
c:\windows\system32\sX3i02
c:\windows\system32\prt
c:\windows\system32\db
c:\windows\system32\AX5
c:\temp\PRE45
c:\documents and settings\Sederstrom\Application Data\.wyzo
c:\documents and settings\LocalService\Application Data\.wyzo
c:\documents and settings\LocalService\Application Data\Wyzo

SysRst::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • VirScan.org
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 ChuckSeders

ChuckSeders
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 01 December 2008 - 02:00 PM

I think this is the VirScan.org portion that you needed:

VirSCAN of c:\windows\system32\chg.exe

VirSCAN.org Scanned Report :
Scanned time : 2008/10/02 18:38:49 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : sgswpu.exe
File Size : 19456 byte
File Type : data
MD5 : d82d6a77ed67e5fa62e8cee9a2073e4b
SHA1 : 7d9fb08dfd4a1a6c52d54ad00a715e4bfef3e330
Online report : http://virscan.org/report/95fd1bfcb475a0ac...c5c164dbc4.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.14 2008.10.02 2008-10-02 1.42 -
AhnLab V3 2008.10.02.01 2008.10.02 2008-10-02 0.91 -
AntiVir 7.8.1.34 7.0.6.241 2008-10-02 2.34 -
Arcavir 1.0.5 200810021817 2008-10-02 1.20 -
Authentium 5.1.1 200810012118 2008-10-01 0.01 -
AVAST! 3.0.1 081002-0 2008-10-02 0.69 -
AVG 7.5.52.442 270.7.5/1703 2008-10-02 1.59 -
BitDefender 7.60825.1831294 7.21145 2008-10-03 3.10 -
CA (VET) 9.0.0.143 31.6.6125 2008-10-02 5.38 -
ClamAV 0.94 8372 2008-10-02 0.01 -
Comodo 2.11 2.0.0.664 2008-10-02 0.40 -
CP Secure 1.1.0.715 2008.10.02 2008-10-02 5.95 -
Dr.Web 4.44.0.9170 2008.10.02 2008-10-02 3.25 -
ewido 4.0.0.2 2008.10.02 2008-10-02 2.78 -
F-Prot 4.4.4.56 20081002 2008-10-02 1.01 -
F-Secure 5.51.6100 2008.10.03.01 2008-10-03 3.46 -
Fortinet 2.81-3.113 9.610 2008-10-02 0.15 -
ViRobot 20081002 2008.10.02 2008-10-02 0.40 -
Ikarus T3.1.01.34 2008.10.02.71570 2008-10-02 3.39 -
JiangMin 11.0.706 2008.10.02 2008-10-02 1.22 -
Kaspersky 5.5.10 2008.10.02 2008-10-02 0.02 -
KingSoft 2008.9.8.18 2008.10.2.18 2008-10-02 0.62 -
McAfee 5.3.00 5397 2008-10-02 1.99 -
Microsoft 1.4005 2008.10.02 2008-10-02 3.85 -
mks_vir 2.01 2008.10.03 2008-10-03 2.58 -
Norman 5.93.01 5.93.00 2008-10-02 5.03 -
Panda 9.05.01 2008.10.02 2008-10-02 2.14 -
Trend Micro 8.700-1004 5.576.11 2008-10-02 0.02 -
Quick Heal 9.50 2008.10.01 2008-10-01 1.79 -
Rising 20.0 20.63.62.00 2008-09-28 0.25 -
Sophos 2.79.0 4.34 2008-10-03 1.71 -
Sunbelt 3.1.1675.1 2261 2008-09-26 0.41 -
Symantec 1.3.0.24 20081002.004 2008-10-02 0.07 -
nProtect 2008-10-02.00 2194932 2008-10-02 4.14 -
The Hacker 6.3.1.0 v00099 2008-10-02 0.41 -
VBA32 3.12.8.6 20081001.2041 2008-10-01 1.22 -
VirusBuster 4.5.11.10 10.89.5/633834 2008-10-02 0.82 -

VirScan of c:\windows\is-QGESV.exe

VirSCAN.org Scanned Report :
Scanned time : 2008/11/26 13:51:28 (CST)
Scanner results: All Scanners reported not find malware!
File Name : is-LHFKP.exe
File Size : 775168 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 9bd0dc2d4c0ddda3d37733e3d45a3aaa
SHA1 : 7d81ae5fbf367b2592bb2d27bcdd6d9e7469f3be
Online report : http://virscan.org/report/1a8ddcdb420714d1...93dbccf1f6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.26 20081126233104 2008-11-26 4.36 -
AhnLab V3 2008.11.26.03 2008.11.26 2008-11-26 1.09 -
AntiVir 7.9.0.35 7.1.0.143 2008-11-26 1.58 -
Antiy 2.0.18 20081126.1749264 2008-11-26 0.12 -
Arcavir 1.0.5 200811231052 2008-11-23 1.33 -
Authentium 5.1.1 200811260609 2008-11-26 1.18 -
AVAST! 3.0.1 081126-0 2008-11-26 0.07 -
AVG 7.5.52.442 270.9.10/1813 2008-11-26 1.78 -
BitDefender 7.81008.2265781 7.22104 2008-11-27 2.19 -
CA (VET) 9.0.0.143 31.6.6228 2008-11-25 5.87 -
ClamAV 0.94.1 8684 2008-11-26 0.21 -
Comodo 2.11 2.0.0.712 2008-11-20 0.50 -
CP Secure 1.1.0.715 2008.11.27 2008-11-27 6.61 -
Dr.Web 4.44.0.9170 2008.11.26 2008-11-26 3.87 -
ewido 4.0.0.2 2008.11.26 2008-11-26 4.08 -
F-Prot 4.4.4.56 20081125 2008-11-25 1.19 -
F-Secure 5.51.6100 2008.11.26.08 2008-11-26 0.09 -
Fortinet 2.81-3.117 9.747 2008-11-26 0.27 -
GData 19.1680/19.123 20081126 2008-11-26 2.78 -
ViRobot 20081126 2008.11.26 2008-11-26 0.42 -
Ikarus T3.1.01.45 2008.11.26.71916 2008-11-26 3.58 -
JiangMin 11.0.706 2008.11.26 2008-11-26 2.28 -
Kaspersky 5.5.10 2008.11.26 2008-11-26 0.06 -
KingSoft 2008.9.8.18 2008.11.26.20 2008-11-26 0.70 -
McAfee 5.3.00 5446 2008-11-26 2.63 -
Microsoft 1.4104 2008.11.26 2008-11-26 4.42 -
mks_vir 2.01 2008.11.17 2008-11-17 2.72 -
Norman 5.93.01 5.93.00 2008-11-26 5.48 -
Panda 9.05.01 2008.11.25 2008-11-25 3.39 -
Trend Micro 8.700-1004 5.678.07 2008-11-26 0.03 -
Quick Heal 10.00 2008.11.26 2008-11-26 1.03 -
Rising 20.0 21.05.22.00 2008-11-26 2.14 -
Sophos 2.80.0 4.35 2008-11-27 2.12 -
Sunbelt 4474 4474 2008-11-04 1.76 -
Symantec 1.3.0.24 20081126.003 2008-11-26 0.23 -
nProtect 2008-11-26.00 2629064 2008-11-26 3.25 -
The Hacker 6.3.1.1 v00163 2008-11-25 0.57 -
VBA32 3.12.8.9 20081126.1036 2008-11-26 1.79 -
VirusBuster 4.5.11.10 10.94.7/729311 2008-11-26 1.65 -

VirScan of c:\windows\is-QGESV.msg

VirSCAN.org Scanned Report :
Scanned time : 2008/12/01 12:16:28 (CST)
Scanner results: All Scanners reported not find malware!
File Name : is-QGESV.msg
File Size : 10194 byte
File Type : data
MD5 : d2813196d9e8a3a41d20a3a2fdd84859
SHA1 : 5c4d2930585407ccbd6abe506f10495a87882c5e
Online report : http://virscan.org/report/9256cd07dacc23e7...372dd8ab50.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.27 20081202013306 2008-12-02 3.15 -
AhnLab V3 2008.12.02.00 2008.12.02 2008-12-02 1.07 -
AntiVir 7.9.0.36 7.1.0.169 2008-12-01 1.58 -
Antiy 2.0.18 20081201.1772504 2008-12-01 0.12 -
Arcavir 1.0.5 200811291125 2008-11-29 1.21 -
Authentium 5.1.1 200812011629 2008-12-01 1.02 -
AVAST! 3.0.1 081130-0 2008-11-30 0.74 -
AVG 7.5.52.442 270.9.12/1822 2008-12-01 1.73 -
BitDefender 7.81008.2312248 7.22224 2008-12-02 2.13 -
CA (VET) 9.0.0.143 31.6.6234 2008-11-28 2.32 -
ClamAV 0.94.1 8704 2008-12-02 0.00 -
Comodo 2.11 2.0.0.712 2008-11-20 1.62 -
CP Secure 1.1.0.715 2008.12.01 2008-12-01 5.92 -
Dr.Web 4.44.0.9170 2008.12.01 2008-12-01 3.62 -
ewido 4.0.0.2 2008.12.01 2008-12-01 3.39 -
F-Prot 4.4.4.56 20081201 2008-12-01 1.04 -
F-Secure 5.51.6100 2008.12.01.03 2008-12-01 0.03 -
Fortinet 2.81-3.117 9.765 2008-12-01 0.18 -
GData 19.1760/19.130 20081201 2008-12-01 2.79 -
ViRobot 20081129 2008.11.29 2008-11-29 0.41 -
Ikarus T3.1.01.45 2008.12.01.71941 2008-12-01 3.70 -
JiangMin 11.0.706 2008.12.01 2008-12-01 2.06 -
Kaspersky 5.5.10 2008.12.01 2008-12-01 0.03 -
KingSoft 2008.9.8.18 2008.12.1.20 2008-12-01 1.41 -
McAfee 5.3.00 5451 2008-12-01 2.51 -
Microsoft 1.4104 2008.12.01 2008-12-01 4.14 -
mks_vir 2.01 2008.12.01 2008-12-01 2.62 -
Norman 5.93.01 5.93.00 2008-12-01 5.81 -
Panda 9.05.01 2008.11.30 2008-11-30 3.64 -
Trend Micro 8.700-1004 5.684.09 2008-12-01 0.02 -
Quick Heal 10.00 2008.12.01 2008-12-01 0.91 -
Rising 20.0 21.06.02.00 2008-12-01 0.65 -
Sophos 2.81.2 4.36 2008-12-02 1.92 -
Sunbelt 4674 4674 2008-11-04 0.51 -
Symantec 1.3.0.24 20081201.006 2008-12-01 0.20 -
nProtect 2008-12-01.00 2632093 2008-12-01 4.82 -
The Hacker 6.3.1.1 v00169 2008-11-29 0.43 -
VBA32 3.12.8.9 20081201.0945 2008-12-01 1.36 -
VirusBuster 4.5.11.10 10.94.12/729518 2008-12-01 0.92 -

Here is the Combofix.txt

ComboFix 08-11-30.02 - Sederstrom 2008-12-01 12:43:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270 [GMT -6:00]
Running from: c:\documents and settings\Sederstrom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sederstrom\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\drivers\updatee.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UPDATEE
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_updatee
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 22:59 . 2008-11-30 22:59 <DIR> d-------- c:\windows\ERUNT
2008-11-30 22:49 . 2008-11-30 23:59 <DIR> d-------- C:\SDFix
2008-11-21 12:09 . 2008-11-21 12:09 <DIR> d-------- c:\program files\Trend Micro
2008-11-20 17:39 . 2008-11-20 17:40 127 --a------ c:\windows\system32\MRT.INI
2008-11-20 17:34 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 17:33 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-20 17:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-20 14:52 . 2008-11-20 14:52 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-20 14:52 . 2008-11-20 14:52 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-20 14:46 . 2008-11-20 14:46 <DIR> d-------- c:\windows\system32\logs
2008-11-20 14:43 . 2008-11-20 14:43 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\BitDefender
2008-11-20 14:41 . 2008-11-20 14:42 <DIR> d-------- c:\program files\BitDefender
2008-11-20 14:41 . 2008-11-20 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-11-20 14:39 . 2008-11-20 14:42 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-11-20 02:29 . 2008-11-20 02:29 <DIR> d-------- C:\VundoFix Backups
2008-11-20 01:36 . 2008-11-30 23:50 <DIR> d-------- c:\program files\SpyZooka
2008-11-20 01:35 . 2008-11-20 01:35 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-11-20 00:31 . 2008-11-20 00:31 <DIR> d-------- c:\program files\Lavasoft
2008-11-20 00:31 . 2008-11-20 00:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-20 00:29 . 2008-11-20 00:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-19 22:15 . 2008-11-19 22:15 775,168 --a------ c:\windows\is-QGESV.exe
2008-11-19 22:15 . 2008-11-19 22:15 10,194 --a------ c:\windows\is-QGESV.msg
2008-11-19 22:15 . 2008-11-19 22:15 277 --a------ c:\windows\is-QGESV.lst
2008-11-19 20:03 . 2008-11-19 20:04 <DIR> d-------- c:\program files\Google
2008-11-18 12:54 . 2008-11-18 12:54 <DIR> d-------- c:\program files\Microsoft Baseline Security Analyzer 2
2008-11-18 12:54 . 2008-11-18 12:56 <DIR> d-------- c:\documents and settings\Sederstrom\SecurityScans
2008-11-18 12:51 . 2008-11-18 12:51 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-18 12:49 . 2008-11-18 12:50 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-18 12:46 . 2008-11-19 19:32 <DIR> d-------- c:\program files\NOS
2008-11-18 12:46 . 2008-11-19 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-09 19:06 . 2008-11-09 19:06 <DIR> d-------- c:\program files\Webroot
2008-11-09 19:06 . 2008-11-09 19:06 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\Webroot
2008-11-09 19:06 . 2008-11-09 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-11-09 19:06 . 2008-11-20 14:43 <DIR> d-------- C:\Binaries
2008-11-09 19:06 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-11-09 15:41 . 2008-11-09 16:34 227 --a------ c:\windows\wininit.ini
2008-11-09 15:33 . 2008-11-19 22:10 164 --a------ C:\install.dat
2008-11-09 10:59 . 2008-11-18 12:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-09 10:59 . 2008-11-18 12:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 10:50 . 2008-11-09 10:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Wyzo
2008-11-09 10:50 . 2008-11-09 10:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\.wyzo
2008-11-09 10:46 . 2008-11-09 22:35 <DIR> d--hs---- c:\windows\U2VkZXJzdHJvbQ
2008-11-09 10:46 . 2008-11-20 13:28 <DIR> d-------- c:\windows\system32\sX3i02
2008-11-09 10:46 . 2008-11-09 10:46 <DIR> d-------- c:\windows\system32\prt
2008-11-09 10:46 . 2008-11-09 10:46 <DIR> d-------- c:\windows\system32\db
2008-11-09 10:46 . 2008-11-09 22:35 <DIR> d-------- c:\windows\system32\AX5
2008-11-09 10:46 . 2008-11-09 10:46 <DIR> d-------- c:\temp\PRE45
2008-11-09 10:46 . 2008-11-30 23:10 <DIR> d-------- C:\Temp
2008-11-09 10:35 . 2008-11-09 10:35 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\.wyzo
2008-11-09 10:25 . 2008-11-24 22:30 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\LimeWire
2008-11-09 10:24 . 2008-11-09 10:24 <DIR> d-------- c:\windows\Sun
2008-11-09 10:24 . 2008-11-09 10:24 <DIR> d-------- c:\program files\Sun
2008-11-09 10:24 . 2008-11-09 10:24 <DIR> d-------- c:\program files\Java
2008-11-09 10:24 . 2008-11-09 10:24 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-09 10:24 . 2008-11-09 10:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-09 10:21 . 2008-11-09 10:22 <DIR> d-------- c:\program files\LimeWire
2008-11-09 09:17 . 2008-11-09 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-09 09:16 . 2008-11-09 10:16 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-11-09 09:16 . 2008-11-09 10:16 <DIR> d-------- c:\program files\AVS4YOU
2008-11-09 09:16 . 2007-09-27 15:22 524,288 --a------ c:\windows\system32\xvidcore.dll
2008-11-09 09:16 . 2007-09-27 15:22 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2008-11-09 09:16 . 2003-05-22 00:50 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-09 09:16 . 2007-09-27 15:22 139,264 --a------ c:\windows\system32\xvidvfw.dll
2008-11-09 09:16 . 2003-05-22 00:50 82,944 --a------ c:\windows\system32\vct3216.acm
2008-11-09 09:16 . 2004-02-04 22:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2008-11-09 09:16 . 2004-09-06 17:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-09 09:16 . 2003-05-22 00:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2008-11-09 09:16 . 2003-05-21 13:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-11-09 09:16 . 2000-03-14 21:55 13,239 --a------ c:\windows\system32\Scg726.acm
2008-11-08 22:53 . 2008-11-08 22:53 <DIR> d-------- C:\DECCHECK
2008-11-08 22:46 . 2008-11-08 22:46 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\Apple Computer
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\program files\iTunes
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\program files\iPod
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\program files\Bonjour
2008-11-08 22:45 . 2008-11-08 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-08 22:45 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-08 22:45 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-08 22:44 . 2008-11-08 22:45 <DIR> d-------- c:\program files\QuickTime
2008-11-08 22:44 . 2008-11-08 22:44 <DIR> d-------- c:\program files\Apple Software Update
2008-11-08 22:44 . 2008-11-08 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-08 22:43 . 2008-11-08 22:43 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-08 22:43 . 2008-11-08 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-08 19:32 . 2008-11-08 19:32 <DIR> d-------- c:\documents and settings\Sederstrom\Application Data\DivX
2008-11-08 19:30 . 2008-11-08 19:31 <DIR> d-------- c:\program files\DivX
2008-11-07 22:46 . 2008-11-07 22:46 376 --a------ c:\windows\ODBC.INI
2008-11-07 22:45 . 2008-11-07 22:46 <DIR> d-------- c:\windows\ShellNew
2008-11-05 21:51 . 2008-10-20 00:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-11-05 21:51 . 2008-11-09 14:20 <DIR> d-------- c:\documents and settings\Administrator
2008-11-05 21:38 . 2008-11-05 21:38 <DIR> d-------- c:\program files\Windows Mobile Device Handbook
2008-11-05 21:38 . 2008-11-07 22:46 <DIR> d-------- c:\program files\Microsoft ActiveSync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 22:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 22:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 22:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-10-30 05:35 --------- d-----w c:\documents and settings\Sederstrom\Application Data\acccore
2008-10-30 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-10-30 05:34 --------- d-----w c:\program files\Common Files\AOL
2008-10-30 05:34 --------- d-----w c:\program files\AIM6
2008-10-30 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-30 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-30 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-10-29 05:10 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Windows Search
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 17:48 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Windows Desktop Search
2008-10-20 17:47 --------- d-----w c:\program files\Windows Desktop Search
2008-10-20 17:44 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-20 17:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 16:53 --------- d-----w c:\program files\MSXML 4.0
2008-10-20 06:50 --------- d-----w c:\program files\Synaptics
2008-10-20 06:50 --------- d-----w c:\program files\HPQ
2008-10-20 06:48 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-20 06:48 21,361 ----a-w c:\windows\AegisP.sys
2008-10-20 06:48 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\program files\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-10-20 06:48 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-10-20 06:47 --------- d-----w c:\program files\Hewlett-Packard
2008-10-20 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-10-20 06:40 155,136 ----a-w c:\windows\system32\imapihp.exe
2008-10-20 06:39 753,664 ----a-w c:\windows\system32\bcm1xsup.dll
2008-10-20 06:39 724,992 ----a-w c:\windows\system32\BCMLogon.dll
2008-10-20 06:39 69,632 ----a-w c:\windows\system32\bcmwlpkt.dll
2008-10-20 06:39 65,536 ----a-w c:\windows\system32\wltrynt.dll
2008-10-20 06:39 33,664 ----a-w c:\windows\system32\drivers\BCMWLNPF.SYS
2008-10-20 06:39 24,064 ----a-w c:\windows\system32\WLTRYSVC.EXE
2008-10-20 06:39 2,682,880 ----a-w c:\windows\system32\vcredist_x86.exe
2008-10-20 06:39 2,670,592 ----a-w c:\windows\system32\WLBCGCBPRO731.DLL
2008-10-20 06:39 196,608 ----a-w c:\windows\system32\bcmwlu00.exe
2008-10-20 06:39 139,264 ----a-w c:\windows\system32\preflib.dll
2008-10-20 06:39 1,839,104 ----a-w c:\windows\system32\WLTRAY.EXE
2008-10-20 06:39 1,576,960 ----a-w c:\windows\system32\BCMWLTRY.EXE
2008-10-20 06:38 --------- d-----w c:\program files\ATI Technologies
2008-10-20 06:31 --------- d-----w c:\program files\Analog Devices
2008-10-20 06:29 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Infineon
2008-10-20 06:25 --------- d-----w c:\program files\CONEXANT
2008-10-20 06:22 --------- d-----w c:\program files\TIVistadriver
2008-10-20 06:21 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-20 06:21 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-10-20 06:20 --------- d-----w c:\documents and settings\Sederstrom\Application Data\InstallShield
2008-10-20 06:16 --------- d-----w c:\program files\ActivIdentity
2008-10-20 06:14 --------- d-----w c:\program files\ProtectTools
2008-10-20 06:14 --------- d-----w c:\documents and settings\Sederstrom\Application Data\Infineon
2008-10-20 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Infineon
2008-10-20 06:13 --------- d-----w c:\documents and settings\Sederstrom\Application Data\hpqLog
2008-10-20 06:09 --------- d-----w c:\program files\Fingerprint Sensor
2008-10-20 06:07 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-20 06:03 --------- d-----w c:\documents and settings\Sederstrom\Application Data\SampleView
2008-10-20 05:55 --------- d-----w c:\documents and settings\Sederstrom\Application Data\ATI
2008-10-20 05:38 --------- d-----w c:\program files\Broadcom
2008-10-20 04:31 --------- d-----w c:\program files\Microsoft Broadband Networking
2008-10-20 03:49 --------- d-----w c:\program files\microsoft frontpage
2008-10-17 20:01 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-09 21:31 192,512 ----a-w c:\windows\system32\txmlutil.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll
2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe
2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\LocalService\Application Data\.wyzo ----


---- Directory of c:\documents and settings\LocalService\Application Data\Wyzo ----

2008-11-09 16:29 0 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\permissions.sqlite
2008-11-09 10:51 120 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\btdht.dat
2008-11-09 10:50 92842 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\xpti.dat
2008-11-09 10:50 8111 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\pluginreg.dat
2008-11-09 10:50 65536 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\cert8.db
2008-11-09 10:50 634 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\history.dat
2008-11-09 10:50 424 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\Settings.ini
2008-11-09 10:50 3567 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\extensions.rdf
2008-11-09 10:50 319 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\cookies.txt
2008-11-09 10:50 282 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\extensions.cache
2008-11-09 10:50 249 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\extensions.ini
2008-11-09 10:50 2048 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\search.sqlite
2008-11-09 10:50 16384 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\secmod.db
2008-11-09 10:50 16384 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\key3.db
2008-11-09 10:50 147531 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\compreg.dat
2008-11-09 10:50 146432 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\urlclassifier2.sqlite
2008-11-09 10:50 1324 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\prefs.js
2008-11-09 10:50 128 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\compatibility.ini
2008-11-09 10:50 11635 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\bookmarks.html
2008-11-09 10:50 11635 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\bookmarks.bak
2008-11-09 10:50 111 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\profiles.ini
2008-11-09 10:50 1022 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\localstore.rdf
2008-10-28 18:29 11489 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\bookmarkbackups\bookmarks-2008-11-09.html
2005-02-01 11:36 3287 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\search.rdf
2004-11-30 15:26 663 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\chrome\userContent-example.css
2004-11-30 15:26 356 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\mimeTypes.rdf
2004-11-30 15:26 1078 --a------ c:\documents and settings\LocalService\Application Data\Wyzo\Data\Profiles\k0y8fn65.default\chrome\userChrome-example.css

---- Directory of c:\documents and settings\Sederstrom\Application Data\.wyzo ----


---- Directory of c:\temp\PRE45 ----

2008-11-09 10:46 1858 --a------ c:\temp\PRE45\pG8.log

---- Directory of c:\windows\system32\AX5 ----


---- Directory of c:\windows\system32\db ----


---- Directory of c:\windows\system32\prt ----

2008-11-08 21:21 190424 --a------ c:\windows\system32\prt\PDLWI40.exe

---- Directory of c:\windows\system32\sX3i02 ----


---- Directory of c:\windows\U2VkZXJzdHJvbQ ----



((((((((((((((((((((((((((((( snapshot@2008-11-30_23.52.31.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-01 05:07:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-01 05:46:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-01 05:07:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-01 05:46:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-01 18:49:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_928.dat
- 2008-12-01 05:49:11 3,652 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
+ 2008-12-01 18:49:52 3,652 ----a-w c:\windows\Temp\wrstemp\S-1-5-18.dat
- 2008-12-01 05:49:11 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
+ 2008-12-01 18:49:52 4,182 ----a-w c:\windows\Temp\wrstemp\S-1-5-19.dat
- 2008-12-01 05:49:11 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
+ 2008-12-01 18:49:52 4,250 ----a-w c:\windows\Temp\wrstemp\S-1-5-20.dat
- 2008-12-01 05:51:02 5,040 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-1957994488-1682526488-839522115-1003.dat
+ 2008-12-01 18:49:52 5,040 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-1957994488-1682526488-839522115-1003.dat
- 2008-12-01 05:49:11 4,216 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-1957994488-1682526488-839522115-500.dat
+ 2008-12-01 18:49:52 4,216 ----a-w c:\windows\Temp\wrstemp\S-1-5-21-1957994488-1682526488-839522115-500.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CHCP.bat
2008-12-01 12:40 16 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000132.bat

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\avxdisk.dll
2008-09-25 16:48 53248 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000117.dll

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\avxs.dll
2002-01-14 13:49 10240 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000118.dll

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\avxt.dll
2002-01-14 13:49 27136 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000119.dll

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\bdc.exe
2006-10-28 22:06 92160 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000120.exe

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\bdcore.dll
2008-09-25 16:49 102400 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000116.dll

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\bdupd.dll
2005-09-03 10:28 77824 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000122.dll

c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_9013\libfn.dll
2007-06-13 00:02 178176 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000123.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
2007-02-07 00:30 74240 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000019.dll

2008-10-30 17:34 39424 c:\program files\Mozilla Firefox\components\FFComm.dll
2008-10-30 17:34 39424 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000052.dll
2008-10-30 17:34 39424 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000217.dll

c:\program files\Viewpoint\Common\ViewpointService.exe
2007-01-04 15:38 24652 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000166.exe

c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
2008-02-06 18:58 262214 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000167.dll

c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
2007-03-13 09:25 217158 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000169.dll

c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
2008-02-06 18:57 114688 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000171.exe

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
2006-10-11 13:22 413766 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000172.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
2006-10-11 13:19 36864 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000173.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
2006-10-11 13:10 122948 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000174.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
2006-10-11 13:10 204868 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000175.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
2007-03-13 09:25 1282120 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000176.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
2006-10-11 13:15 774210 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000177.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
2006-10-11 13:18 725057 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000178.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
2006-10-11 13:16 725070 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000179.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
2006-10-11 13:22 249923 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000180.dll

c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
2006-10-11 13:21 770115 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000181.dll

c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
2007-04-16 11:07 180293 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000182.dll

c:\windows\system32\bincaz.dll
2008-11-20 13:46 120832 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000034.dll

c:\windows\system32\chg.exe
2008-11-30 23:07 114688 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000051.exe
2008-11-30 23:46 114688 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP3\A0000211.exe

c:\windows\system32\gptica.dll
2008-11-19 13:40 120832 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000036.dll

c:\windows\system32\gxeexdgd.dll
2008-11-20 13:40 75776 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000037.dll

c:\windows\system32\kcjxjlwv.dll
2008-11-20 13:46 120832 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000038.dll

c:\windows\system32\mpg4c32.dll
2007-09-27 15:22 413760 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000039.dll

c:\windows\system32\winpfz33.sys
2008-11-09 10:46 859 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000015.sys

c:\windows\system32\wvfdkcdk.dll
2008-11-19 13:40 120832 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000042.dll

c:\windows\system32\xrsoitsu.dll
2008-11-19 13:43 75776 {EC06A898-65D2-45C3-84EC-6482941135D9}\RP2\A0000043.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Google Update"="c:\documents and settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-19 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]
"SpyZooka"="c:\program files\SpyZooka\SpyZookaLdr.exe" [2007-04-06 39656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"accrdsub"="c:\program files\ActivIdentity\ActivClient Mini\accrdsub.exe" [2006-04-20 176128]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-20 1839104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-10-27 241726]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\Sederstrom\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-07-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - c:\windows\Installer\{06B2B442-19FE-4398-BD4B-F5C00928DD8E}\_18be6784.exe [2008-10-19 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~1\SpyZooka\spyguard.dll" [2005-05-07 173568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2006-04-27 14:43 98304 c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2006-04-14 14:55 94208 c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 07:19 49152 c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 14:08 434176 c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-10-02 29808]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 acachsrv;ActivClient Authentication Service;"c:\program files\ActivIdentity\ActivClient Mini\acachsrv.exe" [2006-04-12 81920]
R2 accoca;ActivClient Middleware Service;"c:\program files\ActivIdentity\ActivClient Mini\accoca.exe" [2006-05-02 135168]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
R2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-09-04 82440]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-11-09 1086840]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-10-17 104328]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2008-10-20 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-02-28 14336]
S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe" [2008-07-17 118784]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-04-30 172131]
S3 tcpip_patcher;tcpip_patcher;\??\c:\progra~1\wyzo\extensions\firetorrent@wyzo.com\components\tcpip_patcher.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6c6ac0-9e5d-11dd-a8ad-ed90c954bd9c}]
\Shell\AutoRun\command - F:\PortableVault.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 20:00]

2008-11-28 c:\windows\Tasks\wrSpySweeper_L1B68ECA27F834E2893E6FB0B9CB85CE4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2008-11-28 c:\windows\Tasks\wrSpySweeper_L1B68ECA27F834E2893E6FB0B9CB85CE4.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2008-11-28 c:\windows\Tasks\wrSpySweeper_L1B68ECA27F834E2893E6FB0B9CB85CE4.job
- c:\","d:\" []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:49:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1364)
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
c:\program files\ActivIdentity\ActivClient Mini\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acauth.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\windows\system32\xenroll.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\ActivIdentity\ActivClient Mini\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient Mini\Resources\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\IfxWlxEN.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\searchindexer.exe
c:\program files\ActivIdentity\ActivClient Mini\acevents.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Microsoft Broadband Networking\MSBNTray.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2008-12-01 12:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 18:55:27
ComboFix2.txt 2008-12-01 05:53:35

Pre-Run: 87,896,907,776 bytes free
Post-Run: 87,877,017,600 bytes free

571 --- E O F --- 2008-10-30 05:32:54

And here is a new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:47 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ActivIdentity\ActivClient Mini\acevents.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\Sminst\Recguard.exe"
O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Scheduler] "C:\WINDOWS\SMINST\Scheduler.exe"
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [CognizanceTS] "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient Mini\accrdsub.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] "C:\WINDOWS\system32\AccelerometerSt.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sederstrom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpyZooka] "C:\Program Files\SpyZooka\SpyZookaLdr.exe"
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient Mini\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient Mini\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient Mini\acachsrv.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient Mini\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 13223 bytes


Thanks again. Let me know if I did anything wrong and I'll try it again. I think I followed all of the instructions.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 01 December 2008 - 06:35 PM

You did just fine.. :thumbsup:


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\U2VkZXJzdHJvbQ
    c:\windows\system32\sX3i02
    c:\windows\system32\prt
    c:\windows\system32\db
    c:\windows\system32\AX5
    c:\temp\PRE45
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply.. Post each log in separate post..

1. OTMoveIt3
2. Malwarebytes
3. ESET Online scanner
4. Tell me, how is your computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 ChuckSeders

ChuckSeders
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 02 December 2008 - 12:44 PM

1. OTMoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\U2VkZXJzdHJvbQ moved successfully.
c:\windows\system32\sX3i02 moved successfully.
c:\windows\system32\prt moved successfully.
c:\windows\system32\db moved successfully.
c:\windows\system32\AX5 moved successfully.
c:\temp\PRE45 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SEDERS~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS005E3A2B-4A84-4B96-9421-4F27FCF07FE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS04958FDB-3E56-43C4-B8B0-EA084FE58B62.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS050B53AD-3AFB-4261-BDAA-1ECD4A33DF3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS083D297D-EBAD-4766-B0B2-CE57BC179F26.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0A5B3B69-2B18-4650-ABAD-4CE65FD26901.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0FCCEC1E-E1D6-406E-BA16-21BBAB53A7F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS12B18643-FAF1-40D4-B482-DE684D582CBC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS142513A6-2AC1-4E46-8BCE-962CDCA975C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS15C08F99-7379-486B-8BBD-934B0C30C39E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1BD1DCE6-CD62-4D1D-AEC3-CA5B82F72EBA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1DF3F1A0-BEC7-4DE9-94B3-78E86BBD8CE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1ECADF82-4E84-468A-9CCD-0A02D2E73A29.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS24FBAC43-9FB0-4E8C-96DF-92992C801004.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS26EB3E04-9526-433C-AB07-000527D28F5E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS27076071-857E-4EF7-BCE6-4259F26A4F13.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS29E08618-961D-4222-9D3C-3798339C3DFD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2C439764-14C7-4C26-9AF3-A40A4CF7694B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2F7DD4C7-FE3E-41A6-A042-C016972E0BE8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS32A5B2E1-DFF9-4B3B-A8F5-FE033FB09313.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS396711B7-5919-4E32-A240-F5D0A3B30B03.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3D239C8B-34A9-4514-8139-947179F7805F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS40B5ACFD-15C7-4BF0-8E3E-19A883DFA8FD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS40C6D3F6-7527-461D-A954-08BEB9FA0BC0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4291430B-6D24-4343-8150-95DFCC0BA315.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS44E9D2F2-F5AB-4634-B2FC-B2B3B5DA731E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS450E0CAF-EA39-4980-ABA1-C0BAEE030D24.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS46BD3363-4EA2-4065-BF06-2430C98E581B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4B2C6324-B8F2-46D5-9C72-9172FE286AE5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4BD7F63E-FE82-445F-94C2-D3C05470D9A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS51A47035-2797-4856-B263-FAC9B5611655.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS51F68892-C734-44ED-9813-7ED422124B40.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS52560C1C-DCD2-464B-B57E-1E6C4D11CE53.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5BB325A5-DC7E-4CD0-AEDA-21A727E6564A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5F1DDD23-8EC4-4376-BDEE-39F3C6A0DBA9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5F7E8882-56E9-4A78-B6B0-75A824FB4BCC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS61ADFCF3-4778-4EDB-A1D0-03E2FBD404AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS63F4B9A8-5140-43FA-93E1-3AA9D87403A3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6463287E-92F5-45BB-86ED-44474F9E54BC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6E1F8061-4B7C-4E05-B8FE-659F7702FB4F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7141EEA4-88B2-4287-8FC8-22524B14C391.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7262202E-559A-4336-BD98-44A9E441849A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS73128DEE-6B21-4D08-9572-B86F7E889E9D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS74EE632D-7912-48EA-8DD8-0CAAC4618091.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS75BB6F47-3737-4CCC-9069-79DD8EC5E0F2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7722AF84-19BB-4F4C-A2AD-28A338EBFF63.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7BE7D50D-B19E-4089-868A-9B86D4343D30.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7EAE17A2-CB73-46EE-A1CE-86F653A0E258.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8028F0B1-EA92-4BD5-9FF5-E796092EE6A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS84399AC8-7EEE-496B-B57B-73E1BFD45CB0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS85BA7325-F6DE-4753-94D0-014AD25D8F30.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8B04B318-0AF2-4E1F-A62F-ECF0DC5A7D85.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8E66B454-BC67-42C6-9C51-741FC622C03B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS913E0C61-7F54-43EC-85BA-4C9A7F69D440.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9F23F407-0F64-40F9-953D-475BBAE2FC2C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA2FD0CB4-7CE5-4A46-B753-EB245C39E6D9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAB2B4738-D545-4EEF-ADD9-92C564AA9A3B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAC9BBF30-A41C-461D-855A-12D0B04F9568.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAD16E42E-9411-4D4B-B52E-F090D6CEA262.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAF7A239B-74DE-40E4-8EFA-AFC349710881.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB035B6F3-F6B8-4620-9952-2A0B37106A09.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB1FEEEEA-B830-44A3-B609-A22CB9683C4D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB299A249-B4FD-4FE3-8003-7753CF43CEF5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB367781F-E9E3-4D0E-BB72-FDBB937E046C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB3699AE2-C3C8-4070-B627-AF3304444CA9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBB3FF670-5ECF-45E4-BD81-2BD334C0E19F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBBC109BA-058B-4D65-8503-948E75B4C0CA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBDCE0965-BE31-4280-86C6-FFEBCDA633E1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBF852D8C-2EC1-4925-8ECB-6B0E79D2F2D2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBFE935A3-5D8D-4E32-9FD8-8F059443BAB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC1CF41C4-49B4-4F60-A96F-B5BA80351B03.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC23F611A-69D6-49E5-9C62-522372E99E4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC8397F33-F502-43FA-98FF-C4A97279458E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC9DE2F1D-BA7A-4B88-B6E6-6FB41BBA548E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCA511358-A432-43BB-9D06-729E8A711C1A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCD8B6C4F-1F83-4DED-AF52-921AE317FB5E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCDEA5BF6-38DC-4D7C-BED2-EB262544AF75.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD132DEC9-EB9A-47B7-A602-C4325C5D90F1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD1DFFC44-CE19-46B5-A198-B51581EC6906.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD247A05C-56BF-4A68-99DA-7003E4003F87.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD4FDD00C-8156-4A1F-9613-7AC918FC76C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD5273386-9DFB-4920-BA76-C536C2443FFD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD94A6F5A-4A0E-4228-BD64-316904B84423.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDC15EFF0-8EC6-490D-AA23-DA5A7F0609FA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDC7813B0-A3A9-457A-8E63-06B80B0E15F2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDCCAC846-869E-4E95-AC84-111FC32A58F7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDCF6EE5C-753E-434F-9522-8D9632005C4A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDE904DB5-34E0-4154-AD25-4F10BA20FB86.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDF7D6206-EDF3-442D-BEE8-1935298C0ADC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE1A054C0-B0AD-4CDB-8CEC-2246A88E2BFE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE2AAEE92-64D4-4A45-91E2-68B4C68BE33F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE3EF6B7E-DF7D-42BF-A665-30628F1EFBA1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE4C33890-AEC0-4C05-A9CF-0B0BF0E8E0B3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE79508A8-0BD2-4955-9A2A-A5D986FDB6E9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE9442E1E-7E67-404E-B7AE-9919B257E12B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEACD7DDE-9496-4875-9F50-F89A2E9BBC90.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEB97855B-B254-4BEF-9866-87839825494D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF3CB3AF0-F6E7-45C0-A4D6-078DC3EA9291.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF3F5B76F-1095-4576-8120-12DED7D18F7A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF5F406B4-8813-4886-BCE2-BC76CE384CF0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF7B743E7-4594-407D-8261-C305B2807A6E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFB152594-A46B-42B4-9FDD-6CB3656157DB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFBA5CD25-8989-455F-942F-C0F5B174FA3C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFC8A5A7F-1A41-40BC-9F0D-31E665BFAEDF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFF40DDE6-0269-469D-9AA2-6E8A0178DBAB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_928.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12022008_014033

Files moved on Reboot...
C:\DOCUME~1\SEDERS~1\LOCALS~1\Temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\wrstemp\SSMS005E3A2B-4A84-4B96-9421-4F27FCF07FE0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS04958FDB-3E56-43C4-B8B0-EA084FE58B62.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS050B53AD-3AFB-4261-BDAA-1ECD4A33DF3E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS083D297D-EBAD-4766-B0B2-CE57BC179F26.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0A5B3B69-2B18-4650-ABAD-4CE65FD26901.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS0FCCEC1E-E1D6-406E-BA16-21BBAB53A7F3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS12B18643-FAF1-40D4-B482-DE684D582CBC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS142513A6-2AC1-4E46-8BCE-962CDCA975C3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS15C08F99-7379-486B-8BBD-934B0C30C39E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1BD1DCE6-CD62-4D1D-AEC3-CA5B82F72EBA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1DF3F1A0-BEC7-4DE9-94B3-78E86BBD8CE0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1ECADF82-4E84-468A-9CCD-0A02D2E73A29.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS24FBAC43-9FB0-4E8C-96DF-92992C801004.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS26EB3E04-9526-433C-AB07-000527D28F5E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS27076071-857E-4EF7-BCE6-4259F26A4F13.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS29E08618-961D-4222-9D3C-3798339C3DFD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2C439764-14C7-4C26-9AF3-A40A4CF7694B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2F7DD4C7-FE3E-41A6-A042-C016972E0BE8.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS32A5B2E1-DFF9-4B3B-A8F5-FE033FB09313.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS396711B7-5919-4E32-A240-F5D0A3B30B03.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3D239C8B-34A9-4514-8139-947179F7805F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS40B5ACFD-15C7-4BF0-8E3E-19A883DFA8FD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS40C6D3F6-7527-461D-A954-08BEB9FA0BC0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4291430B-6D24-4343-8150-95DFCC0BA315.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS44E9D2F2-F5AB-4634-B2FC-B2B3B5DA731E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS450E0CAF-EA39-4980-ABA1-C0BAEE030D24.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS46BD3363-4EA2-4065-BF06-2430C98E581B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4B2C6324-B8F2-46D5-9C72-9172FE286AE5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4BD7F63E-FE82-445F-94C2-D3C05470D9A2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS51A47035-2797-4856-B263-FAC9B5611655.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS51F68892-C734-44ED-9813-7ED422124B40.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS52560C1C-DCD2-464B-B57E-1E6C4D11CE53.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5BB325A5-DC7E-4CD0-AEDA-21A727E6564A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5F1DDD23-8EC4-4376-BDEE-39F3C6A0DBA9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5F7E8882-56E9-4A78-B6B0-75A824FB4BCC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS61ADFCF3-4778-4EDB-A1D0-03E2FBD404AD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS63F4B9A8-5140-43FA-93E1-3AA9D87403A3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6463287E-92F5-45BB-86ED-44474F9E54BC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6E1F8061-4B7C-4E05-B8FE-659F7702FB4F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7141EEA4-88B2-4287-8FC8-22524B14C391.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7262202E-559A-4336-BD98-44A9E441849A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS73128DEE-6B21-4D08-9572-B86F7E889E9D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS74EE632D-7912-48EA-8DD8-0CAAC4618091.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS75BB6F47-3737-4CCC-9069-79DD8EC5E0F2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7722AF84-19BB-4F4C-A2AD-28A338EBFF63.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7BE7D50D-B19E-4089-868A-9B86D4343D30.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7EAE17A2-CB73-46EE-A1CE-86F653A0E258.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8028F0B1-EA92-4BD5-9FF5-E796092EE6A2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS84399AC8-7EEE-496B-B57B-73E1BFD45CB0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS85BA7325-F6DE-4753-94D0-014AD25D8F30.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8B04B318-0AF2-4E1F-A62F-ECF0DC5A7D85.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8E66B454-BC67-42C6-9C51-741FC622C03B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS913E0C61-7F54-43EC-85BA-4C9A7F69D440.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS9F23F407-0F64-40F9-953D-475BBAE2FC2C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA2FD0CB4-7CE5-4A46-B753-EB245C39E6D9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSAB2B4738-D545-4EEF-ADD9-92C564AA9A3B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSAC9BBF30-A41C-461D-855A-12D0B04F9568.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSAD16E42E-9411-4D4B-B52E-F090D6CEA262.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSAF7A239B-74DE-40E4-8EFA-AFC349710881.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB035B6F3-F6B8-4620-9952-2A0B37106A09.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB1FEEEEA-B830-44A3-B609-A22CB9683C4D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB299A249-B4FD-4FE3-8003-7753CF43CEF5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB367781F-E9E3-4D0E-BB72-FDBB937E046C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB3699AE2-C3C8-4070-B627-AF3304444CA9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBB3FF670-5ECF-45E4-BD81-2BD334C0E19F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBBC109BA-058B-4D65-8503-948E75B4C0CA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBDCE0965-BE31-4280-86C6-FFEBCDA633E1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBF852D8C-2EC1-4925-8ECB-6B0E79D2F2D2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBFE935A3-5D8D-4E32-9FD8-8F059443BAB9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC1CF41C4-49B4-4F60-A96F-B5BA80351B03.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC23F611A-69D6-49E5-9C62-522372E99E4C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC8397F33-F502-43FA-98FF-C4A97279458E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC9DE2F1D-BA7A-4B88-B6E6-6FB41BBA548E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCA511358-A432-43BB-9D06-729E8A711C1A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCD8B6C4F-1F83-4DED-AF52-921AE317FB5E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCDEA5BF6-38DC-4D7C-BED2-EB262544AF75.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD132DEC9-EB9A-47B7-A602-C4325C5D90F1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD1DFFC44-CE19-46B5-A198-B51581EC6906.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD247A05C-56BF-4A68-99DA-7003E4003F87.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD4FDD00C-8156-4A1F-9613-7AC918FC76C0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD5273386-9DFB-4920-BA76-C536C2443FFD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD94A6F5A-4A0E-4228-BD64-316904B84423.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDC15EFF0-8EC6-490D-AA23-DA5A7F0609FA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDC7813B0-A3A9-457A-8E63-06B80B0E15F2.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDCCAC846-869E-4E95-AC84-111FC32A58F7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDCF6EE5C-753E-434F-9522-8D9632005C4A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDE904DB5-34E0-4154-AD25-4F10BA20FB86.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDF7D6206-EDF3-442D-BEE8-1935298C0ADC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE1A054C0-B0AD-4CDB-8CEC-2246A88E2BFE.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE2AAEE92-64D4-4A45-91E2-68B4C68BE33F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE3EF6B7E-DF7D-42BF-A665-30628F1EFBA1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE4C33890-AEC0-4C05-A9CF-0B0BF0E8E0B3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE79508A8-0BD2-4955-9A2A-A5D986FDB6E9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE9442E1E-7E67-404E-B7AE-9919B257E12B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEACD7DDE-9496-4875-9F50-F89A2E9BBC90.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEB97855B-B254-4BEF-9866-87839825494D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF3CB3AF0-F6E7-45C0-A4D6-078DC3EA9291.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF3F5B76F-1095-4576-8120-12DED7D18F7A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF5F406B4-8813-4886-BCE2-BC76CE384CF0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF7B743E7-4594-407D-8261-C305B2807A6E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFB152594-A46B-42B4-9FDD-6CB3656157DB.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFBA5CD25-8989-455F-942F-C0F5B174FA3C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFC8A5A7F-1A41-40BC-9F0D-31E665BFAEDF.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFF40DDE6-0269-469D-9AA2-6E8A0178DBAB.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_928.dat not found!

2. Malwarebytes

Malwarebytes' Anti-Malware 1.30
Database version: 1445
Windows 5.1.2600 Service Pack 3

12/2/2008 2:20:30 AM
mbam-log-2008-12-02 (02-20-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 86880
Time elapsed: 26 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3. ESET Online scanner

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3656 (20081202)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=81cca2cc26f20143a8073ad2228b4263
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-02 10:26:06
# local_time=2008-12-02 04:26:06 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=295027
# found=0
# scan_time=5355

4. The computer has been doing fine. I had been having occasional pop-ups, but have not had one recently. All these scanner prgrams seem to have run very well and I am impressed with the amount of help you have given me. Thanks and let me know if there is more to do.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 02 December 2008 - 07:14 PM

Everything looks good to me.. Lets do this....


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users