Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible MBR Rootkit Won't Shutdown


  • This topic is locked This topic is locked
25 replies to this topic

#1 Minty1

Minty1

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 06 January 2011 - 11:55 PM

I have a Sony Vaio XP Pro that was having browser redirects and a false antivirus virus, I ended up with a blue screen error and did a Windows repair.

After the repair, my computer did restart to the desktop. A box showing 2 computers came up saying:

Status

The feature you are trying to use is on a network resource that is unavailable.
Click OK to try again, or enter an alternate path to a folder containing the installation package 'status.msi' in the box below.

Also, a box came up from AVG saying AVG License Error.

I left both boxes open. Then another warning box popped up saying:



Status
C:\DOCUME~1\A***\LOCALS~1\Temp\7zS0B8D\setup\Status\status.msi cannot be found. Verify that you have access to this location and try again. of try to find the installation package 'status.msi' in a folder from which you can install the product Status.

I had tried to load Defogger and dds via USB in order to keep my wi-fi unhooked, but even though it was listed as active in the device manager it was not visible in My Compuuter.

I ran Defogger but was unable to restart after, then I ran DDS. Here is the log:



UPDATE 01/07/11 7:30pm: the following log is from the original post time, however today I saw that the computer HAD restarted to the user name and password screen I clicked to the desktop and the same warning boxes came up. The green Microsoft shield was in the taskbar saying updates had been installed.
I checked the taskmanager just in case it would be helpful at startup. Quite a few applications were using CPU, but msiexec.exe was using between 20-45 CPU. I don't know if that is helpful or not, or if a new DDS scan is necessary so I wanted to make sure to add the info. THANKS!



DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex at 23:31:20.88 on Thu 01/06/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.786 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *Enabled*

============== Running Processes ===============

svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cisco Media Center\AVMediaServer.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\java.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Alex\Desktop\Defogger.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscom~1.lnk - c:\program files\cisco media center\CESAvegaMediaServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137885975266
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\m66q0xny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-2 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-18 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-2 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-23 233136]
R1 SASDIFSV;SASDIFSV;c:\docume~1\alex\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\alex\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-10-27 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-23 198608]
R2 Cisco Media Server;Cisco Media Server;c:\program files\cisco media center\AVMediaServer.exe [2009-5-13 3313280]
R2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\pc tools utilities\tools\defrag\DMDefragSrv.exe [2010-12-28 1034208]
R2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\pc tools utilities\tools\repair\DMRepairSrv.exe [2010-12-28 1021920]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-7-23 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-7-23 818432]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-28 583648]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2005-10-29 9216]
R2 SMS_v3_2_0;SMS_v3_2_0;c:\program files\rosetta stone\sms v3.2.0hs\wrapper.exe [2007-7-12 204800]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-7-23 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-7-23 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-7-23 115216]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-10-25 816672]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-12-4 437760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2010-12-28 107992]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2010-12-28 127352]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-1-21 5036]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
S4 Atsemlrs;Atsemlrs; [x]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]

=============== Created Last 30 ================

2011-01-06 21:33:22 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-01-06 21:33:22 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-01-06 21:33:22 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-01-06 21:33:22 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-01-06 21:33:22 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-01-06 21:33:22 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-01-06 21:33:10 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-01-06 21:33:10 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2011-01-06 21:33:03 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2011-01-06 21:33:02 35328 -c--a-w- c:\windows\system32\dllcache\winchat.exe
2011-01-06 21:33:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-06 21:33:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-06 21:31:58 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2011-01-06 21:30:59 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2011-01-06 21:28:03 -------- d--h--w- c:\program files\WindowsUpdate
2011-01-06 21:27:51 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2011-01-06 21:27:51 11264 ----a-w- c:\windows\system32\atrace.dll
2011-01-06 21:27:50 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-06 21:27:50 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-01-06 19:46:17 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-06 19:39:31 -------- d-----w- c:\windows\LastGood.Tmp
2011-01-06 19:39:26 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 19:39:26 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-06 19:39:26 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-06 19:39:26 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-06 19:39:04 13753 ----a-r- c:\windows\SET15F.tmp
2011-01-06 19:39:00 1086058 ----a-r- c:\windows\SET153.tmp
2011-01-06 19:38:58 1042903 ----a-r- c:\windows\SET150.tmp
2010-12-31 09:01:52 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-31 07:57:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-31 07:57:22 -------- d-----w- c:\docume~1\alex\applic~1\SUPERAntiSpyware.com
2010-12-30 07:11:10 -------- d-----w- c:\docume~1\alex\applic~1\AVG9
2010-12-30 03:20:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-30 03:20:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-29 05:55:36 -------- d-----w- c:\docume~1\alex\applic~1\Malwarebytes
2010-12-29 05:55:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 05:55:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-29 05:55:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 05:55:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 05:14:57 -------- d-----w- c:\program files\common files\eSellerate
2010-12-29 04:15:25 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-28 09:12:18 -------- d-----w- c:\docume~1\alex\applic~1\IObit
2010-12-28 09:12:17 -------- d-----w- c:\program files\IObit
2010-12-28 09:03:38 -------- d-----w- c:\docume~1\alex\applic~1\Registry Mechanic
2010-12-28 09:03:14 -------- d-----w- c:\docume~1\alex\applic~1\PC Tools Performance Toolkit
2010-12-28 08:56:23 127352 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2010-12-28 08:56:23 107992 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2010-12-28 08:56:20 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-28 08:56:20 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-28 08:56:20 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-28 08:56:20 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-28 08:56:14 -------- d-----w- c:\program files\PC Tools Utilities
2010-12-28 04:42:41 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\LogiShrd
2010-12-28 04:28:54 53248 ----a-r- c:\docume~1\alex\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-12-28 04:25:29 -------- d-----w- c:\windows\system32\logishrd
2010-12-28 04:24:59 -------- d-----w- c:\program files\common files\LWS
2010-12-28 04:23:04 59264 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-12-28 04:19:19 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-12-28 02:24:33 -------- d-----r- c:\program files\Skype

==================== Find3M ====================

2010-10-27 15:35:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200822AS rev.3.02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x89CA29C0]<<
_asm { MOV EAX, 0x89ca28e0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x89ca4684; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x89C5CAB8]
\Driver\Disk[0x89C9F580] -> IRP_MJ_CREATE -> 0x89CA29C0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x89ca29c0
user & kernel MBR OK
Warning: possible MBR rootkit infection !

============= FINISH: 23:32:48.54 ===============

Thanks for helping me!

Minty1

Attached Files


Edited by Minty1, 07 January 2011 - 07:33 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 11 January 2011 - 07:50 AM

Hello Minty1 ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 11 January 2011 - 03:48 PM

Thank you Tea, I would LOVE your help.

Here are the new DDS files.

Minty1





DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex at 15:36:19.64 on Tue 01/11/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.666 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cisco Media Center\AVMediaServer.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\java.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe
C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscom~1.lnk - c:\program files\cisco media center\CESAvegaMediaServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137885975266
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\m66q0xny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-2 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-18 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-2 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-7-23 233136]
R1 SASDIFSV;SASDIFSV;c:\docume~1\alex\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\alex\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-10-27 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-23 198608]
R2 Cisco Media Server;Cisco Media Server;c:\program files\cisco media center\AVMediaServer.exe [2009-5-13 3313280]
R2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\pc tools utilities\tools\defrag\DMDefragSrv.exe [2010-12-28 1034208]
R2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\pc tools utilities\tools\repair\DMRepairSrv.exe [2010-12-28 1021920]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-7-23 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-7-23 818432]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-28 583648]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2005-10-29 9216]
R2 SMS_v3_2_0;SMS_v3_2_0;c:\program files\rosetta stone\sms v3.2.0hs\wrapper.exe [2007-7-12 204800]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-7-23 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-7-23 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-7-23 115216]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-10-25 816672]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-12-4 437760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2010-12-28 107992]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2010-12-28 127352]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-1-21 5036]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2008-9-30 453120]
S4 Atsemlrs;Atsemlrs; [x]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]

=============== Created Last 30 ================


==================== Find3M ====================

2010-10-27 15:35:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

============= FINISH: 15:37:47.28 ===============

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 12 January 2011 - 07:41 PM

Hello there,

What exactly is telling you that you have a rootkit? If you have a report, I'd very much like to see it, please.

Let's also do this:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. IF YOU USE AVG IT MUST BE UNINSTALLED OR THIS WILL NOT RUN.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to minty.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 January 2011 - 12:44 AM

Hi, I just thought there might be a rootkit because of the first DDS scan. I had been having browser redirects, false antivirus, couldn't shut down etc.

Since the last time I posted the computer restarted itself saying Windows updates had been installed but I still couldn't do a manual restart after using App Remover to remove AVG.

Now I ran Combofix, it restarted the machine and now it is stuck at Preparing Log Report.

A firewall warning came up saying combofix PEV and Windows Command Processor were trying to access crl dot thawte dot com

Internet Explorer came up on it's own but the page was blank.

Also, the PC Tools Performance Toolkit window popped up and started scanning while Combofix was at preparing the log.

Next, a warning box popped up:

CF27925.cfxxe - No Disk

There is no disk in the drive. Please insert a disk into the drive \Device\Harddisk1\DR2.

I unplugged my wireless adapter and I will wait to hear back from you before I do anything else.

Thank you so much.

Minty1

Edited by Minty1, 13 January 2011 - 12:45 AM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 13 January 2011 - 07:38 AM

Hello there,

Okay....did you run anything after the initial DDS? The second one says no rootkit, so that's why I asked. I thought perhaps something else was still warning of a rootkit.

Also, the directions I gave you for ComboFix ask that you disable ALL protective programs so that it can run properly. This is why you had such problems running it.

Look in C:\ComboFix.txt for the report.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 January 2011 - 01:31 PM

Tea,

Sorry about not turning the firewall off, I should've realized that.

I didn't run anything between the two dds logs.

Here is the Combofix.txt then the Combofix log that came up today after I replugged in the wireless adapter.


ComboFix 11-01-11.03 - Alex 01/12/2011 23:25:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.781 [GMT -5:00]
Running from: C:\Documents and Settings\Alex\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WD
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\BackupRules.xml
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\b4103942-5c3e-437a-8d96-8c789f758d79-errors.db3
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\b4103942-5c3e-437a-8d96-8c789f758d79-inq.db3
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\b4103942-5c3e-437a-8d96-8c789f758d79-preinq.db3
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\B4103942-5C3E-437A-8D96-8C789F758D79.xml
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\manifest.db3
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-24.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-25.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-26.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-27.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-30.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-31.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-24.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-26.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-27.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-30.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-31.log
C:\Documents and Settings\All Users\Application Data\WD\WD Anywhere Backup\sourceq.db3
C:\Program Files\wd
C:\Program Files\wd\WD Anywhere Backup\config\Applications.xml
C:\Program Files\wd\WD Anywhere Backup\config\BackMeUp.xml
C:\Program Files\wd\WD Anywhere Backup\config\blacklist.txt
C:\Program Files\wd\WD Anywhere Backup\config\BMUConfigWizard.xml
C:\Program Files\wd\WD Anywhere Backup\config\Branding.xml
C:\Program Files\wd\WD Anywhere Backup\config\DefaultRules.xml
C:\Program Files\wd\WD Anywhere Backup\config\ErrorDescriptions.xml
C:\Program Files\wd\WD Anywhere Backup\config\images\1Off.png
C:\Program Files\wd\WD Anywhere Backup\config\images\1On.png
C:\Program Files\wd\WD Anywhere Backup\config\images\2Off.png
C:\Program Files\wd\WD Anywhere Backup\config\images\2On.png
C:\Program Files\wd\WD Anywhere Backup\config\images\3Off.png
C:\Program Files\wd\WD Anywhere Backup\config\images\3On.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AppLogo.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup16.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup16.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup32.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup32.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup48.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackupApp.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackupSysTrayIcons.png
C:\Program Files\wd\WD Anywhere Backup\config\images\ButtonImage.png
C:\Program Files\wd\WD Anywhere Backup\config\images\BuyNow.png
C:\Program Files\wd\WD Anywhere Backup\config\images\CopyApps.png
C:\Program Files\wd\WD Anywhere Backup\config\images\FileTransfer.gif
C:\Program Files\wd\WD Anywhere Backup\config\images\harddisk.png
C:\Program Files\wd\WD Anywhere Backup\config\images\harddisk_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\iPod.png
C:\Program Files\wd\WD Anywhere Backup\config\images\iPod_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\LeftPanelBackground.png
C:\Program Files\wd\WD Anywhere Backup\config\images\MioNet.png
C:\Program Files\wd\WD Anywhere Backup\config\images\network.png
C:\Program Files\wd\WD Anywhere Backup\config\images\network_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\PoweredByMemeo.png
C:\Program Files\wd\WD Anywhere Backup\config\images\PoweredByMemeoSmall.png
C:\Program Files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.bmp
C:\Program Files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.png
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderHardDisk.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProvideriPod.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderNetwork.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderRemovable.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderSwapDrive.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\removable.png
C:\Program Files\wd\WD Anywhere Backup\config\images\removable_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\Restore16.png
C:\Program Files\wd\WD Anywhere Backup\config\images\Restore32.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\Restore48.png
C:\Program Files\wd\WD Anywhere Backup\config\images\RestoreApp.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\SelectedProviderHighlight.jpg
C:\Program Files\wd\WD Anywhere Backup\config\images\swapdrive.png
C:\Program Files\wd\WD Anywhere Backup\config\images\swapdrive_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\TopPanelBackground.png
C:\Program Files\wd\WD Anywhere Backup\config\Locale.xml
C:\Program Files\wd\WD Anywhere Backup\config\OCRBranding.xml
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\AppLogo.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\ButtonImage.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\PoweredByMemeo.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\ProtectYourDigitalLife.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\Restore32.ico
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\Restore48.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\TopPanelBackground.png
C:\Program Files\wd\WD Anywhere Backup\config\rssuserprefs.xml
C:\Program Files\wd\WD Anywhere Backup\config\Tanagra.iPod.DefaultRules.xml
C:\Program Files\wd\WD Anywhere Backup\config\Tanagra.ShutterFly.DefaultRules.xml
C:\Program Files\wd\WD Anywhere Backup\config\UserFileTypeOptions.xml
C:\Program Files\wd\WD Anywhere Backup\ConfigManager.xml
C:\Program Files\wd\WD Anywhere Backup\DevComponents.DotNetBar.dll
C:\Program Files\wd\WD Anywhere Backup\docs\MemeoAutoBackupUserGuide.htm
C:\Program Files\wd\WD Anywhere Backup\eWebClient.dll
C:\Program Files\wd\WD Anywhere Backup\ICSharpCode.SharpZipLib.dll
C:\Program Files\wd\WD Anywhere Backup\InstUtil.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.eWebControl.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.Outlook.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.ProfMan.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.Redemption.dll
C:\Program Files\wd\WD Anywhere Backup\license.txt
C:\Program Files\wd\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoBackup.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher2.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher2.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoOneClickRestore.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoRestore.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoRestore.exe.config
C:\Program Files\wd\WD Anywhere Backup\Microsoft.Web.Services.dll
C:\Program Files\wd\WD Anywhere Backup\Microsoft.Windows.Forms.Navigation.dll
C:\Program Files\wd\WD Anywhere Backup\MSVCR71D.dll
C:\Program Files\wd\WD Anywhere Backup\NamedPipes.dll
C:\Program Files\wd\WD Anywhere Backup\OCR.exe
C:\Program Files\wd\WD Anywhere Backup\OCR.exe.config
C:\Program Files\wd\WD Anywhere Backup\ProfMan.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FileCopyBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FTPBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.HardDiskBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.iPodBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.RemovableStorageBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.ShutterflyBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.SwapDriveBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\RegisteredProviders.xml
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FTPBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.iPodBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.RemovableStorageBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.ShutterflyBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.SwapDriveBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\Rebex.Net.Ftp.dll
C:\Program Files\wd\WD Anywhere Backup\Rebex.Net.ProxySocket.dll
C:\Program Files\wd\WD Anywhere Backup\Redemption.dll
C:\Program Files\wd\WD Anywhere Backup\SQLite.NET.dll
C:\Program Files\wd\WD Anywhere Backup\sqlite3.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.BMU.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.DataClad.DataAccess.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.DataClad.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.Interop.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.Third-party.Security.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.Utility.dll
C:\Program Files\wd\WD Anywhere Backup\XMLSettings.dll
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 03:55:46 . 2011-01-13 03:55:46 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2011-01-06 21:33:22 . 2004-08-04 12:00:00 4677 -c--a-w- C:\WINDOWS\system32\dllcache\zeeverm.dll
2011-01-06 21:33:22 . 2004-08-04 12:00:00 41029 -c--a-w- C:\WINDOWS\system32\dllcache\zcorem.dll
2011-01-06 21:33:22 . 2004-08-04 12:00:00 36937 -c--a-w- C:\WINDOWS\system32\dllcache\zclientm.exe
2011-01-06 21:33:22 . 2004-08-04 12:00:00 29760 -c--a-w- C:\WINDOWS\system32\dllcache\znetm.dll
2011-01-06 21:33:22 . 2004-08-04 12:00:00 13894 -c--a-w- C:\WINDOWS\system32\dllcache\zonelibm.dll
2011-01-06 21:33:22 . 2004-08-04 12:00:00 113222 -c--a-w- C:\WINDOWS\system32\dllcache\zoneclim.dll
2011-01-06 21:33:10 . 2004-08-04 12:00:00 5632 -c--a-w- C:\WINDOWS\system32\dllcache\write.exe
2011-01-06 21:33:10 . 2004-08-04 12:00:00 214528 -c--a-w- C:\WINDOWS\system32\dllcache\wordpad.exe
2011-01-06 21:33:03 . 2004-08-04 12:00:00 119808 -c--a-w- C:\WINDOWS\system32\dllcache\winmine.exe
2011-01-06 21:33:02 . 2004-08-04 12:00:00 35328 -c--a-w- C:\WINDOWS\system32\dllcache\winchat.exe
2011-01-06 21:33:00 . 2004-08-04 12:00:00 41600 -c--a-w- C:\WINDOWS\system32\dllcache\weitekp9.dll
2011-01-06 21:33:00 . 2004-08-04 12:00:00 31232 -c--a-w- C:\WINDOWS\system32\dllcache\weitekp9.sys
2011-01-06 21:31:58 . 2004-08-04 12:00:00 343040 -c--a-w- C:\WINDOWS\system32\dllcache\mspaint.exe
2011-01-06 21:30:59 . 2004-08-04 12:00:00 539136 -c--a-w- C:\WINDOWS\system32\dllcache\dialer.exe
2011-01-06 21:29:30 . 2011-01-06 21:29:34 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
2011-01-06 21:27:51 . 2004-08-04 12:00:00 11264 -c--a-w- C:\WINDOWS\system32\dllcache\atrace.dll
2011-01-06 21:27:51 . 2004-08-04 12:00:00 11264 ----a-w- C:\WINDOWS\system32\atrace.dll
2011-01-06 21:27:50 . 2004-08-04 12:00:00 16384 -c--a-w- C:\WINDOWS\system32\dllcache\isignup.exe
2011-01-06 21:27:50 . 2004-08-04 12:00:00 16384 ----a-w- C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-06 19:46:17 . 2004-08-04 03:59:42 5504 ----a-w- C:\WINDOWS\system32\drivers\intelide.sys
2011-01-06 19:39:26 . 2004-08-04 12:00:00 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll
2011-01-06 19:39:26 . 2004-08-04 12:00:00 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll
2011-01-06 19:39:26 . 2004-08-04 12:00:00 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll
2011-01-06 19:39:26 . 2004-08-04 12:00:00 13312 ----a-w- C:\WINDOWS\system32\irclass.dll
2011-01-06 19:39:04 . 2004-08-04 12:00:00 13753 ----a-r- C:\WINDOWS\SET15F.tmp
2011-01-06 19:39:00 . 2004-08-04 12:00:00 1086058 ----a-r- C:\WINDOWS\SET153.tmp
2011-01-06 19:38:58 . 2004-08-04 12:00:00 1042903 ----a-r- C:\WINDOWS\SET150.tmp
2010-12-31 09:01:52 . 2010-12-31 09:01:52 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2010-12-31 07:57:22 . 2010-12-31 07:57:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-31 07:57:22 . 2010-12-31 07:57:22 -------- d-----w- C:\Documents and Settings\Alex\Application Data\SUPERAntiSpyware.com
2010-12-30 07:11:10 . 2010-12-30 07:11:10 -------- d-----w- C:\Documents and Settings\Alex\Application Data\AVG9
2010-12-30 03:20:00 . 2010-12-30 03:20:00 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2010-12-29 05:55:36 . 2010-12-29 05:55:36 -------- d-----w- C:\Documents and Settings\Alex\Application Data\Malwarebytes
2010-12-29 05:55:29 . 2010-12-29 05:55:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-12-29 05:55:29 . 2010-12-20 23:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-29 05:55:26 . 2010-12-29 05:55:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-29 05:55:26 . 2010-12-20 23:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-29 05:14:57 . 2010-12-29 05:14:57 -------- d-----w- C:\Program Files\Common Files\eSellerate
2010-12-29 04:15:25 . 2010-12-30 07:09:52 -------- d-----w- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-12-28 09:12:18 . 2010-12-28 09:12:18 -------- d-----w- C:\Documents and Settings\Alex\Application Data\IObit
2010-12-28 09:12:17 . 2010-12-28 09:12:17 -------- d-----w- C:\Program Files\IObit
2010-12-28 09:03:38 . 2010-12-28 09:03:38 -------- d-----w- C:\Documents and Settings\Alex\Application Data\Registry Mechanic
2010-12-28 09:03:14 . 2010-12-28 09:03:14 -------- d-----w- C:\Documents and Settings\Alex\Application Data\PC Tools Performance Toolkit
2010-12-28 08:56:23 . 2010-08-20 22:21:40 127352 ----a-w- C:\WINDOWS\system32\drivers\PCTDSMon.sys
2010-12-28 08:56:23 . 2010-08-20 22:21:38 107992 ----a-w- C:\WINDOWS\system32\drivers\PCTDMDefrag.sys
2010-12-28 08:56:20 . 2010-08-26 20:43:52 37344 ----a-w- C:\WINDOWS\system32\CleanMFT32.exe
2010-12-28 08:56:20 . 2008-04-02 20:54:20 1101824 ----a-w- C:\WINDOWS\system32\UniBox210.ocx
2010-12-28 08:56:20 . 2008-04-02 20:53:50 212992 ----a-w- C:\WINDOWS\system32\UniBoxVB12.ocx
2010-12-28 08:56:20 . 2008-04-02 20:53:36 880640 ----a-w- C:\WINDOWS\system32\UniBox10.ocx
2010-12-28 08:56:14 . 2010-12-29 03:12:07 -------- d-----w- C:\Program Files\PC Tools Utilities
2010-12-28 04:48:47 . 2010-12-30 01:04:30 -------- d-----w- C:\Documents and Settings\Alex\Application Data\skypePM
2010-12-28 04:43:47 . 2010-12-28 04:43:48 -------- d-----w- C:\Documents and Settings\All Users\Application Data\LogiShrd
2010-12-28 04:42:41 . 2010-12-28 04:42:41 -------- d-----w- C:\Documents and Settings\Alex\Local Settings\Application Data\LogiShrd
2010-12-28 04:28:54 . 2010-12-28 04:28:54 53248 ----a-r- C:\Documents and Settings\Alex\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-28 04:25:29 . 2011-01-13 04:33:35 -------- d-----w- C:\WINDOWS\system32\logishrd
2010-12-28 04:25:08 . 2010-12-28 04:25:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Logitech
2010-12-28 04:24:59 . 2010-12-28 04:24:59 -------- d-----w- C:\Program Files\Common Files\LWS
2010-12-28 04:24:24 . 2010-12-28 04:31:54 -------- d-----w- C:\Program Files\Common Files\LogiShrd
2010-12-28 04:23:04 . 2004-08-04 04:07:56 59264 ----a-w- C:\WINDOWS\system32\drivers\usbaudio.sys
2010-12-28 04:19:19 . 2004-08-04 05:56:58 20992 ----a-w- C:\WINDOWS\system32\dshowext.ax
2010-12-28 02:24:36 . 2010-12-28 02:24:36 -------- d-----w- C:\Program Files\Common Files\Skype
2010-12-28 02:24:33 . 2010-12-28 02:25:06 -------- d-----r- C:\Program Files\Skype
2010-12-28 02:24:31 . 2010-12-30 01:18:28 -------- d-----w- C:\Documents and Settings\Alex\Application Data\Skype
2010-12-28 02:24:21 . 2010-12-28 02:24:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 15:35:26 . 2010-10-27 15:35:26 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-12-17 20:25:56 . 2009-08-24 04:48:39 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47:00 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 16:47:00 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 23:23:34 102400]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-12 19:45:27 67128]
"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe" [2010-10-29 20:06:08 5915480]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 21:19:34 2402512]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 06:00:00 45056]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 23:25:28 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 16:34:06 122880]
"CTHelper"="CTHELPER.EXE" [2005-10-30 00:31:06 16384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-10 01:46:20 180269]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 11:59:10 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 04:46:24 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 17:45:26 49152]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 22:06:40 642856]
"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 17:05:02 233304]
"WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 21:12:08 430080]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 21:34:50 213936]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 02:17:32 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-11 04:08:18 417792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-02-15 23:07:02 141608]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 15:43:18 248040]
"Reader Library Launcher"="C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 13:27:58 906656]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 15:41:00 3168216]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 09:47:04 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 04:07:44 932288]
"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 23:35:22 165208]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 17:01:56 88209]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 22:45:52 61952]

C:\Documents and Settings\Alex\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - C:\Program Files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Media Server.lnk - C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe [2009-5-13 1453696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-2-14 434176]
NETGEAR WNDA3100 Smart Wizard.lnk - C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815]

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Alex\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=C:\Documents and Settings\Alex\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk





ComboFix 11-01-11.03 - Alex 01/12/2011 23:25:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.781 [GMT -5:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\WD
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\BackupRules.xml
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\b4103942-5c3e-437a-8d96-8c789f758d79-errors.db3
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\b4103942-5c3e-437a-8d96-8c789f758d79-inq.db3
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\b4103942-5c3e-437a-8d96-8c789f758d79-preinq.db3
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\B4103942-5C3E-437A-8D96-8C789F758D79.xml
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\B4103942-5C3E-437A-8D96-8C789F758D79\manifest.db3
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-24.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-25.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-26.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-27.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-30.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoBackup.exe.log-2009-8-31.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-24.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-26.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-27.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-30.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\logs\MemeoLauncher.exe.log-2009-8-31.log
c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\sourceq.db3
c:\program files\wd
c:\program files\wd\WD Anywhere Backup\config\Applications.xml
c:\program files\wd\WD Anywhere Backup\config\BackMeUp.xml
c:\program files\wd\WD Anywhere Backup\config\blacklist.txt
c:\program files\wd\WD Anywhere Backup\config\BMUConfigWizard.xml
c:\program files\wd\WD Anywhere Backup\config\Branding.xml
c:\program files\wd\WD Anywhere Backup\config\DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\ErrorDescriptions.xml
c:\program files\wd\WD Anywhere Backup\config\images\1Off.png
c:\program files\wd\WD Anywhere Backup\config\images\1On.png
c:\program files\wd\WD Anywhere Backup\config\images\2Off.png
c:\program files\wd\WD Anywhere Backup\config\images\2On.png
c:\program files\wd\WD Anywhere Backup\config\images\3Off.png
c:\program files\wd\WD Anywhere Backup\config\images\3On.png
c:\program files\wd\WD Anywhere Backup\config\images\AppLogo.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup16.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup16.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup48.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupSysTrayIcons.png
c:\program files\wd\WD Anywhere Backup\config\images\ButtonImage.png
c:\program files\wd\WD Anywhere Backup\config\images\BuyNow.png
c:\program files\wd\WD Anywhere Backup\config\images\CopyApps.png
c:\program files\wd\WD Anywhere Backup\config\images\FileTransfer.gif
c:\program files\wd\WD Anywhere Backup\config\images\harddisk.png
c:\program files\wd\WD Anywhere Backup\config\images\harddisk_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\LeftPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\images\MioNet.png
c:\program files\wd\WD Anywhere Backup\config\images\network.png
c:\program files\wd\WD Anywhere Backup\config\images\network_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\PoweredByMemeo.png
c:\program files\wd\WD Anywhere Backup\config\images\PoweredByMemeoSmall.png
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.bmp
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.png
c:\program files\wd\WD Anywhere Backup\config\images\ProviderHardDisk.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProvideriPod.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderNetwork.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderRemovable.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderSwapDrive.ico
c:\program files\wd\WD Anywhere Backup\config\images\removable.png
c:\program files\wd\WD Anywhere Backup\config\images\removable_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore16.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore32.ico
c:\program files\wd\WD Anywhere Backup\config\images\Restore48.png
c:\program files\wd\WD Anywhere Backup\config\images\RestoreApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\SelectedProviderHighlight.jpg
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive.png
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\TopPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\Locale.xml
c:\program files\wd\WD Anywhere Backup\config\OCRBranding.xml
c:\program files\wd\WD Anywhere Backup\config\OCRImages\AppLogo.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\ButtonImage.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\PoweredByMemeo.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\ProtectYourDigitalLife.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\Restore32.ico
c:\program files\wd\WD Anywhere Backup\config\OCRImages\Restore48.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\TopPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\rssuserprefs.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.iPod.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.ShutterFly.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\UserFileTypeOptions.xml
c:\program files\wd\WD Anywhere Backup\ConfigManager.xml
c:\program files\wd\WD Anywhere Backup\DevComponents.DotNetBar.dll
c:\program files\wd\WD Anywhere Backup\docs\MemeoAutoBackupUserGuide.htm
c:\program files\wd\WD Anywhere Backup\eWebClient.dll
c:\program files\wd\WD Anywhere Backup\ICSharpCode.SharpZipLib.dll
c:\program files\wd\WD Anywhere Backup\InstUtil.dll
c:\program files\wd\WD Anywhere Backup\Interop.eWebControl.dll
c:\program files\wd\WD Anywhere Backup\Interop.Outlook.dll
c:\program files\wd\WD Anywhere Backup\Interop.ProfMan.dll
c:\program files\wd\WD Anywhere Backup\Interop.Redemption.dll
c:\program files\wd\WD Anywhere Backup\license.txt
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoOneClickRestore.exe
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe.config
c:\program files\wd\WD Anywhere Backup\Microsoft.Web.Services.dll
c:\program files\wd\WD Anywhere Backup\Microsoft.Windows.Forms.Navigation.dll
c:\program files\wd\WD Anywhere Backup\MSVCR71D.dll
c:\program files\wd\WD Anywhere Backup\NamedPipes.dll
c:\program files\wd\WD Anywhere Backup\OCR.exe
c:\program files\wd\WD Anywhere Backup\OCR.exe.config
c:\program files\wd\WD Anywhere Backup\ProfMan.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FileCopyBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FTPBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.HardDiskBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.iPodBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.RemovableStorageBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.ShutterflyBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.SwapDriveBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\RegisteredProviders.xml
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FTPBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.iPodBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.RemovableStorageBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.ShutterflyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.SwapDriveBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.Ftp.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.ProxySocket.dll
c:\program files\wd\WD Anywhere Backup\Redemption.dll
c:\program files\wd\WD Anywhere Backup\SQLite.NET.dll
c:\program files\wd\WD Anywhere Backup\sqlite3.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.BMU.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.DataAccess.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Interop.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Third-party.Security.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Utility.dll
c:\program files\wd\WD Anywhere Backup\XMLSettings.dll
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 03:55 . 2011-01-13 03:55 -------- d-----w- c:\windows\LastGood.Tmp
2011-01-06 21:33 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-01-06 21:33 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-01-06 21:33 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-01-06 21:33 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-01-06 21:33 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-01-06 21:33 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-01-06 21:33 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-01-06 21:33 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2011-01-06 21:33 . 2004-08-04 12:00 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2011-01-06 21:33 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\winchat.exe
2011-01-06 21:33 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-06 21:33 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-06 21:31 . 2004-08-04 12:00 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2011-01-06 21:30 . 2004-08-04 12:00 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2011-01-06 21:29 . 2011-01-06 21:29 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-01-06 21:27 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2011-01-06 21:27 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll
2011-01-06 21:27 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-06 21:27 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-06 19:46 . 2004-08-04 03:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-06 19:39 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 19:39 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-06 19:39 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-06 19:39 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-06 19:39 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET15F.tmp
2011-01-06 19:39 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET153.tmp
2011-01-06 19:38 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET150.tmp
2010-12-31 09:01 . 2010-12-31 09:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-31 07:57 . 2010-12-31 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-31 07:57 . 2010-12-31 07:57 -------- d-----w- c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com
2010-12-30 07:11 . 2010-12-30 07:11 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG9
2010-12-30 03:20 . 2010-12-30 03:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-29 05:55 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 05:55 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 05:14 . 2010-12-29 05:14 -------- d-----w- c:\program files\Common Files\eSellerate
2010-12-29 04:15 . 2010-12-30 07:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-28 09:12 . 2010-12-28 09:12 -------- d-----w- c:\documents and settings\Alex\Application Data\IObit
2010-12-28 09:12 . 2010-12-28 09:12 -------- d-----w- c:\program files\IObit
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\documents and settings\Alex\Application Data\Registry Mechanic
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\documents and settings\Alex\Application Data\PC Tools Performance Toolkit
2010-12-28 08:56 . 2010-08-20 22:21 127352 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2010-12-28 08:56 . 2010-08-20 22:21 107992 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2010-12-28 08:56 . 2010-08-26 20:43 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-28 08:56 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-28 08:56 . 2008-04-02 20:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-28 08:56 . 2008-04-02 20:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-28 08:56 . 2010-12-29 03:12 -------- d-----w- c:\program files\PC Tools Utilities
2010-12-28 04:48 . 2010-12-30 01:04 -------- d-----w- c:\documents and settings\Alex\Application Data\skypePM
2010-12-28 04:43 . 2010-12-28 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-12-28 04:42 . 2010-12-28 04:42 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\LogiShrd
2010-12-28 04:28 . 2010-12-28 04:28 53248 ----a-r- c:\documents and settings\Alex\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-28 04:25 . 2011-01-13 04:33 -------- d-----w- c:\windows\system32\logishrd
2010-12-28 04:25 . 2010-12-28 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-12-28 04:24 . 2010-12-28 04:24 -------- d-----w- c:\program files\Common Files\LWS
2010-12-28 04:24 . 2010-12-28 04:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-12-28 04:23 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-12-28 04:19 . 2004-08-04 05:56 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-12-28 02:24 . 2010-12-28 02:24 -------- d-----w- c:\program files\Common Files\Skype
2010-12-28 02:24 . 2010-12-28 02:25 -------- d-----r- c:\program files\Skype
2010-12-28 02:24 . 2010-12-30 01:18 -------- d-----w- c:\documents and settings\Alex\Application Data\Skype
2010-12-28 02:24 . 2010-12-28 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 15:35 . 2010-10-27 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-17 20:25 . 2009-08-24 04:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-12 67128]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"CTHelper"="CTHELPER.EXE" [2005-10-30 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-10 180269]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Media Server.lnk - c:\program files\Cisco Media Center\CESAvegaMediaServer.exe [2009-5-13 1453696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-14 434176]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815]

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creative MediaSource Go!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creative MediaSource Go!.lnk
backup=c:\windows\pss\Creative MediaSource Go!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 17:01 88209 -c--a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-13 21:00 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 17:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
2005-12-23 05:20 57344 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2004-11-30 16:00 135168 ----a-w- c:\program files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-10-30 00:31 18944 -c--a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-08-12 22:45 61952 -c--a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-12-16 01:38 50792 ----a-w- c:\program files\Common Files\AOL\1138334109\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-05-22 00:11 221184 -c--a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-05-07 21:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-16 23:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-07-10 01:46 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c--a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138334109\\ee\\aolsoftware.exe"=
"c:\\Documents and Settings\\Alex\\My Documents\\Valve\\Steam\\SteamApps\\str8killer\\day of defeat\\hl.exe"=
"c:\\Documents and Settings\\Alex\\My Documents\\Valve\\Steam\\SteamApps\\str8killer\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\LEGO Media\\Games\\LEGO Chess\\Lego Chess.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\server.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Rosetta Stone.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Discover.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\admin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/23/2010 4:30 PM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/23/2010 4:32 PM 198608]
R2 Cisco Media Server;Cisco Media Server;c:\program files\Cisco Media Center\AVMediaServer.exe [5/13/2009 12:00 PM 3313280]
R2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [12/28/2010 3:56 AM 1034208]
R2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [12/28/2010 3:56 AM 1021920]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [7/23/2010 4:30 PM 88040]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/28/2010 3:56 AM 583648]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [10/29/2005 7:40 PM 9216]
R2 SMS_v3_2_0;SMS_v3_2_0;c:\program files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe [7/12/2007 2:42 PM 204800]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 4:12 PM 102400]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [10/25/2010 4:44 PM 816672]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/23/2010 4:34 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/23/2010 4:34 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/23/2010 4:34 PM 115216]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [12/4/2007 11:37 AM 437760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [12/28/2010 3:56 AM 107992]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [12/28/2010 3:56 AM 127352]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [1/21/2006 10:55 PM 5036]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [9/30/2008 3:24 AM 453120]
S4 Atsemlrs;Atsemlrs; [x]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/3/2006 5:47 PM 664064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-13 c:\windows\Tasks\PTSchedule.job
- c:\program files\PC Tools Utilities\pt.exe [2010-12-28 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\m66q0xny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SoundMan - SOUNDMAN.EXE
HKLM-Run-SBDrvDet - c:\program files\Creative\SB Drive Det\SBDrvDet.exe
Notify-avgrsstarter - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EA Link\Core.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-HydraVisionDesktopManager - c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\program files\Logitech\Video\LogiTray.exe
AddRemove-Sierra Uninstall - c:\sierra\SETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7f,18,19,6e,0a,4d,30,75,ed,3d,5c,03,71,08,95,c8,37,60,e5,4a,d0,
93,e9,30,18,0c,92,b4,aa,44,5e,97,e8,23,96,dd,9a,70,d0,08,48,0f,b2,af,ac,9c,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7f,18,19,6e,0a,4d,30,75,ed,3d,5c,03,71,08,95,c8,37,60,e5,4a,d0,
93,e9,30,18,0c,92,b4,aa,44,5e,97,e8,23,96,dd,9a,70,d0,08,48,0f,b2,af,ac,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(320)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5080)
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe
c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\windows\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe
c:\windows\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe
.
**************************************************************************
.
Completion time: 2011-01-13 13:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-13 18:22

Pre-Run: 27,373,850,624 bytes free
Post-Run: 26,795,053,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - AE4CE09FF02FCAC38CA6218FF1E40241



Thanks again,

Minty1

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 13 January 2011 - 03:36 PM

Hello,

Those logs are duplicates.....is there another? :)

Go to Add/Remove Programs and uninstall anything to do with Ask. It's junk and usually gets installed without user's knowledge.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8074
Firefox::
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\m66q0xny.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 January 2011 - 04:49 PM

tea,

I disabled firewall this time so it went much smoother. :thumbsup:

The log in the last post was the only one as far as I know.

Minty1



ComboFix 11-01-12.04 - Alex 01/13/2011 16:28:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.757 [GMT -5:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000038_.tmp.dll
c:\windows\system32\_000039_.tmp.dll
c:\windows\system32\_000040_.tmp.dll
c:\windows\system32\ms.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 18:21 . 2011-01-13 18:41 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-13 08:00 . 2011-01-13 08:00 -------- d-----w- c:\windows\LastGood
2011-01-13 04:00 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\SET308.tmp
2011-01-13 03:59 . 2009-08-21 09:46 450560 ------w- c:\windows\system32\SET2C3.tmp
2011-01-13 03:58 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-13 03:58 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:57 . 2009-03-06 14:44 283648 ----a-w- c:\windows\system32\SET36A.tmp
2011-01-13 03:57 . 2005-07-26 04:39 60416 ----a-w- c:\windows\system32\SET36B.tmp
2011-01-13 03:57 . 2009-02-09 10:20 399360 ----a-w- c:\windows\system32\SET369.tmp
2011-01-13 03:57 . 2009-02-09 10:20 473088 ----a-w- c:\windows\system32\wbem\SET36E.tmp
2011-01-13 03:57 . 2009-02-09 10:20 453120 ----a-w- c:\windows\system32\wbem\SET36D.tmp
2011-01-13 03:57 . 2009-02-06 16:39 227840 ----a-w- c:\windows\system32\wbem\SET36C.tmp
2011-01-13 03:57 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 03:57 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 03:57 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 03:57 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-13 03:56 . 2008-10-15 16:57 332800 ----a-w- c:\windows\system32\SET24C.tmp
2011-01-06 21:33 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-01-06 21:33 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-01-06 21:33 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-01-06 21:33 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-01-06 21:33 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-01-06 21:33 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-01-06 21:33 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-01-06 21:33 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2011-01-06 21:33 . 2004-08-04 12:00 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2011-01-06 21:33 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\winchat.exe
2011-01-06 21:33 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-06 21:33 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-06 21:31 . 2004-08-04 12:00 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2011-01-06 21:30 . 2004-08-04 12:00 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2011-01-06 21:29 . 2011-01-06 21:29 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-01-06 21:27 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2011-01-06 21:27 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll
2011-01-06 21:27 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-06 21:27 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-06 19:46 . 2004-08-04 03:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-06 19:39 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 19:39 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-06 19:39 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-06 19:39 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-06 19:39 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET15F.tmp
2011-01-06 19:39 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET153.tmp
2011-01-06 19:38 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET150.tmp
2010-12-31 09:01 . 2010-12-31 09:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-31 07:57 . 2010-12-31 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-31 07:57 . 2010-12-31 07:57 -------- d-----w- c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com
2010-12-30 07:11 . 2010-12-30 07:11 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG9
2010-12-30 03:20 . 2010-12-30 03:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-29 05:55 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 05:55 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 05:14 . 2010-12-29 05:14 -------- d-----w- c:\program files\Common Files\eSellerate
2010-12-29 04:15 . 2010-12-30 07:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-28 09:12 . 2010-12-28 09:12 -------- d-----w- c:\documents and settings\Alex\Application Data\IObit
2010-12-28 09:12 . 2010-12-28 09:12 -------- d-----w- c:\program files\IObit
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\documents and settings\Alex\Application Data\Registry Mechanic
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\documents and settings\Alex\Application Data\PC Tools Performance Toolkit
2010-12-28 08:56 . 2010-08-20 22:21 127352 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2010-12-28 08:56 . 2010-08-20 22:21 107992 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2010-12-28 08:56 . 2010-08-26 20:43 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-28 08:56 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-28 08:56 . 2008-04-02 20:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-28 08:56 . 2008-04-02 20:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-28 08:56 . 2010-12-29 03:12 -------- d-----w- c:\program files\PC Tools Utilities
2010-12-28 04:48 . 2010-12-30 01:04 -------- d-----w- c:\documents and settings\Alex\Application Data\skypePM
2010-12-28 04:43 . 2010-12-28 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-12-28 04:42 . 2010-12-28 04:42 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\LogiShrd
2010-12-28 04:28 . 2010-12-28 04:28 53248 ----a-r- c:\documents and settings\Alex\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-28 04:25 . 2011-01-13 04:33 -------- d-----w- c:\windows\system32\logishrd
2010-12-28 04:25 . 2010-12-28 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-12-28 04:24 . 2010-12-28 04:24 -------- d-----w- c:\program files\Common Files\LWS
2010-12-28 04:24 . 2010-12-28 04:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-12-28 04:23 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-12-28 04:19 . 2004-08-04 05:56 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-12-28 02:24 . 2010-12-28 02:24 -------- d-----w- c:\program files\Common Files\Skype
2010-12-28 02:24 . 2010-12-28 02:25 -------- d-----r- c:\program files\Skype
2010-12-28 02:24 . 2010-12-30 01:18 -------- d-----w- c:\documents and settings\Alex\Application Data\Skype
2010-12-28 02:24 . 2010-12-28 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 15:35 . 2010-10-27 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-17 20:25 . 2009-08-24 04:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-12 67128]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"CTHelper"="CTHELPER.EXE" [2005-10-30 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-10 180269]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Media Server.lnk - c:\program files\Cisco Media Center\CESAvegaMediaServer.exe [2009-5-13 1453696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-14 434176]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815]

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creative MediaSource Go!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creative MediaSource Go!.lnk
backup=c:\windows\pss\Creative MediaSource Go!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 17:01 88209 -c--a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-13 21:00 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 17:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
2005-12-23 05:20 57344 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2004-11-30 16:00 135168 ----a-w- c:\program files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-10-30 00:31 18944 -c--a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-08-12 22:45 61952 -c--a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-12-16 01:38 50792 ----a-w- c:\program files\Common Files\AOL\1138334109\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-05-22 00:11 221184 -c--a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-05-07 21:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-16 23:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-07-10 01:46 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c--a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138334109\\ee\\aolsoftware.exe"=
"c:\\Documents and Settings\\Alex\\My Documents\\Valve\\Steam\\SteamApps\\str8killer\\day of defeat\\hl.exe"=
"c:\\Documents and Settings\\Alex\\My Documents\\Valve\\Steam\\SteamApps\\str8killer\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\LEGO Media\\Games\\LEGO Chess\\Lego Chess.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\server.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Rosetta Stone.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Discover.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\admin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/23/2010 4:30 PM 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/23/2010 4:32 PM 198608]
R2 Cisco Media Server;Cisco Media Server;c:\program files\Cisco Media Center\AVMediaServer.exe [5/13/2009 12:00 PM 3313280]
R2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [12/28/2010 3:56 AM 1034208]
R2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [12/28/2010 3:56 AM 1021920]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [7/23/2010 4:30 PM 88040]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/28/2010 3:56 AM 583648]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [10/29/2005 7:40 PM 9216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 4:12 PM 102400]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [10/25/2010 4:44 PM 816672]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/23/2010 4:34 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/23/2010 4:34 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/23/2010 4:34 PM 115216]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
S2 SMS_v3_2_0;SMS_v3_2_0;c:\program files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe [7/12/2007 2:42 PM 204800]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [12/4/2007 11:37 AM 437760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [12/28/2010 3:56 AM 107992]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [12/28/2010 3:56 AM 127352]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [1/21/2006 10:55 PM 5036]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [9/30/2008 3:24 AM 453120]
S4 Atsemlrs;Atsemlrs; [x]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/3/2006 5:47 PM 664064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-13 c:\windows\Tasks\PTSchedule.job
- c:\program files\PC Tools Utilities\pt.exe [2010-12-28 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\m66q0xny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 16:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7f,18,19,6e,0a,4d,30,75,ed,3d,5c,03,71,08,95,c8,37,60,e5,4a,d0,
93,e9,30,18,0c,92,b4,aa,44,5e,97,e8,23,96,dd,9a,70,d0,08,48,0f,b2,af,ac,9c,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7f,18,19,6e,0a,4d,30,75,ed,3d,5c,03,71,08,95,c8,37,60,e5,4a,d0,
93,e9,30,18,0c,92,b4,aa,44,5e,97,e8,23,96,dd,9a,70,d0,08,48,0f,b2,af,ac,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(320)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-13 16:37:14
ComboFix-quarantined-files.txt 2011-01-13 21:37
ComboFix2.txt 2011-01-13 18:22

Pre-Run: 26,219,225,088 bytes free
Post-Run: 26,173,259,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - DA223828E38BB722077634CC4833282B

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 13 January 2011 - 05:27 PM

Glad to know it. :thumbup2:

How is it running now please? :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 January 2011 - 11:01 PM

So far seems almost perfect. I did a scan with Avira and it found 10 items and 3 hidden objects. I went ahead and let them be quarantined them. I didn't want to post that log without checking with you first. Quite a few of the items are like this one

C:\Documents and Settings\Alex\My Documents\Sony\Welcome to VAIO life\Internet Services.exe
[DETECTION] Is the TR/Drop.Agent.yhe.6 Trojan

How do I tell if it really a trojan or just a Welcome to Sony thing.

Firefox works fine, IE won't open, says it has a problem and needs to shut down.


Thanks!

Minty1

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 13 January 2011 - 11:21 PM

Ho there,

I'd like to have a look at a file, please. :)

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Copy and paste the following filepath in the box:

    c:\documents and settings\Alex\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
c:\windows\system32\SET308.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\wbem\SET36E.tmp
c:\windows\system32\wbem\SET36D.tmp
c:\windows\system32\wbem\SET36C.tmp
c:\windows\system32\SET24C.tmp
c:\windows\SET15F.tmp
c:\windows\SET153.tmp
c:\windows\SET150.tmp


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 January 2011 - 11:28 PM

Thanks for the quick reply again!

Here's the first part:


Filename: ARPPRODUCTICON.exe
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sun 15 Aug 2010 01:30:50 (CET) Permalink

Additional info
File size: 53248 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 906f5592cd68267e58456b6260f07320
SHA1: a2674d68c8dea3c09efa749ba56968da1665a21e

off to do part two now.


Minty1

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:29 PM

Posted 13 January 2011 - 11:32 PM

Excellent....post when you're ready. I wanted to be sure that file was good, as there are some reports of it being bad. Yours is fine, as you can see. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Minty1

Minty1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 January 2011 - 11:51 PM

Thanks, I can't tell you how much I appreciate your help!

:wizard:



ComboFix 11-01-13.01 - Alex 01/13/2011 23:35:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.759 [GMT -5:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\windows\SET150.tmp"
"c:\windows\SET153.tmp"
"c:\windows\SET15F.tmp"
"c:\windows\system32\SET24C.tmp"
"c:\windows\system32\SET2C3.tmp"
"c:\windows\system32\SET308.tmp"
"c:\windows\system32\SET369.tmp"
"c:\windows\system32\SET36A.tmp"
"c:\windows\system32\SET36B.tmp"
"c:\windows\system32\wbem\SET36C.tmp"
"c:\windows\system32\wbem\SET36D.tmp"
"c:\windows\system32\wbem\SET36E.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SET150.tmp
c:\windows\SET153.tmp
c:\windows\SET15F.tmp
L:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-13 23:21 . 2011-01-14 00:54 -------- d-----w- c:\windows\system32\NtmsData
2011-01-13 23:20 . 2011-01-13 23:20 -------- d-----w- c:\documents and settings\Alex\Application Data\Avira
2011-01-13 23:15 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-13 23:15 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-13 23:15 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-01-13 23:15 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-01-13 23:15 . 2011-01-13 23:15 -------- d-----w- c:\program files\Avira
2011-01-13 23:15 . 2011-01-13 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-01-13 18:21 . 2011-01-13 18:41 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-13 03:58 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-13 03:58 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-13 03:57 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-13 03:57 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-13 03:57 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-13 03:57 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-06 21:33 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-01-06 21:33 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2011-01-06 21:33 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2011-01-06 21:33 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2011-01-06 21:33 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-01-06 21:33 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-01-06 21:33 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-01-06 21:33 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2011-01-06 21:33 . 2004-08-04 12:00 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2011-01-06 21:33 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\winchat.exe
2011-01-06 21:33 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-06 21:33 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-06 21:31 . 2004-08-04 12:00 343040 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2011-01-06 21:30 . 2004-08-04 12:00 539136 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2011-01-06 21:29 . 2011-01-06 21:29 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-01-06 21:27 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2011-01-06 21:27 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atrace.dll
2011-01-06 21:27 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-06 21:27 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-06 19:46 . 2004-08-04 03:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-06 19:39 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-06 19:39 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-06 19:39 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-06 19:39 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-31 09:01 . 2010-12-31 09:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-31 07:57 . 2010-12-31 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-31 07:57 . 2010-12-31 07:57 -------- d-----w- c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com
2010-12-30 07:11 . 2010-12-30 07:11 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG9
2010-12-30 03:20 . 2010-12-30 03:20 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-29 05:55 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 05:55 . 2010-12-29 05:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 05:55 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 05:14 . 2010-12-29 05:14 -------- d-----w- c:\program files\Common Files\eSellerate
2010-12-29 04:15 . 2010-12-30 07:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-28 09:12 . 2010-12-28 09:12 -------- d-----w- c:\documents and settings\Alex\Application Data\IObit
2010-12-28 09:12 . 2010-12-28 09:12 -------- d-----w- c:\program files\IObit
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\documents and settings\Alex\Application Data\Registry Mechanic
2010-12-28 09:03 . 2010-12-28 09:03 -------- d-----w- c:\documents and settings\Alex\Application Data\PC Tools Performance Toolkit
2010-12-28 08:56 . 2010-08-20 22:21 127352 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2010-12-28 08:56 . 2010-08-20 22:21 107992 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2010-12-28 08:56 . 2010-08-26 20:43 37344 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-12-28 08:56 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-12-28 08:56 . 2008-04-02 20:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-12-28 08:56 . 2008-04-02 20:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-12-28 08:56 . 2010-12-29 03:12 -------- d-----w- c:\program files\PC Tools Utilities
2010-12-28 04:48 . 2010-12-30 01:04 -------- d-----w- c:\documents and settings\Alex\Application Data\skypePM
2010-12-28 04:43 . 2010-12-28 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-12-28 04:42 . 2010-12-28 04:42 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\LogiShrd
2010-12-28 04:28 . 2010-12-28 04:28 53248 ----a-r- c:\documents and settings\Alex\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-28 04:25 . 2011-01-13 23:08 -------- d-----w- c:\windows\system32\logishrd
2010-12-28 04:25 . 2010-12-28 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-12-28 04:24 . 2010-12-28 04:24 -------- d-----w- c:\program files\Common Files\LWS
2010-12-28 04:24 . 2010-12-28 04:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-12-28 04:23 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-12-28 04:19 . 2004-08-04 05:56 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-12-28 02:24 . 2010-12-28 02:24 -------- d-----w- c:\program files\Common Files\Skype
2010-12-28 02:24 . 2010-12-28 02:25 -------- d-----r- c:\program files\Skype
2010-12-28 02:24 . 2010-12-30 01:18 -------- d-----w- c:\documents and settings\Alex\Application Data\Skype
2010-12-28 02:24 . 2010-12-28 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 15:35 . 2010-10-27 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-17 20:25 . 2009-08-24 04:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-13_21.34.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-01-13 23:08 . 2011-01-13 23:08 16384 c:\windows\Temp\Perflib_Perfdata_3d4.dat
+ 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\raschap.dll
+ 2001-08-23 12:00 . 2011-01-13 22:45 83476 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-01-06 21:43 83476 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\mqise.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-04 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
+ 2011-01-13 23:15 . 2010-06-17 19:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2004-08-04 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2006-01-21 23:47 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\atl.dll
+ 2004-08-04 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2011-01-13 22:55 . 2007-03-06 01:22 14048 c:\windows\$NtUninstallKB932823-v3$\spmsg.dll
+ 2011-01-13 22:55 . 2007-03-06 01:22 22752 c:\windows\$NtUninstallKB932823-v3$\spcustom.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 4608 c:\windows\system32\mqsvc.exe
+ 2004-08-04 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2006-01-21 22:24 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-01-21 22:24 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-01-21 22:24 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 112128 c:\windows\system32\rastls.dll
+ 2004-08-04 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
- 2001-08-23 12:00 . 2011-01-06 21:43 469540 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2011-01-13 22:45 469540 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 266752 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll
+ 2004-08-04 12:00 . 2008-02-26 11:59 294912 c:\windows\system32\msctf.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 471552 c:\windows\system32\mqutil.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-04 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-04 12:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 177152 c:\windows\system32\mqrt.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 225280 c:\windows\system32\mqoa.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 12:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2006-01-21 17:03 . 2011-01-06 21:38 156360 c:\windows\system32\FNTCACHE.DAT
+ 2006-01-21 17:03 . 2011-01-13 22:41 156360 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
- 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 12:00 . 2008-02-26 11:59 294912 c:\windows\system32\dllcache\msctf.dll
+ 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
+ 2011-01-13 23:12 . 2011-01-13 23:12 219648 c:\windows\Installer\2879f.msi
+ 2004-08-04 12:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2011-01-13 22:55 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB932823-v3$\updspapi.dll
+ 2011-01-13 22:55 . 2007-03-06 01:22 716000 c:\windows\$NtUninstallKB932823-v3$\update.exe
+ 2011-01-13 22:55 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB932823-v3$\spuninst.exe
- 2008-06-10 01:02 . 2004-08-04 05:56 294400 c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2008-06-10 01:02 . 2004-08-04 12:00 294400 c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll
+ 2006-01-21 23:49 . 2011-01-04 22:20 37403080 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-12 67128]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"CTHelper"="CTHELPER.EXE" [2005-10-30 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-10 180269]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Media Server.lnk - c:\program files\Cisco Media Center\CESAvegaMediaServer.exe [2009-5-13 1453696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-14 434176]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815]

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Alex\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creative MediaSource Go!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creative MediaSource Go!.lnk
backup=c:\windows\pss\Creative MediaSource Go!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 17:01 88209 -c--a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-13 21:00 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 17:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
2005-12-23 05:20 57344 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2004-11-30 16:00 135168 ----a-w- c:\program files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-10-30 00:31 18944 -c--a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-08-12 22:45 61952 -c--a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-12-16 01:38 50792 ----a-w- c:\program files\Common Files\AOL\1138334109\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-05-22 00:11 221184 -c--a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-05-07 21:54 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-16 23:25 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-07-10 01:46 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c--a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4DedicatedServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1138334109\\ee\\aolsoftware.exe"=
"c:\\Documents and Settings\\Alex\\My Documents\\Valve\\Steam\\SteamApps\\str8killer\\day of defeat\\hl.exe"=
"c:\\Documents and Settings\\Alex\\My Documents\\Valve\\Steam\\SteamApps\\str8killer\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\LEGO Media\\Games\\LEGO Chess\\Lego Chess.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\server.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Rosetta Stone.exe"=
"c:\\Program Files\\Rosetta Stone\\RS2.2.1.0Asms\\Discover.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\SMS v3.2.0hs\\admin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [7/23/2010 4:30 PM 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/13/2011 6:15 PM 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/23/2010 4:32 PM 198608]
R2 Cisco Media Server;Cisco Media Server;c:\program files\Cisco Media Center\AVMediaServer.exe [5/13/2009 12:00 PM 3313280]
R2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [12/28/2010 3:56 AM 1034208]
R2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [12/28/2010 3:56 AM 1021920]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [7/23/2010 4:30 PM 88040]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/28/2010 3:56 AM 583648]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [10/29/2005 7:40 PM 9216]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 4:12 PM 102400]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [10/25/2010 4:44 PM 816672]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [7/23/2010 4:34 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [7/23/2010 4:34 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [7/23/2010 4:34 PM 115216]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Alex\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
S2 SMS_v3_2_0;SMS_v3_2_0;c:\program files\Rosetta Stone\SMS v3.2.0hs\wrapper.exe [7/12/2007 2:42 PM 204800]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.sys [12/4/2007 11:37 AM 437760]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [12/28/2010 3:56 AM 107992]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [12/28/2010 3:56 AM 127352]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [1/21/2006 10:55 PM 5036]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [9/30/2008 3:24 AM 453120]
S4 Atsemlrs;Atsemlrs; [x]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/3/2006 5:47 PM 664064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - NTMSSVC
*NewlyCreated* - SWPRV
*NewlyCreated* - VSS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-13 c:\windows\Tasks\PTSchedule.job
- c:\program files\PC Tools Utilities\pt.exe [2010-12-28 20:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\m66q0xny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 23:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7f,18,19,6e,0a,4d,30,75,ed,3d,5c,03,71,08,95,c8,37,60,e5,4a,d0,
93,e9,30,18,0c,92,b4,aa,44,5e,97,e8,23,96,dd,9a,70,d0,08,48,0f,b2,af,ac,9c,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7f,18,19,6e,0a,4d,30,75,ed,3d,5c,03,71,08,95,c8,37,60,e5,4a,d0,
93,e9,30,18,0c,92,b4,aa,44,5e,97,e8,23,96,dd,9a,70,d0,08,48,0f,b2,af,ac,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(340)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-13 23:45:24
ComboFix-quarantined-files.txt 2011-01-14 04:45
ComboFix2.txt 2011-01-13 21:37
ComboFix3.txt 2011-01-13 18:22

Pre-Run: 25,759,862,784 bytes free
Post-Run: 25,725,009,920 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - DBBF50B4F02C79CFCF42BD7ED37C3069




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users