Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still Infected/Re-Infected, Combo Log


  • This topic is locked This topic is locked
7 replies to this topic

#1 MexicanCutie

MexicanCutie

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:10:36 PM

Posted 25 August 2010 - 05:22 AM

Hi I have posted to this site and have recieved great help and I am now suffering some issues again. After I recieved help last time everything was ok and then I started having problems so I just switched hard drives. I am now back on my hard drive and reset it up but now I think my computer is infected again. I have not downloaded any torrents files which was my problem last time. I installed Antivirus and Zone Alarm before going on the Internet and have made sure to only download from CNET as far as I can remember. I don't know what I'm doing wrong to keep getting infected, if in fact I am. So because I had recieved help previously with most of the same issues and with the advice of dell customer service I ran combofix. Here is that log. I have WindowsXP, Dell Dimension 3000, Avast Antivirus, ZoneAlarm. If this is the wrong place to post this could you please point me in the right direction. Thank you so much for your help.

ComboFix 10-08-24.0A - Owner 08/25/2010 2:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.670 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\1pdfdec.dll
c:\program files\Common Files\Temp
c:\program files\Common Files\Temp\Love's Power Mahjong SETUP.exe
c:\program files\Common Files\Temp\unins000.dat
c:\program files\Common Files\Temp\unins000.exe
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\win32.dll
c:\windows\system32\wordpad.exe
c:\windows\system32\wr58280.dll
c:\windows\system32\xwr58280.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 09:05 . 2010-08-25 09:05 -------- d-----w- c:\windows\system32\winrm
2010-08-25 09:05 . 2010-08-25 09:05 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-25 09:05 . 2010-08-25 09:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-25 07:09 . 2010-08-25 07:09 -------- d-----w- c:\windows\LastGood
2010-08-25 04:17 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-25 04:17 . 2010-06-25 00:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-25 04:17 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-25 04:17 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-25 04:17 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-25 04:17 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-25 04:17 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-25 04:17 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-25 01:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-25 01:31 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-25 01:31 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-25 01:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-25 01:30 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-25 01:26 . 2004-08-04 10:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-08-25 01:26 . 2004-08-04 10:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-08-25 01:26 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-08-25 01:26 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-08-25 01:24 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-25 01:16 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-25 01:16 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-08-25 01:14 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-08-25 01:14 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-08-25 00:40 . 2005-09-20 16:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-08-25 00:35 . 2004-08-04 10:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-08-25 00:35 . 2004-08-04 10:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-08-25 00:34 . 2004-08-04 10:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-08-25 00:34 . 2004-08-04 10:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-08-25 00:34 . 2004-08-04 10:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-08-25 00:34 . 2008-04-13 17:39 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-08-25 00:32 . 2004-08-04 10:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2010-08-25 00:31 . 2008-04-14 00:09 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
2010-08-25 00:28 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-08-24 23:50 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-24 23:50 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-24 23:50 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-24 23:50 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-23 02:51 . 2010-08-23 02:56 -------- d-----w- c:\documents and settings\Owner\Application Data\PrimoPDF
2010-08-23 02:01 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-08-23 02:00 . 2010-08-23 02:00 -------- d-----w- c:\program files\Nitro PDF
2010-08-22 06:24 . 2010-08-22 06:24 -------- d-----w- c:\program files\Media Monkey
2010-08-22 01:25 . 2010-08-22 01:25 -------- d-----w- c:\program files\VS Revo Group
2010-08-21 13:23 . 2010-08-21 13:23 -------- d-----w- c:\documents and settings\Owner\usrusmt2.tmp
2010-08-21 13:20 . 2010-08-21 13:24 3628544 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2010-08-21 04:53 . 2010-08-21 05:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2010-08-21 04:53 . 2010-08-21 04:55 -------- d-----w- c:\program files\Winamp
2010-08-21 04:40 . 2010-08-21 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft
2010-08-21 04:40 . 2010-08-21 04:40 -------- d-----w- c:\documents and settings\Owner\Application Data\ESTsoft
2010-08-21 04:39 . 2010-08-21 04:39 -------- d-----w- c:\program files\ESTsoft
2010-08-20 18:22 . 2010-08-20 18:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2010-08-20 18:21 . 2010-08-20 18:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2010-08-20 18:21 . 2010-08-20 18:22 -------- d-----w- c:\program files\Foxit Software
2010-08-20 18:12 . 2010-08-20 18:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-08-20 18:12 . 2010-08-20 18:12 -------- d-----w- c:\program files\Application Updater
2010-08-20 18:12 . 2010-08-20 18:12 -------- d-----w- c:\program files\pdfforge Toolbar
2010-08-20 18:12 . 2010-08-20 18:12 25046 ----a-w- c:\windows\unins000.dat
2010-08-20 18:12 . 2010-08-20 18:12 722757 ----a-w- c:\windows\unins000.exe
2010-08-20 18:11 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-08-20 18:11 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-08-20 17:55 . 2009-11-05 15:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-08-20 17:55 . 2010-08-20 17:55 -------- d-----w- c:\program files\Acro Software
2010-08-20 02:47 . 2010-08-20 02:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\BlackRiverSoft
2010-08-20 02:30 . 2010-08-20 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\BlackRiverSoft
2010-08-19 00:46 . 2010-08-19 00:46 -------- d-----w- c:\program files\LimeWire
2010-08-19 00:08 . 2010-08-19 00:08 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-17 21:42 . 1998-07-14 00:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-08-17 21:42 . 2003-01-26 19:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-08-17 21:42 . 2000-10-02 01:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-08-17 21:42 . 1999-03-26 01:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-08-17 21:42 . 1998-07-13 05:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-08-17 21:42 . 2010-08-19 21:18 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeBurner
2010-08-17 21:42 . 2010-08-17 21:42 -------- d-----w- c:\program files\Free Easy Burner
2010-08-17 21:42 . 1998-07-13 05:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-08-17 21:42 . 1998-07-13 01:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-08-17 21:39 . 2010-08-17 21:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2010-08-17 17:40 . 2010-08-20 21:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WeatherBug
2010-08-17 17:40 . 2010-08-17 17:40 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2010-08-17 17:40 . 2010-08-17 17:40 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2010-08-17 17:40 . 2010-08-17 17:40 11264 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2010-08-15 13:49 . 2010-08-15 13:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-08-15 13:49 . 2010-08-15 13:49 -------- d-----w- c:\program files\Google
2010-08-15 11:50 . 2010-08-15 11:50 0 ----a-w- c:\windows\nsreg.dat
2010-08-15 11:27 . 2010-08-15 11:27 -------- d-----w- C:\997ca758a181b4eed7f8
2010-08-15 11:27 . 2010-08-15 11:27 -------- d-----w- c:\program files\MSXML 4.0
2010-08-15 11:19 . 2010-08-15 11:19 -------- d-----w- c:\documents and settings\Owner\.Clock-on-Desktop
2010-08-15 09:55 . 2010-08-15 09:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AMozilla
2010-08-15 09:54 . 2010-08-15 09:54 -------- d-----w- c:\documents and settings\Owner\Application Data\AMozilla
2010-08-14 16:05 . 2010-08-14 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2010-08-14 15:01 . 2010-08-14 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\OberonGames
2010-08-13 10:08 . 2010-08-13 10:14 -------- d-----w- c:\windows\system32\NtmsData
2010-08-13 09:37 . 2009-07-24 00:28 86016 ----a-w- c:\windows\system32\akrip32.dll
2010-08-13 09:37 . 2009-07-24 00:28 131176 ----a-w- c:\windows\system32\mp3gain.exe
2010-08-13 09:37 . 2003-04-18 23:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-08-13 09:37 . 2009-11-26 01:40 307200 ----a-w- c:\windows\system32\Mp3Ctrl.dll
2010-08-13 09:37 . 2009-09-26 18:00 580096 ----a-w- c:\windows\system32\lame.exe
2010-08-12 07:17 . 2010-08-21 20:45 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-12 07:05 . 2010-08-12 07:05 -------- d-----w- c:\program files\WebBlinds
2010-08-11 06:03 . 2010-08-11 06:04 -------- d-----w- c:\windows\uninstall\Eleven Home Edition
2010-08-11 06:03 . 2010-08-11 06:03 -------- d-----w- c:\windows\uninstall
2010-08-11 04:23 . 2010-08-11 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\T1 Games
2010-08-10 06:37 . 2010-08-10 12:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Notepad++
2010-08-10 06:36 . 2010-08-10 06:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Element_Software
2010-08-09 20:33 . 2010-08-09 20:33 82536 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-09 20:32 . 2010-08-09 20:32 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-09 20:32 . 2010-08-09 20:32 -------- d-----w- c:\program files\MSBuild
2010-08-09 20:32 . 2010-08-09 20:32 -------- d-----w- c:\program files\Reference Assemblies
2010-08-09 20:32 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2010-08-09 20:32 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2010-08-09 20:32 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2010-08-09 20:32 . 2008-07-06 10:50 597504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-09 20:32 . 2010-08-09 20:32 -------- d-----w- C:\46f05d0c7d87a7dff2915e89de08dd
2010-08-09 13:13 . 2003-11-21 22:26 118784 ----a-w- c:\windows\system32\Prounstl.exe
2010-08-09 13:13 . 2003-07-28 13:55 24064 ----a-w- c:\windows\system32\IntelNic.dll
2010-08-09 12:58 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-08-09 12:57 . 2010-08-18 18:45 -------- d-----w- c:\windows\Logs
2010-08-09 12:33 . 2010-08-09 12:34 -------- d-----w- c:\program files\2Trail of the Midnight Heart
2010-08-09 12:10 . 2010-08-09 12:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Karen's Power Tools
2010-08-09 12:10 . 2010-08-09 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Karen's Power Tools
2010-08-09 12:00 . 2010-08-09 12:00 -------- d-----w- c:\program files\TGTSoft
2010-08-09 08:31 . 2010-08-10 06:19 -------- d-----w- c:\program files\ElementAntiVirus2011GOTDSetupPackage
2010-08-08 20:54 . 2010-08-09 07:50 -------- d-----w- C:\Panda Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 09:30 . 2010-08-25 09:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Element Software
2010-08-21 20:36 . 2010-07-12 23:46 -------- d-----w- c:\program files\WindowBlinds
2010-08-20 21:02 . 2006-01-05 13:57 6541287 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-20 18:23 . 2010-07-12 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2010-08-20 17:43 . 2010-07-12 22:42 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-08-19 12:15 . 2010-07-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-19 00:08 . 2010-08-19 00:08 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-19 00:08 . 2010-08-19 00:06 -------- d-----w- c:\program files\Common Files\Real
2010-08-19 00:08 . 2010-08-19 00:06 -------- d-----w- c:\program files\Real
2010-08-19 00:08 . 2010-08-19 00:08 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-18 19:58 . 2010-07-12 20:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SolSuite
2010-08-17 20:18 . 2010-07-12 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 08:56 . 2010-07-23 10:16 -------- d-----w- c:\documents and settings\Owner\Application Data\PhotoScape
2010-08-13 20:03 . 2010-07-22 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-08-12 10:39 . 2010-07-14 01:48 -------- d-----w- c:\program files\Java
2010-08-12 07:05 . 2010-07-12 22:35 -------- d-----w- c:\program files\Common Files\Stardock
2010-08-09 01:41 . 2010-07-19 05:19 -------- d-----w- c:\program files\Canon
2010-08-08 13:40 . 2010-07-12 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 16:59 . 2010-07-12 19:49 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2010-08-07 07:35 . 2010-07-17 14:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-07 03:59 . 2010-08-07 03:59 2914 ----a-w- c:\windows\system32\unins000.dat
2010-08-07 03:59 . 2010-08-07 03:59 716153 ----a-w- c:\windows\system32\unins000.exe
2010-07-30 04:02 . 2010-07-12 16:04 -------- d-----w- c:\program files\Intel
2010-07-28 03:11 . 2010-07-25 06:03 -------- d-----w- c:\program files\Yahoo!
2010-07-27 06:30 . 2010-07-27 06:30 8462336 ----a-w- c:\windows\system32\SET120.tmp
2010-07-25 11:08 . 2010-07-25 11:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Zylom
2010-07-25 10:33 . 2010-07-25 10:33 -------- d-----w- c:\documents and settings\Owner\Application Data\PandoraRecovery
2010-07-24 10:07 . 2010-07-24 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-07-23 06:53 . 2010-07-23 06:48 -------- d-----w- c:\program files\SpywareBlaster
2010-07-22 12:22 . 2010-07-22 12:22 -------- d-----w- c:\program files\Bee Icons
2010-07-21 14:11 . 2010-07-21 14:11 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft
2010-07-21 14:04 . 2010-07-21 14:04 -------- d-----w- c:\documents and settings\Owner\Application Data\EleFun Games
2010-07-21 11:49 . 2010-07-21 11:49 -------- d-----w- c:\documents and settings\Owner\Application Data\BitComet
2010-07-21 11:08 . 2010-07-21 10:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Dexpot
2010-07-21 11:06 . 2010-07-20 09:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Desktop Sidebar
2010-07-21 10:20 . 2010-07-21 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\jsi
2010-07-20 07:10 . 2010-07-20 07:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-20 07:10 . 2010-07-20 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-19 05:19 . 2010-07-19 05:19 -------- d-----w- c:\program files\Common Files\Canon
2010-07-18 10:54 . 2010-07-18 10:54 -------- d-----w- c:\documents and settings\Owner\Application Data\BrandX Games
2010-07-17 14:15 . 2010-07-17 14:15 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 14:15 . 2010-07-17 14:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-07-17 14:15 . 2010-07-17 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-17 12:00 . 2010-07-14 01:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 08:15 . 2010-07-17 08:15 -------- d-----w- c:\documents and settings\Owner\Application Data\MySpace
2010-07-17 08:15 . 2010-07-17 08:15 -------- d-----w- c:\program files\MySpace
2010-07-14 01:49 . 2010-07-14 01:49 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 23:31 . 2010-07-12 23:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-12 20:59 . 2010-07-12 20:59 -------- d-----w- c:\documents and settings\Owner\Application Data\TweakNow PowerPack 2009
2010-07-12 20:56 . 2010-07-12 20:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-12 20:56 . 2010-07-12 20:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-12 20:36 . 2010-07-12 20:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-12 20:21 . 2010-07-12 15:50 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-12 20:11 . 2010-07-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2010-07-12 20:01 . 2010-07-12 20:01 -------- d-----w- c:\documents and settings\Owner\Application Data\FxFotoDB
2010-07-12 20:00 . 2010-07-12 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\GrassGames
2010-07-12 19:38 . 2010-07-12 19:38 -------- d-----w- c:\program files\Zone Labs
2010-07-12 16:06 . 2010-07-12 16:06 -------- d-----w- c:\program files\Analog Devices
2010-07-12 16:06 . 2010-07-12 16:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-12 15:51 . 2010-07-12 15:51 -------- d-----w- c:\program files\microsoft frontpage
2010-07-12 15:48 . 2010-07-12 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-12 08:00 . 2010-07-12 08:00 -------- d-----w- c:\program files\EASEUS
2010-06-30 12:31 . 2010-08-25 07:09 149504 ----a-w- c:\windows\system32\SET14B.tmp
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 20:51 . 2010-07-12 20:36 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 20:51 . 2010-07-12 20:36 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 20:51 . 2010-07-12 20:36 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-23 20:50 . 2010-06-23 20:50 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 19:08 . 2010-06-16 19:08 772728 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-06-16 19:08 . 2010-06-16 19:08 547960 ----a-w- c:\windows\system32\accesor.dll
2010-06-16 18:26 . 2010-06-16 18:26 129144 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-06-16 17:54 . 2010-06-16 17:54 1771640 ----a-w- c:\windows\system32\ncscolib.dll
2010-06-14 14:31 . 2010-07-12 15:48 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2010-08-25 07:09 1172480 ----a-w- c:\windows\system32\SET13B.tmp
2010-06-14 07:41 . 2010-06-14 07:41 1172480 ----a-w- c:\windows\system32\SET4.tmp
2010-06-02 11:55 . 2010-08-09 12:59 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55 . 2010-08-09 12:59 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55 . 2010-08-09 12:59 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2008-03-09 14:25 . 2010-08-07 03:59 236 ----a-w- c:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"avast5"="d:\avasta~1\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 10:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Diskmd3 Reminder]
2010-07-22 18:04 324280 ----a-w- c:\program files\PCPitstop\DiskMD3\Reminder-Diskmd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
2009-06-10 22:26 205552 ----a-w- c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-07 07:35 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
2010-08-09 20:32 1867776 ----a-w- d:\zortam mp3 media studio\zmmspro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"LmHosts"=2 (0x2)
"JavaQuickStarterService"=3 (0x3)
"getPlusHelper"=3 (0x3)
"DefragSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\BitComet\\BitComet.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17881:TCP"= 17881:TCP:*:Disabled:BitComet 17881 TCP
"17881:UDP"= 17881:UDP:*:Disabled:BitComet 17881 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/2/2010 12:46 AM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/2/2010 12:46 AM 17744]
S2 DefragSvc;Element TotalProtect;c:\documents and settings\Owner\Application Data\Element Software\Element Anti-Virus 2011\ETPDEFRAG.EXE -r --> c:\documents and settings\Owner\Application Data\Element Software\Element Anti-Virus 2011\ETPDEFRAG.EXE -r [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/15/2010 6:49 AM 30192]
S3 nosGetPlusHelper;getPlusŪ Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 3:00 AM 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 AM 14336]
S4 DeskSaverService;DeskSaverService; [x]
S4 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/12/2010 1:00 AM 13192]
S4 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/12/2010 1:00 AM 8456]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/7/2010 12:18 AM 90352]
S4 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S4 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MSISERVER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\GlaryInitialize.job
- d:\glary utilities\initialize.exe [2010-07-21 17:01]

2010-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1364589140-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1364589140-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
Trusted Zone: .com\download
Trusted Zone: cnet.com\download
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Love's Power Mahjong_is1 - c:\program files\Common Files\Temp\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 02:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-1364589140-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="wbsys.dll"
.
Completion time: 2010-08-25 02:46:21
ComboFix-quarantined-files.txt 2010-08-25 09:46

Pre-Run: 166,942,535,680 bytes free
Post-Run: 166,934,360,064 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 32ACAE37F24B9BD652BC15CAAD4EA52C

Edited by MexicanCutie, 25 August 2010 - 04:04 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:36 AM

Posted 30 August 2010 - 10:28 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:10:36 PM

Posted 30 August 2010 - 05:12 PM

Hi, thank you for your help. Here are the logs you requested. First, ComboFix, then OTL and Extra and finally, Rootkit Unhooker. I was still having a few problems after my last help session so I eventually did a repair install about 2 or 3 weeks ago. And I don't think that helped at all. The only difference I noticed is tha before I was missing ""New" on all the menu's and right click so I couldn't make a new folder anywhere in explorer. The problems I am experiencing at the moment are mostly security related. I have seem to have lost my administrative priveleges on all my partitions and subsequently the folders in them. Some programs and updates don't install while I have no problems with others. When I was trying to troubleshoot and uninstall programs, I noticed several of them are not listed under the add/remove programs or in revouninstaller. My computer is extremely slow on startup up (app. 4-5 min.) despite the fact that I have used msconfig to remove all startup programs except zone alarm and avast. ctfmon, and several igfx process seem to always find their way back on the list no matter how many times I remove them. I'm having some redirect issues, but not many and I am noticing a limited number of websites listed when I do web searches. And the ones I usually use, like this one, don't show up at all on a web search. I haven't done much about the security issues because, frankly, I don't know anything about it. It all so confusing to me. But I did run a reset command the day before yesterday to fix the permission problems. I'm not sure if that has helped or not. My help and support doesn't come up when I select it either through the start menu or the the folder. System Restore comes with an error saying your computer cannot be restored. But I can do a manual system restore. This is the only computer in the home and should not have any network or remote access to view my files. I should be the only person to have access to anything on my computer at all times. As far as I know, I have only downloaded from CNET and Giveawayoftheday. I suspect one of the programs I installed from GAOFD has, at least in part, contributed to these problems. That program was Elements Antivirus 2011. I am currently using ZoneAlarm and Avast, Windows XP SP3 on a Dell Dimension 3000. Although frustratingly slow I can still use my computer so please take your time and I really appreciate your help in resolving this issue. btw...I attatched the file because it was too big to post. I hope that was ok.

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:36 AM

Posted 31 August 2010 - 08:54 AM

There was no need to rerun Combofix. However, since you did, please delete your old copy, download a new one and run it.

Bleepingcomputer
ForoSpyware

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:10:36 PM

Posted 31 August 2010 - 09:36 AM

Sorry about that. I try and make sure to follow the directions exactly as instructed. I think this is where I went wrong. "If you have already posted a log, please do so again, as your situation may have changed". Here is the new ComboFix Log.



ComboFix 10-08-30.02 - Owner 08/31/2010 7:11.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.640 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 12:15 . 2010-08-31 12:15 -------- d--h--w- c:\windows\PIF
2010-08-29 22:55 . 2010-08-29 22:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-29 22:54 . 2010-08-31 03:05 -------- d-----w- c:\program files\All_To_PDF
2010-08-29 22:38 . 2010-06-30 01:47 2309120 ----a-w- c:\windows\system32\pdftk.exe
2010-08-29 22:38 . 2010-06-30 01:47 196608 ----a-w- c:\windows\system32\Utility.dll
2010-08-29 22:38 . 2010-06-30 01:47 139264 ----a-w- c:\windows\system32\gswin32c.exe
2010-08-29 22:38 . 2010-08-29 22:54 -------- d-----w- c:\windows\system32\gs
2010-08-29 22:38 . 2010-06-30 01:47 116224 ----a-w- c:\windows\system32\Execute.dll
2010-08-29 22:38 . 1996-11-08 09:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-08-29 22:36 . 2010-08-29 22:36 -------- d-----w- C:\ProgramData
2010-08-29 18:59 . 2010-08-29 18:59 -------- d-----w- c:\windows\LastGood
2010-08-29 06:59 . 2010-08-29 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PerfectClock2007
2010-08-29 06:59 . 2010-08-29 06:59 -------- d-----w- c:\program files\PerfectClock
2010-08-28 06:45 . 2010-08-28 06:45 -------- d-----w- c:\program files\Mono to Stereo Converter
2010-08-28 06:39 . 2010-08-28 06:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Musereo
2010-08-27 19:15 . 2010-08-27 19:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Ashampoo
2010-08-27 17:13 . 2010-08-27 17:14 -------- d-----w- C:\MYTEMP
2010-08-27 07:11 . 2010-08-27 07:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ashampoo
2010-08-27 07:11 . 2010-08-27 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-08-26 02:49 . 2008-04-21 12:08 215552 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-08-26 02:36 . 2010-06-29 01:04 21464 ----a-w- c:\windows\system32\NaBootMir.exe
2010-08-26 02:36 . 2010-02-25 00:16 512 ----a-w- c:\windows\MirDetected.bin
2010-08-26 02:36 . 2010-06-23 17:09 28648 ----a-w- c:\windows\system32\drivers\MirDisk.sys
2010-08-26 02:36 . 2010-06-23 17:09 33896 ----a-w- c:\windows\system32\drivers\HKDirFlt.sys
2010-08-26 02:30 . 2010-06-23 17:09 37016 ----a-w- c:\windows\system32\drivers\FolderHK.sys
2010-08-26 02:24 . 2010-08-26 02:24 -------- d-----w- c:\program files\Altiris
2010-08-26 02:24 . 2010-08-26 02:24 -------- d-----w- C:\fslrdr
2010-08-26 02:22 . 2010-08-27 20:20 -------- d-sh--w- c:\windows\Installer
2010-08-26 02:02 . 1998-09-30 19:26 49936 ----a-w- c:\windows\system32\SeCEdit.exe
2010-08-26 02:02 . 1998-09-30 19:24 242448 ----a-w- c:\windows\system32\scedll.dll
2010-08-26 02:02 . 1998-03-31 23:37 29968 ----a-w- c:\windows\system32\Rshx32_5.dll
2010-08-26 02:02 . 1998-10-09 21:17 384784 ----a-w- c:\windows\system32\wsecedit.dll
2010-08-26 01:47 . 2008-04-26 02:41 218624 -c--a-w- c:\windows\system32\dllcache\uxtheme.dll
2010-08-26 01:25 . 2010-08-26 01:25 -------- d-----w- c:\windows\system32\Adobe
2010-08-26 01:19 . 2010-08-26 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-26 01:19 . 2010-08-26 01:19 -------- d-----w- c:\program files\NOS
2010-08-25 14:02 . 2010-08-25 14:02 -------- d-----w- c:\program files\Winstep
2010-08-25 13:23 . 2010-08-25 13:23 -------- d-----w- c:\program files\AWS
2010-08-25 13:04 . 2010-06-21 17:01 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys
2010-08-25 13:04 . 2010-08-25 13:04 -------- d-----w- c:\program files\Aiseesoft Studio
2010-08-25 09:33 . 2010-08-25 09:33 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-25 09:33 . 2010-08-30 01:31 -------- d-----w- c:\windows\system32\wbem\Logs
2010-08-25 09:30 . 2010-08-25 09:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Element Software
2010-08-25 09:05 . 2010-08-25 09:05 -------- d-----w- c:\windows\system32\winrm
2010-08-25 09:05 . 2010-08-25 09:05 -------- d-----w- c:\windows\system32\GroupPolicy
2010-08-25 09:05 . 2010-08-25 09:06 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-08-25 04:17 . 2010-06-18 11:39 16896 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2010-08-25 04:17 . 2010-06-25 00:51 11077120 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2010-08-25 04:17 . 2010-06-24 12:22 12800 -c--a-w- c:\windows\system32\dllcache\xpshims.dll
2010-08-25 04:17 . 2010-06-24 12:21 599040 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-25 04:17 . 2010-06-24 12:21 55296 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-25 04:17 . 2010-06-24 12:21 247808 -c--a-w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-25 04:17 . 2010-06-24 12:21 1986560 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2010-08-25 04:17 . 2010-06-24 12:21 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-25 01:31 . 2008-06-13 11:05 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2010-08-25 01:31 . 2010-06-21 15:27 354304 -c--a-w- c:\windows\system32\dllcache\srv.sys
2010-08-25 01:31 . 2010-02-24 13:11 455680 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-25 01:30 . 2009-11-21 15:51 471552 -c--a-w- c:\windows\system32\dllcache\aclayers.dll
2010-08-25 01:30 . 2010-06-14 14:31 744448 -c--a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-25 01:26 . 2004-08-04 10:00 403 -c--a-w- c:\windows\system32\dllcache\npdrmv2.zip
2010-08-25 01:26 . 2004-08-04 10:00 22060 -c--a-w- c:\windows\system32\dllcache\npds.zip
2010-08-25 01:26 . 2008-04-13 17:27 79872 -c--a-w- c:\windows\system32\dllcache\msxml6r.dll
2010-08-25 01:26 . 2008-04-14 00:12 294912 -c--a-w- c:\windows\system32\dllcache\dlimport.exe
2010-08-25 01:24 . 2010-06-18 13:36 3558912 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-08-25 01:16 . 2008-05-08 14:02 203136 -c--a-w- c:\windows\system32\dllcache\rmcast.sys
2010-08-25 01:16 . 2008-05-01 14:33 331776 -c--a-w- c:\windows\system32\dllcache\msadce.dll
2010-08-25 01:14 . 2008-10-15 16:34 337408 -c--a-w- c:\windows\system32\dllcache\netapi32.dll
2010-08-25 01:14 . 2010-06-14 07:41 1172480 -c--a-w- c:\windows\system32\dllcache\msxml3.dll
2010-08-25 00:40 . 2005-09-20 16:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-08-25 00:35 . 2004-08-04 10:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2010-08-25 00:35 . 2004-08-04 10:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2010-08-25 00:34 . 2004-08-04 10:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2010-08-25 00:34 . 2004-08-04 10:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2010-08-25 00:34 . 2004-08-04 10:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2010-08-25 00:34 . 2008-04-13 17:39 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-08-25 00:32 . 2004-08-04 10:00 126976 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2010-08-25 00:31 . 2008-04-14 00:09 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
2010-08-25 00:28 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-08-24 23:50 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-24 23:50 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-24 23:50 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-24 23:50 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-23 02:51 . 2010-08-23 02:56 -------- d-----w- c:\documents and settings\Owner\Application Data\PrimoPDF
2010-08-23 02:01 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-08-23 02:00 . 2010-08-23 02:00 -------- d-----w- c:\program files\Nitro PDF
2010-08-22 06:24 . 2010-08-22 06:24 -------- d-----w- c:\program files\Media Monkey
2010-08-22 01:25 . 2010-08-22 01:25 -------- d-----w- c:\program files\VS Revo Group
2010-08-21 13:23 . 2010-08-21 13:23 -------- d-----w- c:\documents and settings\Owner\usrusmt2.tmp
2010-08-21 13:20 . 2010-08-21 13:24 3628544 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2010-08-21 04:53 . 2010-08-21 05:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2010-08-21 04:53 . 2010-08-21 04:55 -------- d-----w- c:\program files\Winamp
2010-08-21 04:40 . 2010-08-21 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft
2010-08-21 04:40 . 2010-08-21 04:40 -------- d-----w- c:\documents and settings\Owner\Application Data\ESTsoft
2010-08-21 04:39 . 2010-08-21 04:39 -------- d-----w- c:\program files\ESTsoft
2010-08-20 18:21 . 2010-08-20 18:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2010-08-20 18:21 . 2010-08-20 18:22 -------- d-----w- c:\program files\Foxit Software
2010-08-20 18:12 . 2010-08-20 18:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-08-20 18:12 . 2010-08-20 18:12 -------- d-----w- c:\program files\Application Updater
2010-08-20 18:12 . 2010-08-20 18:12 -------- d-----w- c:\program files\pdfforge Toolbar
2010-08-20 18:12 . 2010-08-20 18:12 25046 ----a-w- c:\windows\unins000.dat
2010-08-20 18:12 . 2010-08-20 18:12 722757 ----a-w- c:\windows\unins000.exe
2010-08-20 18:11 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-08-20 18:11 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-08-20 17:55 . 2009-11-05 15:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-08-20 17:55 . 2010-08-20 17:55 -------- d-----w- c:\program files\Acro Software
2010-08-20 02:47 . 2010-08-20 02:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\BlackRiverSoft
2010-08-20 02:30 . 2010-08-20 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\BlackRiverSoft
2010-08-19 00:46 . 2010-08-19 00:46 -------- d-----w- c:\program files\LimeWire
2010-08-19 00:08 . 2010-08-19 00:08 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-08-17 21:42 . 1998-07-14 00:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-08-17 21:42 . 2003-01-26 19:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-08-17 21:42 . 2000-10-02 01:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-08-17 21:42 . 1999-03-26 01:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-08-17 21:42 . 1998-07-13 05:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-08-17 21:42 . 2010-08-19 21:18 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeBurner
2010-08-17 21:42 . 2010-08-17 21:42 -------- d-----w- c:\program files\Free Easy Burner
2010-08-17 21:42 . 1998-07-13 05:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-08-17 21:42 . 1998-07-13 01:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-08-17 21:39 . 2010-08-17 21:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2010-08-17 17:40 . 2010-08-25 13:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WeatherBug
2010-08-17 17:40 . 2010-08-17 17:40 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2010-08-17 17:40 . 2010-08-17 17:40 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2010-08-17 17:40 . 2010-08-17 17:40 11264 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2010-08-15 13:49 . 2010-08-15 13:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 23:03 . 2010-07-12 23:46 -------- d-----w- c:\program files\WindowBlinds
2010-08-29 19:00 . 2010-07-17 14:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 15:09 . 2006-01-05 13:57 12674360 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-29 13:15 . 2010-07-12 22:42 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-08-26 01:46 . 2004-08-04 10:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-08-26 00:19 . 2010-08-26 01:36 218624 ----a-w- c:\windows\system32\OLD45.tmp
2010-08-23 03:42 . 2010-08-01 07:08 -------- d-----w- c:\documents and settings\Owner\Application Data\MeggieSoft Games
2010-08-20 18:23 . 2010-07-12 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2010-08-19 12:15 . 2010-07-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-08-19 00:08 . 2010-08-19 00:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-08-19 00:08 . 2010-08-19 00:08 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-08-19 00:08 . 2010-08-19 00:06 -------- d-----w- c:\program files\Common Files\Real
2010-08-19 00:08 . 2010-08-19 00:06 -------- d-----w- c:\program files\Real
2010-08-19 00:08 . 2010-08-19 00:08 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-19 00:06 . 2010-07-30 09:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-19 00:06 . 2010-07-28 23:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-18 19:58 . 2010-07-12 20:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SolSuite
2010-08-17 20:18 . 2010-07-12 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 08:56 . 2010-07-23 10:16 -------- d-----w- c:\documents and settings\Owner\Application Data\PhotoScape
2010-08-13 20:03 . 2010-07-22 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-08-12 10:39 . 2010-07-14 01:48 -------- d-----w- c:\program files\Java
2010-08-12 07:05 . 2010-07-12 22:35 -------- d-----w- c:\program files\Common Files\Stardock
2010-08-11 05:13 . 2010-08-01 11:31 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-08-10 06:19 . 2010-07-31 11:48 20848 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-09 13:35 . 2010-07-31 11:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-09 01:41 . 2010-07-19 05:19 -------- d-----w- c:\program files\Canon
2010-08-08 13:40 . 2010-07-12 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 16:59 . 2010-07-12 19:49 -------- d-----w- c:\documents and settings\Owner\Application Data\iWin
2010-08-07 03:59 . 2010-08-07 03:59 2914 ----a-w- c:\windows\system32\unins000.dat
2010-08-07 03:59 . 2010-08-07 03:59 716153 ----a-w- c:\windows\system32\unins000.exe
2010-07-31 03:50 . 2010-07-31 03:50 1621424 ----a-w- c:\documents and settings\Owner\Application Data\Simple Money Manager Standard - GAOTD\simplemoneymanagergaotd.exe
2010-07-30 04:02 . 2010-07-12 16:04 -------- d-----w- c:\program files\Intel
2010-07-30 03:52 . 2010-07-30 03:52 -------- d-----w- c:\program files\Realtek AC97
2010-07-29 08:24 . 2010-07-29 08:24 -------- d-----w- c:\program files\Adensoft DVD CD Burner
2010-07-29 00:02 . 2010-07-29 00:02 -------- d-----w- c:\program files\Any Media to MP3 Converter
2010-07-28 23:56 . 2010-07-28 23:56 -------- d-----w- c:\program files\NCH Software
2010-07-28 23:54 . 2010-07-28 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound
2010-07-28 23:36 . 2010-07-28 23:33 -------- d-----w- c:\documents and settings\Owner\Application Data\AnvSoft
2010-07-28 20:54 . 2010-07-28 20:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2010-07-28 20:46 . 2010-07-28 20:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 03:11 . 2010-07-25 06:03 -------- d-----w- c:\program files\Yahoo!
2010-07-25 11:08 . 2010-07-25 11:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Zylom
2010-07-25 10:33 . 2010-07-25 10:33 -------- d-----w- c:\documents and settings\Owner\Application Data\PandoraRecovery
2010-07-24 10:07 . 2010-07-24 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2010-07-23 06:53 . 2010-07-23 06:48 -------- d-----w- c:\program files\SpywareBlaster
2010-07-22 12:22 . 2010-07-22 12:22 -------- d-----w- c:\program files\Bee Icons
2010-07-21 14:11 . 2010-07-21 14:11 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft
2010-07-21 14:04 . 2010-07-21 14:04 -------- d-----w- c:\documents and settings\Owner\Application Data\EleFun Games
2010-07-21 11:49 . 2010-07-21 11:49 -------- d-----w- c:\documents and settings\Owner\Application Data\BitComet
2010-07-21 11:08 . 2010-07-21 10:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Dexpot
2010-07-21 11:06 . 2010-07-20 09:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Desktop Sidebar
2010-07-21 10:20 . 2010-07-21 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\jsi
2010-07-20 07:10 . 2010-07-20 07:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-07-20 07:10 . 2010-07-20 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-19 05:19 . 2010-07-19 05:19 -------- d-----w- c:\program files\Common Files\Canon
2010-07-18 10:54 . 2010-07-18 10:54 -------- d-----w- c:\documents and settings\Owner\Application Data\BrandX Games
2010-07-17 14:15 . 2010-07-17 14:15 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 14:15 . 2010-07-17 14:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-07-17 14:15 . 2010-07-17 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-17 12:00 . 2010-07-14 01:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 08:15 . 2010-07-17 08:15 -------- d-----w- c:\documents and settings\Owner\Application Data\MySpace
2010-07-17 08:15 . 2010-07-17 08:15 -------- d-----w- c:\program files\MySpace
2010-07-14 01:49 . 2010-07-14 01:49 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 23:31 . 2010-07-12 23:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-07-12 20:59 . 2010-07-12 20:59 -------- d-----w- c:\documents and settings\Owner\Application Data\TweakNow PowerPack 2009
2010-07-12 20:56 . 2010-07-12 20:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-12 20:56 . 2010-07-12 20:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-12 20:36 . 2010-07-12 20:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-12 20:21 . 2010-07-12 15:50 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-12 20:11 . 2010-07-12 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames
2010-07-12 20:01 . 2010-07-12 20:01 -------- d-----w- c:\documents and settings\Owner\Application Data\FxFotoDB
2010-07-12 20:00 . 2010-07-12 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\GrassGames
2010-07-12 19:38 . 2010-07-12 19:38 -------- d-----w- c:\program files\Zone Labs
2010-07-12 16:06 . 2010-07-12 16:06 -------- d-----w- c:\program files\Analog Devices
2010-07-12 16:06 . 2010-07-12 16:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-12 15:51 . 2010-07-12 15:51 -------- d-----w- c:\program files\microsoft frontpage
2010-07-12 15:48 . 2010-07-12 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-12 08:00 . 2010-07-12 08:00 -------- d-----w- c:\program files\EASEUS
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 01:47 . 2010-08-29 22:54 116224 ----a-w- c:\windows\system32\~GLH001b.TMP
2010-06-30 01:47 . 2007-08-13 12:49 102469 ----a-w- c:\windows\system32\VBPrnDlg.dll
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 20:51 . 2010-07-12 20:36 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 20:51 . 2010-07-12 20:36 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 20:51 . 2010-07-12 20:36 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-23 20:50 . 2010-06-23 20:50 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 19:08 . 2010-06-16 19:08 772728 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-06-16 19:08 . 2010-06-16 19:08 547960 ----a-w- c:\windows\system32\accesor.dll
2010-06-16 18:26 . 2010-06-16 18:26 129144 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-06-16 17:54 . 2010-06-16 17:54 1771640 ----a-w- c:\windows\system32\ncscolib.dll
2010-06-16 00:06 . 2010-07-29 00:02 153502 ----a-w- c:\windows\system32\libmplayer.dll
2010-06-16 00:05 . 2010-07-29 00:02 5002416 ----a-w- c:\windows\system32\libavcodec.dll
2010-06-14 14:31 . 2010-07-12 15:48 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"avast5"="d:\avasta~1\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 10:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Diskmd3 Reminder]
2010-07-22 18:04 324280 ----a-w- c:\program files\PCPitstop\DiskMD3\Reminder-Diskmd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
2009-06-10 22:26 205552 ----a-w- c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-29 19:00 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
2010-08-09 20:32 1867776 ----a-w- d:\zortam mp3 media studio\zmmspro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"LmHosts"=2 (0x2)
"JavaQuickStarterService"=3 (0x3)
"getPlusHelper"=3 (0x3)
"DefragSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17881:TCP"= 17881:TCP:*:Disabled:BitComet 17881 TCP
"17881:UDP"= 17881:UDP:*:Disabled:BitComet 17881 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 HKDirFlt;Wondershare HKDirFlt;c:\windows\system32\drivers\HKDirFlt.sys [8/25/2010 7:36 PM 33896]
R0 MirDisk;Wondershare Time Freeze;c:\windows\system32\drivers\MirDisk.sys [8/25/2010 7:36 PM 28648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/2/2010 12:46 AM 165456]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [8/10/2007 12:01 PM 191360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/2/2010 12:46 AM 17744]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/25/2010 6:04 AM 66944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/15/2010 6:49 AM 30192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 AM 14336]
S4 DeskSaverService;DeskSaverService; [x]
S4 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/12/2010 1:00 AM 13192]
S4 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/12/2010 1:00 AM 8456]
S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 3:00 AM 14336]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/7/2010 12:18 AM 90352]
S4 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*NewlyCreated* - STYLEXPHELPER
*Deregistered* - Normandy
*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-11 c:\windows\Tasks\GlaryInitialize.job
- d:\glary utilities\initialize.exe [2010-07-21 17:01]

2010-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1364589140-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1364589140-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\All_To_PDF\IEAddon.exe
Trusted Zone: cnet.com\download
Trusted Zone: download.com
Trusted Zone: tgtsoft.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 07:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-1364589140-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="wbsys.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-31 07:24:49
ComboFix-quarantined-files.txt 2010-08-31 14:24
ComboFix2.txt 2010-08-30 11:14
ComboFix3.txt 2010-08-25 09:46

Pre-Run: 167,177,125,888 bytes free
Post-Run: 167,386,963,968 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - CA9907D5B5F4DB05AD1472D5C55E13F6


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:36 AM

Posted 31 August 2010 - 11:46 AM

Please click Start > Run, type sfc /scannow and press enter. Let the system file checker run unhindered. Note: you may be prompted for your XP CD.

When done please let me know what problems you still are having.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:36 AM

Posted 13 September 2010 - 03:32 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:36 AM

Posted 20 September 2010 - 05:51 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users