I think this problem of mine isn't hard to solve. I have this problem like the one posted by nikki. Everytime I open my PC, a prompt keeps appearing saying something like cannot find script sowar and something. Another thing is that whenever I open my Internet Explorer redtube.com automatically appears. But I have already resolved that "redtube.com thing". But I'm still worried because the SoWar Browser thing is still bugging up the title bar of my IE Browser. Hoping for your response. Thanks for the help.

Hello ryan_07,

Welcome to Geeks to Go! My name is Fred21543 and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, so I ask for your patience.
Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.

yeah that's alright... i feel secure now that i have you to help me fix my problem...

here is my log by the way...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:55 AM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F2 - REG:system.ini: UserInit=userinit.exe,Auto.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [SilentSoftech] C:\WINDOWS\system32\SilentSoftech.exe
O4 - HKLM\..\Run: [BCROReminder] C:\Program Files\ByteCrusher\RegistryOptimax\BCRO.exe -rem
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKLM\..\Run: [RawOs] wscript.exe "C:\WINDOWS\sowar.vbs"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E07AXLRD_10823640] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BCROReminder] C:\Program Files\ByteCrusher\RegistryOptimax\BCRO.exe -rem
O4 - HKLM\..\Policies\Explorer\Run: [dllcache32.exe] C:\Documents and Settings\All Users\Application Data\dllcache32.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11874 bytes


This post has been edited by ryan_07: Nov 2 2008, 09:09 PM

Please do not edit future posts, because I might look at your post before it is edited, and that could create some confusion between us. Thanks

1)

Please open HiJackThis and click Do a System Scan Only. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F2 - REG:system.ini: UserInit=userinit.exe,Auto.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SilentSoftech] C:\WINDOWS\system32\SilentSoftech.exe
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKLM\..\Run: [RawOs] wscript.exe "C:\WINDOWS\sowar.vbs"
O4 - HKLM\..\Policies\Explorer\Run: [dllcache32.exe] C:\Documents and Settings\All Users\Application Data\dllcache32.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2)

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

3)

I noticed you are running a registry cleaning program. This is not a good idea, as messing with the registry can be potentially dangerous to your computer. I would recommend you uninstall RegistryOptimax
I also recommend you uninstall AskToolbar. Ask’s business practices are questionable at best, and how good of intentions they have is open to debate.

If you decide to remove these programs, please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

AskToolbar
RegistryOptimax

4)

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

* When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

5)

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

In summary I need to see the following logs:
-ComboFix.txt
-New HijackThis log
-Virscan.org results

I thank you for the help...

But I cannot post here the log from VirScan because a prompt keeps saying that the file path doesn't exist.

Here is the log from the ComboFix:

ComboFix 08-11-07.01 - Zamora Famiy 2008-11-08 20:34:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.378 [GMT -8:00]
Running from: c:\documents and settings\Zamora Famiy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PERSONAL FILES\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Zamora Famiy\Application Data\rhc53jj0ee81
c:\program files\rhc53jj0ee81
c:\windows\system32\AutoRun.inf
c:\windows\system32\autorun.ini
c:\windows\system32\setting.ini
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-08 19:56 . 2008-10-03 13:46 262,144 --a------ c:\program files\Uninstall Ask Toolbar.dll
2008-11-08 19:34 . 2008-11-08 19:34 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-07 20:21 . 2008-11-07 20:21 <DIR> d-------- C:\logs
2008-11-07 20:21 . 2008-11-07 20:21 <DIR> d-------- c:\documents and settings\Zamora Famiy\ChikkaDefault
2008-11-07 20:20 . 2008-11-07 20:20 <DIR> d-------- c:\program files\Chikka Messenger
2008-11-01 14:32 . 2008-11-01 14:33 <DIR> d-------- c:\program files\ERUNT
2008-11-01 14:00 . 2008-11-01 14:00 <DIR> d-------- C:\rsit
2008-11-01 14:00 . 2008-11-03 10:11 <DIR> d-------- c:\program files\trend micro
2008-10-29 19:18 . 2008-10-29 19:18 <DIR> d--h-c--- c:\windows\ie8
2008-10-28 13:28 . 2008-10-28 13:28 <DIR> d-------- c:\program files\Microsoft
2008-10-24 15:53 . 2008-10-15 08:53 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2008-10-16 18:46 . 2007-07-09 05:16 582,656 --------- c:\windows\system32\DllCache\rpcrt4.dll
2008-10-16 16:43 . 2006-08-21 01:14 128,896 --------- c:\windows\system32\DllCache\fltmgr.sys
2008-10-16 16:43 . 2006-08-21 01:14 23,040 --------- c:\windows\system32\DllCache\fltmc.exe
2008-10-16 16:43 . 2006-08-21 04:21 16,896 --------- c:\windows\system32\DllCache\fltlib.dll
2008-10-16 16:15 . 2008-08-14 01:57 2,185,984 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2008-10-16 16:15 . 2008-08-14 01:55 2,142,720 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2008-10-16 16:15 . 2008-08-14 01:18 2,062,976 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2008-10-16 16:15 . 2008-08-14 01:18 2,020,864 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2008-10-16 15:06 . 2008-08-28 02:35 333,056 --------- c:\windows\system32\DllCache\srv.sys
2008-10-16 08:58 . 2008-10-16 08:58 <DIR> d--hs---- c:\documents and settings\Zamora Famiy\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 04:35 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\Skype
2008-11-08 04:20 --------- d-----w c:\program files\AudioGrabber
2008-11-08 04:12 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\skypePM
2008-11-06 19:39 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\LimeWire
2008-11-06 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-08 05:05 --------- d-----w c:\program files\Common Files\Ahead
2008-10-08 05:02 --------- d-----w c:\program files\Nero
2008-10-08 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-05 19:57 --------- d-----w c:\documents and settings\PERSONAL FILES\Application Data\Skinux
2008-10-04 18:23 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\Skinux
2008-10-04 18:20 --------- d-----w c:\program files\Kodak
2008-10-04 18:20 --------- d-----w c:\program files\Common Files\Kodak
2008-10-04 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-10-03 21:58 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\MP3Rocket
2008-10-03 21:46 --------- d---a-w c:\program files\AskSBar
2008-10-03 21:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-03 21:32 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\ByteCrusher
2008-10-01 18:21 --------- d-----w c:\program files\Easy File Sharing Web Server
2008-10-01 17:01 --------- d-----w c:\program files\Zuma
2008-09-30 03:07 --------- d-----w c:\program files\Google
2008-09-27 21:03 --------- d-----w c:\program files\CA Yahoo! Anti-Spy
2008-09-27 20:41 0 --sha-r C:\SilentSoftech.exe
2008-09-27 20:30 --------- d-----w c:\program files\Common Files\Scanner
2008-09-15 12:17 1,846,912 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:17 1,846,912 ------w c:\windows\system32\DllCache\win32k.sys
2008-09-12 22:08 --------- d-----w c:\program files\MSXML 6.0
2008-09-09 23:23 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\BearShare
2008-08-30 14:41 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-08-22 10:16 637,984 ------w c:\windows\system32\DllCache\iexplore.exe
2008-08-22 10:10 11,985,408 ----a-w c:\windows\system32\DllCache\ieframe.dll
2008-08-22 10:09 5,699,584 ----a-w c:\windows\system32\DllCache\mshtml.dll
2008-08-22 10:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 10:08 878,592 ----a-w c:\windows\system32\DllCache\wininet.dll
2008-08-22 10:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 10:08 43,008 ------w c:\windows\system32\DllCache\licmgr10.dll
2008-08-22 10:08 236,544 ------w c:\windows\system32\DllCache\webcheck.dll
2008-08-22 10:08 1,206,784 ----a-w c:\windows\system32\DllCache\urlmon.dll
2008-08-22 10:07 755,200 ------w c:\windows\system32\DllCache\VGX.dll
2008-08-22 10:07 193,536 ----a-w c:\windows\system32\DllCache\msrating.dll
2008-08-22 10:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 10:07 18,944 ------w c:\windows\system32\DllCache\corpol.dll
2008-08-22 10:07 116,224 ------w c:\windows\system32\DllCache\occache.dll
2008-08-22 10:07 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-08-22 10:05 70,656 ----a-w c:\windows\system32\DllCache\mshtmled.dll
2008-08-22 10:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 10:04 45,568 ------w c:\windows\system32\DllCache\mshta.exe
2008-08-22 10:00 68,608 ------w c:\windows\system32\DllCache\hmmapi.dll
2008-08-22 09:57 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-22 09:57 156,160 ------w c:\windows\system32\DllCache\msls31.dll
2008-08-22 09:42 443,392 ----a-w c:\windows\system32\DllCache\ieapfltr.dll
2008-08-14 09:55 2,142,720 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\DllCache\afd.sys
2008-08-14 09:18 2,020,864 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-01-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-06-28 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"VMonitorVMUVC"="c:\program files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe" [2007-11-08 135168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"nwiz"="nwiz.exe" [2006-10-30 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-12 44544]

c:\documents and settings\Zamora Famiy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-12-14 03:13 7095344 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-01 16:42 10752 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-30 76040]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-11-08 250240]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49cad5d2-7715-11dd-961e-001d92429bee}]
\Shell\AutoRun\command - Auto.exe %1
\Shell\Explore\command - Auto.exe %1
\Shell\Open\command - Auto.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79188143-9285-11dd-96b2-001d92429bee}]
\Shell\AutoRun\command - F:\bar311.exe %1
\Shell\Explore\command - F:\bar311.exe %1
\Shell\Open\command - F:\bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{891091e0-654b-11dd-95be-001d92429bee}]
\Shell\Auto\command - F:\Recycled/dllcache32.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - F:\Recycled/dllcache32.exe
\Shell\open\Command - F:\Recycled/dllcache32.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\At1.job
- c:\windows\system32\blastclnnn.exe []

2008-11-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2008-08-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2008-11-01 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 12:27]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-E07AXLRD_10823640 - c:\program files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE
HKCU-Run-BCROReminder - c:\program files\ByteCrusher\RegistryOptimax\BCRO.exe
HKLM-Run-BCROReminder - c:\program files\ByteCrusher\RegistryOptimax\BCRO.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Zamora Famiy\Application Data\Mozilla\Firefox\Profiles\pna8m2gh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft\Office Live\npOLW.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 20:35:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\ZAMORA~1\LOCALS~1\Temp\RGI417.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-11-08 20:36:31
ComboFix-quarantined-files.txt 2008-11-09 04:36:14

Pre-Run: 27,948,228,608 bytes free
Post-Run: 28,047,142,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

238 --- E O F --- 2008-10-30 04:37:28


Here is the log from the HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:42 PM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9788 bytes

I hope I can help you doing your deed...

This post has been edited by ryan_07: Nov 8 2008, 06:45 AM

Ahmm.. can I ask if this problem of mine is resolved? I mean if it is over....?

I think it is... the SoWar Browser Problem I've reported is not bugging my PC anymore...

Thanks

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

1)

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

2)
Please download Malwarebytes' Anti-Malware from Here or Here


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3)
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

4)
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

In summary I need to see;
-ComboFix log
-MBAM log
-Kaspersky log

Note: It is likely that these logs may not fit into one reply. If that's the case, please split them up into multiple replies and ensure that you've posted the contents of the logs to the last line.

HERE IS THE LOG FROM ComboFix:

ComboFix 08-11-12.02 - Zamora Famiy 2008-11-14 19:21:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480 [GMT -8:00]
Running from: c:\documents and settings\Zamora Famiy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zamora Famiy\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\ZAMORA~1\LOCALS~1\Temp\RGI417.tmp
c:\documents and settings\All Users\Application Data\dllcache32.exe
C:\SilentSoftech.exe
c:\windows\auto.exe
c:\windows\scvhost.exe
c:\windows\sowar.vbs
c:\windows\SysRes.vbs
c:\windows\system32\blastclnnn.exe
c:\windows\system32\msnsc.exe
c:\windows\Tasks\At1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SilentSoftech.exe
c:\windows\system32\msnsc.exe
c:\windows\Tasks\At1.job

.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-13 13:38 . 2008-11-13 13:38 <DIR> d--h-c--- c:\windows\ie8
2008-11-13 02:06 . 2008-11-13 02:06 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-09 20:26 . 2008-11-09 20:26 <DIR> d---s---- c:\documents and settings\Zamora Famiy\UserData
2008-11-08 19:34 . 2008-11-08 19:34 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-07 20:21 . 2008-11-07 20:21 <DIR> d-------- C:\logs
2008-11-07 20:21 . 2008-11-07 20:21 <DIR> d-------- c:\documents and settings\Zamora Famiy\ChikkaDefault
2008-11-01 14:32 . 2008-11-01 14:33 <DIR> d-------- c:\program files\ERUNT
2008-11-01 14:00 . 2008-11-01 14:00 <DIR> d-------- C:\rsit
2008-11-01 14:00 . 2008-11-13 11:22 <DIR> d-------- c:\program files\trend micro
2008-10-28 13:28 . 2008-10-28 13:28 <DIR> d-------- c:\program files\Microsoft
2008-10-24 15:53 . 2008-10-15 08:53 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2008-10-16 18:46 . 2007-07-09 05:16 582,656 --------- c:\windows\system32\DllCache\rpcrt4.dll
2008-10-16 16:43 . 2006-08-21 01:14 128,896 --------- c:\windows\system32\DllCache\fltmgr.sys
2008-10-16 16:43 . 2006-08-21 01:14 23,040 --------- c:\windows\system32\DllCache\fltmc.exe
2008-10-16 16:43 . 2006-08-21 04:21 16,896 --------- c:\windows\system32\DllCache\fltlib.dll
2008-10-16 16:15 . 2008-08-14 01:57 2,185,984 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2008-10-16 16:15 . 2008-08-14 01:55 2,142,720 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2008-10-16 16:15 . 2008-08-14 01:18 2,062,976 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2008-10-16 16:15 . 2008-08-14 01:18 2,020,864 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2008-10-16 15:06 . 2008-08-28 02:35 333,056 --------- c:\windows\system32\DllCache\srv.sys
2008-10-16 08:58 . 2008-10-16 08:58 <DIR> d--hs---- c:\documents and settings\Zamora Famiy\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 23:02 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\Skype
2008-11-14 03:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-13 08:03 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\skypePM
2008-11-09 21:13 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\LimeWire
2008-11-08 04:20 --------- d-----w c:\program files\AudioGrabber
2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:25 455,936 ------w c:\windows\system32\DllCache\mrxsmb.sys
2008-10-08 05:05 --------- d-----w c:\program files\Common Files\Ahead
2008-10-08 05:02 --------- d-----w c:\program files\Nero
2008-10-08 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-05 19:57 --------- d-----w c:\documents and settings\PERSONAL FILES\Application Data\Skinux
2008-10-04 18:23 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\Skinux
2008-10-04 18:20 --------- d-----w c:\program files\Kodak
2008-10-04 18:20 --------- d-----w c:\program files\Common Files\Kodak
2008-10-04 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-10-03 21:58 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\MP3Rocket
2008-10-03 21:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-03 21:32 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\ByteCrusher
2008-10-01 18:21 --------- d-----w c:\program files\Easy File Sharing Web Server
2008-10-01 17:01 --------- d-----w c:\program files\Zuma
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 03:07 --------- d-----w c:\program files\Google
2008-09-27 20:30 --------- d-----w c:\program files\Common Files\Scanner
2008-09-15 12:17 1,846,912 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:17 1,846,912 ------w c:\windows\system32\DllCache\win32k.sys
2008-09-06 07:30 241,704 ------w c:\windows\system32\DllCache\wgaLogon.dll
2008-09-06 07:29 917,032 ------w c:\windows\system32\DllCache\WgaTray.exe
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\DllCache\msxml3.dll
2008-08-30 14:41 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-08-30 04:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-22 11:16 637,984 ------w c:\windows\system32\DllCache\iexplore.exe
2008-08-22 11:15 1,216,512 ----a-w c:\windows\system32\DllCache\SET6E.tmp
2008-08-22 11:14 2,651,968 ----a-w c:\windows\inf\SET9D.tmp
2008-08-22 11:10 11,985,408 ----a-w c:\windows\system32\DllCache\SET6D.tmp
2008-08-22 11:10 11,985,408 ----a-w c:\windows\system32\DllCache\ieframe.dll
2008-08-22 11:09 5,699,584 ----a-w c:\windows\system32\SETDA.tmp
2008-08-22 11:09 5,699,584 ----a-w c:\windows\system32\DllCache\SET88.tmp
2008-08-22 11:09 5,699,584 ----a-w c:\windows\system32\DllCache\mshtml.dll
2008-08-22 11:07 755,200 ------w c:\windows\system32\DllCache\VGX.dll
2008-08-22 11:07 193,536 ----a-w c:\windows\system32\SETDF.tmp
2008-08-22 11:07 193,536 ----a-w c:\windows\system32\DllCache\SET8D.tmp
2008-08-22 11:07 193,536 ----a-w c:\windows\system32\DllCache\msrating.dll
2008-08-22 11:07 18,944 ----a-w c:\windows\system32\SETBB.tmp
2008-08-22 11:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 11:07 18,944 ------w c:\windows\system32\DllCache\corpol.dll
2008-08-22 11:07 116,224 ----a-w c:\windows\system32\SETE1.tmp
2008-08-22 11:07 116,224 ------w c:\windows\system32\DllCache\occache.dll
2008-08-22 11:07 105,984 ----a-w c:\windows\system32\SETE6.tmp
2008-08-22 11:07 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-08-22 11:05 70,656 ----a-w c:\windows\system32\SETDC.tmp
2008-08-22 11:04 66,560 ----a-w c:\windows\system32\SETE4.tmp
2008-08-22 11:04 45,568 ----a-w c:\windows\system32\SETD9.tmp
2008-08-22 11:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 11:04 45,568 ------w c:\windows\system32\DllCache\mshta.exe
2008-08-22 11:04 1,659,392 ----a-w c:\windows\system32\SETDB.tmp
2008-08-22 11:00 68,608 ------w c:\windows\system32\DllCache\hmmapi.dll
2008-08-22 10:57 156,160 ----a-w c:\windows\system32\SETDE.tmp
2008-08-22 10:57 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-22 10:57 156,160 ------w c:\windows\system32\DllCache\msls31.dll
2008-08-22 10:49 56,413 ----a-w c:\windows\system32\SETCF.tmp
2008-08-22 10:42 443,392 ----a-w c:\windows\system32\DllCache\SET6C.tmp
2008-08-22 10:42 443,392 ----a-w c:\windows\system32\DllCache\ieapfltr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_20.36.00.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 10:16:39 454,400 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:25:29 455,936 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\11-14-2008\ERDNT.EXE
+ 2008-11-15 02:55:53 4,464,640 ----a-w c:\windows\ERDNT\11-14-2008\Users\00000001\NTUSER.DAT
+ 2008-11-15 02:55:53 184,320 ----a-w c:\windows\ERDNT\11-14-2008\Users\00000002\UsrClass.dat
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\11-8-2008\ERDNT.EXE
+ 2008-11-09 04:57:40 4,227,072 ----a-w c:\windows\ERDNT\11-8-2008\Users\00000001\NTUSER.DAT
+ 2008-11-09 04:57:40 184,320 ----a-w c:\windows\ERDNT\11-8-2008\Users\00000002\UsrClass.dat
- 2008-08-22 10:21:04 49,736 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
+ 2008-08-22 11:21:04 49,736 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
- 2008-06-12 18:27:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
+ 2008-06-12 19:27:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
- 2008-06-12 18:28:00 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-06-12 19:28:00 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-11-13 10:06:37 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-17 19:37:05 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-13 03:25:30 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-17 19:37:05 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-13 03:25:30 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-17 19:37:05 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-13 03:25:30 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-17 19:37:05 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-13 03:25:30 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-17 19:37:05 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-13 03:25:30 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-17 19:37:05 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-13 03:25:30 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-17 19:37:05 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-13 03:25:30 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-17 19:37:06 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-13 03:25:30 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-17 19:37:05 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-13 03:25:30 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-17 19:37:05 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-13 03:25:30 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-17 19:37:06 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-13 03:25:30 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-17 19:37:05 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-13 03:25:30 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-17 19:37:05 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-13 03:25:30 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-22 10:06:30 72,704 ----a-w c:\windows\system32\admparse.dll
+ 2008-08-22 11:06:30 72,704 ----a-w c:\windows\system32\admparse.dll
- 2008-08-22 10:06:16 128,512 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-22 11:06:16 128,512 ----a-w c:\windows\system32\advpack.dll
- 2008-08-22 10:06:30 72,704 ------w c:\windows\system32\DllCache\admparse.dll
+ 2008-08-22 11:06:30 72,704 ------w c:\windows\system32\DllCache\admparse.dll
- 2008-08-22 10:06:16 128,512 ------w c:\windows\system32\DllCache\advpack.dll
+ 2008-08-22 11:06:16 128,512 ------w c:\windows\system32\DllCache\advpack.dll
- 2008-08-22 10:05:16 346,624 ----a-w c:\windows\system32\DllCache\dxtmsft.dll
+ 2008-08-22 11:05:16 346,624 ----a-w c:\windows\system32\DllCache\dxtmsft.dll
- 2008-08-22 10:05:10 217,088 ----a-w c:\windows\system32\DllCache\dxtrans.dll
+ 2008-08-22 11:05:10 217,088 ----a-w c:\windows\system32\DllCache\dxtrans.dll
- 2008-08-22 10:05:20 61,952 ----a-w c:\windows\system32\DllCache\icardie.dll
+ 2008-08-22 11:05:20 61,952 ----a-w c:\windows\system32\DllCache\icardie.dll
- 2008-08-22 10:06:24 162,304 ------w c:\windows\system32\DllCache\ie4uinit.exe
+ 2008-08-22 11:06:24 162,304 ------w c:\windows\system32\DllCache\ie4uinit.exe
- 2008-08-22 10:06:36 124,928 ------w c:\windows\system32\DllCache\ieakeng.dll
+ 2008-08-22 11:06:36 124,928 ------w c:\windows\system32\DllCache\ieakeng.dll
- 2008-08-22 10:06:40 228,864 ------w c:\windows\system32\DllCache\ieaksie.dll
+ 2008-08-22 11:06:40 228,864 ------w c:\windows\system32\DllCache\ieaksie.dll
- 2008-08-22 10:06:24 163,840 ------w c:\windows\system32\DllCache\ieakui.dll
+ 2008-08-22 11:06:24 163,840 ------w c:\windows\system32\DllCache\ieakui.dll
- 2008-07-30 05:58:08 3,670,112 ----a-w c:\windows\system32\DllCache\ieapfltr.dat
+ 2008-07-30 06:58:08 3,670,112 ----a-w c:\windows\system32\DllCache\ieapfltr.dat
- 2008-08-22 10:06:44 385,024 ------w c:\windows\system32\DllCache\iedkcs32.dll
+ 2008-08-22 11:06:44 385,024 ------w c:\windows\system32\DllCache\iedkcs32.dll
- 2008-08-22 10:05:24 186,880 ----a-w c:\windows\system32\DllCache\iepeers.dll
+ 2008-08-22 11:05:24 186,880 ----a-w c:\windows\system32\DllCache\iepeers.dll
- 2008-08-22 10:06:20 55,808 ------w c:\windows\system32\DllCache\iernonce.dll
+ 2008-08-22 11:06:20 55,808 ------w c:\windows\system32\DllCache\iernonce.dll
- 2008-08-22 10:06:02 1,778,688 ----a-w c:\windows\system32\DllCache\iertutil.dll
+ 2008-08-22 11:06:02 1,778,688 ----a-w c:\windows\system32\DllCache\iertutil.dll
- 2008-08-22 10:06:24 71,680 ------w c:\windows\system32\DllCache\iesetup.dll
+ 2008-08-22 11:06:24 71,680 ------w c:\windows\system32\DllCache\iesetup.dll
- 2008-08-22 10:05:14 35,840 ------w c:\windows\system32\DllCache\imgutil.dll
+ 2008-08-22 11:05:14 35,840 ------w c:\windows\system32\DllCache\imgutil.dll
- 2008-08-22 10:06:16 94,720 ----a-w c:\windows\system32\DllCache\inseng.dll
+ 2008-08-22 11:06:16 94,720 ----a-w c:\windows\system32\DllCache\inseng.dll
- 2008-08-22 10:06:30 552,960 ----a-w c:\windows\system32\DllCache\jscript.dll
+ 2008-08-22 11:06:30 552,960 ----a-w c:\windows\system32\DllCache\jscript.dll
- 2008-08-22 10:06:58 28,672 ----a-w c:\windows\system32\DllCache\jsproxy.dll
+ 2008-08-22 11:06:58 28,672 ----a-w c:\windows\system32\DllCache\jsproxy.dll
- 2008-08-22 10:08:00 43,008 ------w c:\windows\system32\DllCache\licmgr10.dll
+ 2008-08-22 11:08:00 43,008 ------w c:\windows\system32\DllCache\licmgr10.dll
- 2008-08-22 10:05:48 580,608 ----a-w c:\windows\system32\DllCache\msfeeds.dll
+ 2008-08-22 11:05:48 580,608 ----a-w c:\windows\system32\DllCache\msfeeds.dll
- 2008-08-22 10:05:22 53,760 ----a-w c:\windows\system32\DllCache\msfeedsbs.dll
+ 2008-08-22 11:05:22 53,760 ----a-w c:\windows\system32\DllCache\msfeedsbs.dll
- 2008-08-22 10:05:08 70,656 ----a-w c:\windows\system32\DllCache\mshtmled.dll
+ 2008-08-22 11:05:08 70,656 ----a-w c:\windows\system32\DllCache\mshtmled.dll
- 2008-08-22 10:05:00 48,128 ------w c:\windows\system32\DllCache\mshtmler.dll
+ 2008-08-22 11:05:00 48,128 ------w c:\windows\system32\DllCache\mshtmler.dll
- 2008-08-22 10:05:34 630,272 ----a-w c:\windows\system32\DllCache\mstime.dll
+ 2008-08-22 11:05:34 630,272 ----a-w c:\windows\system32\DllCache\mstime.dll
- 2008-08-22 10:05:14 45,056 ----a-w c:\windows\system32\DllCache\pngfilt.dll
+ 2008-08-22 11:05:14 45,056 ----a-w c:\windows\system32\DllCache\pngfilt.dll
- 2008-06-12 18:27:56 134,144 ------w c:\windows\system32\DllCache\sqmapi.dll
+ 2008-06-12 19:27:56 134,144 ------w c:\windows\system32\DllCache\sqmapi.dll
- 2008-08-22 10:08:22 1,206,784 ----a-w c:\windows\system32\DllCache\urlmon.dll
+ 2008-08-22 11:08:22 1,206,784 ----a-w c:\windows\system32\DllCache\urlmon.dll
- 2008-08-22 10:06:36 434,176 ----a-w c:\windows\system32\DllCache\vbscript.dll
+ 2008-08-22 11:06:36 434,176 ----a-w c:\windows\system32\DllCache\vbscript.dll
- 2008-08-22 10:08:08 236,544 ------w c:\windows\system32\DllCache\webcheck.dll
+ 2008-08-22 11:08:08 236,544 ------w c:\windows\system32\DllCache\webcheck.dll
- 2008-08-22 10:08:06 878,592 ----a-w c:\windows\system32\DllCache\wininet.dll
+ 2008-08-22 11:08:06 878,592 ----a-w c:\windows\system32\DllCache\wininet.dll
- 2008-08-22 10:05:16 346,624 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-22 11:05:16 346,624 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-22 10:05:10 217,088 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-22 11:05:10 217,088 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-22 10:05:20 61,952 ------w c:\windows\system32\icardie.dll
+ 2008-08-22 11:05:20 61,952 ------w c:\windows\system32\icardie.dll
- 2008-06-12 18:27:42 26,112 ----a-w c:\windows\system32\idndl.dll
+ 2008-06-12 19:27:42 26,112 ----a-w c:\windows\system32\idndl.dll
- 2008-08-22 10:06:24 162,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-22 11:06:24 162,304 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-22 10:06:36 124,928 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-22 11:06:36 124,928 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-22 10:06:40 228,864 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-22 11:06:40 228,864 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-22 10:06:24 163,840 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-22 11:06:24 163,840 ----a-w c:\windows\system32\ieakui.dll
- 2008-07-30 05:58:08 3,670,112 ------w c:\windows\system32\ieapfltr.dat
+ 2008-07-30 06:58:08 3,670,112 ------w c:\windows\system32\ieapfltr.dat
- 2008-08-22 09:42:22 443,392 ------w c:\windows\system32\ieapfltr.dll
+ 2008-08-22 10:42:22 443,392 ------w c:\windows\system32\ieapfltr.dll
- 2008-08-22 10:06:44 385,024 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-22 11:06:44 385,024 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-08-22 10:10:34 11,985,408 ------w c:\windows\system32\ieframe.dll
+ 2008-08-22 11:10:34 11,985,408 ------w c:\windows\system32\ieframe.dll
- 2008-08-22 10:05:24 186,880 ----a-w c:\windows\system32\iepeers.dll
+ 2008-08-22 11:05:24 186,880 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-22 10:06:20 55,808 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-22 11:06:20 55,808 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-22 10:06:02 1,778,688 ------w c:\windows\system32\iertutil.dll
+ 2008-08-22 11:06:02 1,778,688 ------w c:\windows\system32\iertutil.dll
- 2008-08-22 10:06:24 71,680 ----a-w c:\windows\system32\iesetup.dll
+ 2008-08-22 11:06:24 71,680 ----a-w c:\windows\system32\iesetup.dll
- 2008-08-22 10:06:24 36,864 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-22 11:06:24 36,864 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-22 09:58:12 181,760 ------w c:\windows\system32\ieui.dll
+ 2008-08-22 10:58:12 181,760 ------w c:\windows\system32\ieui.dll
- 2008-08-22 10:05:14 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2008-08-22 11:05:14 35,840 ----a-w c:\windows\system32\imgutil.dll
- 2008-08-22 10:06:16 94,720 ----a-w c:\windows\system32\inseng.dll
+ 2008-08-22 11:06:16 94,720 ----a-w c:\windows\system32\inseng.dll
- 2008-08-22 10:06:30 552,960 ----a-w c:\windows\system32\jscript.dll
+ 2008-08-22 11:06:30 552,960 ----a-w c:\windows\system32\jscript.dll
- 2008-08-22 10:06:58 28,672 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-22 11:06:58 28,672 ----a-w c:\windows\system32\jsproxy.dll
- 2008-03-21 01:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-06 07:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2008-08-22 10:08:00 43,008 ----a-w c:\windows\system32\licmgr10.dll
+ 2008-08-22 11:08:00 43,008 ----a-w c:\windows\system32\licmgr10.dll
- 2008-10-07 19:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-08-06 00:55:38 265,720 ----a-w c:\windows\system32\msdbg2.dll
+ 2008-08-06 01:55:38 265,720 ----a-w c:\windows\system32\msdbg2.dll
- 2008-08-22 10:05:48 580,608 ------w c:\windows\system32\msfeeds.dll
+ 2008-08-22 11:05:48 580,608 ------w c:\windows\system32\msfeeds.dll
- 2008-08-22 10:05:22 53,760 ------w c:\windows\system32\msfeedsbs.dll
+ 2008-08-22 11:05:22 53,760 ------w c:\windows\system32\msfeedsbs.dll
- 2008-08-22 10:05:22 13,312 ------w c:\windows\system32\msfeedssync.exe
+ 2008-08-22 11:05:22 13,312 ------w c:\windows\system32\msfeedssync.exe
- 2008-08-22 10:09:32 5,699,584 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-22 11:09:32 5,699,584 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-22 10:05:08 70,656 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-22 11:05:08 70,656 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-22 10:05:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
+ 2008-08-22 11:05:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2008-08-22 10:07:50 193,536 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-22 11:07:50 193,536 ----a-w c:\windows\system32\msrating.dll
- 2008-08-22 10:05:34 630,272 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-22 11:05:34 630,272 ----a-w c:\windows\system32\mstime.dll
- 2008-06-12 18:27:44 24,576 ----a-w c:\windows\system32\nlsdl.dll
+ 2008-06-12 19:27:44 24,576 ----a-w c:\windows\system32\nlsdl.dll
- 2008-06-12 18:27:42 23,552 ----a-w c:\windows\system32\normaliz.dll
+ 2008-06-12 19:27:42 23,552 ----a-w c:\windows\system32\normaliz.dll
- 2008-08-22 10:07:50 116,224 ----a-w c:\windows\system32\occache.dll
+ 2008-08-22 11:07:50 116,224 ----a-w c:\windows\system32\occache.dll
- 2008-11-02 16:27:43 58,596 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-14 04:12:56 58,596 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-02 16:27:43 392,296 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-14 04:12:56 392,296 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-22 10:05:14 45,056 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-22 11:05:14 45,056 ----a-w c:\windows\system32\pngfilt.dll
- 2008-08-22 10:05:00 48,640 ------w c:\windows\system32\PrivacIE.dll
+ 2008-08-22 11:05:00 48,640 ------w c:\windows\system32\PrivacIE.dll
- 2008-06-12 18:27:58 16,928 ------w c:\windows\system32\spmsg.dll
+ 2008-06-12 19:27:58 16,928 ------w c:\windows\system32\spmsg.dll
- 2008-06-12 18:27:58 26,144 ----a-w c:\windows\system32\spupdsvc.exe
+ 2008-06-12 19:27:58 26,144 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-08-22 10:07:58 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-22 11:07:58 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-22 10:08:22 1,206,784 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-22 11:08:22 1,206,784 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-22 10:06:36 434,176 ----a-w c:\windows\system32\vbscript.dll
+ 2008-08-22 11:06:36 434,176 ----a-w c:\windows\system32\vbscript.dll
- 2008-08-22 10:08:08 236,544 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-22 11:08:08 236,544 ----a-w c:\windows\system32\webcheck.dll
+ 2008-09-06 07:30:42 241,704 ------w c:\windows\system32\WgaLogon.dll
+ 2008-09-06 07:29:58 917,032 ------w c:\windows\system32\WgaTray.exe
- 2008-08-22 10:08:22 208,384 ------w c:\windows\system32\WinFXDocObj.exe
+ 2008-08-22 11:08:22 208,384 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-08-22 10:08:06 878,592 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-22 11:08:06 878,592 ----a-w c:\windows\system32\wininet.dll
- 2008-06-12 18:28:02 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2008-06-12 19:28:02 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2008-10-01 00:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-10-01 00:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-01-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-06-28 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"VMonitorVMUVC"="c:\program files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe" [2007-11-08 135168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"nwiz"="nwiz.exe" [2006-10-30 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-12 44544]

c:\documents and settings\Zamora Famiy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-12-14 03:13 7095344 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-01 16:42 10752 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-30 76040]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-11-08 250240]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2008-08-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2008-11-01 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 12:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 19:22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-14 19:23:17
ComboFix-quarantined-files.txt 2008-11-15 03:23:02
ComboFix2.txt 2008-11-09 04:36:33

Pre-Run: 28,142,059,520 bytes free
Post-Run: 28,128,231,424 bytes free

432 --- E O F --- 2008-11-14 04:00:50



HERE IS THE LOG FROM MBAM:


Malwarebytes' Anti-Malware 1.30
Database version: 1397
Windows 5.1.2600 Service Pack 2

11/14/2008 7:39:02 PM
mbam-log-2008-11-14 (19-39-02).txt

Scan type: Quick Scan
Objects scanned: 52302
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc53jj0ee81 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HERE IS THE LOG FROM KASPERSKY:


KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 14, 2008 06:08:31
Records in database: 1384367
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 47039
Threat name 5
Infected objects 6
Suspicious objects 0
Duration of the scan 00:43:30

File name Threat name Threats count
C:\Documents and Settings\Zamora Famiy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Zamora Famiy\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.ini.vir Infected: Worm.Win32.AutoRun.blw 1
C:\Qoobox\Quarantine\E\Autorun.inf.vir Infected: Trojan.Win32.StartPage.cue 1
C:\WINDOWS\pc-off.bat Infected: Trojan.BAT.Shutdown.bi 1
C:\WINDOWS\psshutdown.exe Infected: not-a-virus:RiskTool.Win32.PsKill.au 1
The selected area was scanned.

HERE IS THE REPORT FROM SmitfraudFix.exe:



SmitFraudFix v2.375

Scan done at 19:26:57.64, Fri 11/14/2008
Run from C:\Documents and Settings\Zamora Famiy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Zamora Famiy


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ZAMORA~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Zamora Famiy\Application Data

C:\Documents and Settings\Zamora Famiy\Application Data\Skinux FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ZAMORA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 121.1.3.250
DNS Server Search Order: 121.1.3.199

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B419AD8-727B-4965-A5AB-3625E2577875}: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B419AD8-727B-4965-A5AB-3625E2577875}: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B419AD8-727B-4965-A5AB-3625E2577875}: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=121.1.3.250 121.1.3.199


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

In summary I need to see the following;
-SmitFraudFix log
-ComboFix.txt log

Here is the log from the Smitfraud:

SmitFraudFix v2.375

Scan done at 20:54:41.70, Wed 11/19/2008
Run from C:\Documents and Settings\Zamora Famiy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\autorun.inf
C:\Documents and Settings\Zamora Famiy\Application Data\Skinux\ Deleted
C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B419AD8-727B-4965-A5AB-3625E2577875}: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B419AD8-727B-4965-A5AB-3625E2577875}: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B419AD8-727B-4965-A5AB-3625E2577875}: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=121.1.3.250 121.1.3.199
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=121.1.3.250 121.1.3.199


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Here is the log from ComboFix:


ComboFix 08-11-18.09 - Zamora Famiy 2008-11-19 20:48:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.407 [GMT -8:00]
Running from: c:\documents and settings\Zamora Famiy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zamora Famiy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-16 12:15 . 2008-11-16 12:15 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-14 19:33 . 2008-11-14 19:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 19:33 . 2008-11-14 19:33 <DIR> d-------- c:\documents and settings\Zamora Famiy\Application Data\Malwarebytes
2008-11-14 19:33 . 2008-11-14 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 19:33 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 19:33 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-14 19:27 . 2008-11-14 19:27 2,996 --a------ c:\windows\system32\tmp.reg
2008-11-13 13:38 . 2008-11-19 09:03 <DIR> d--h-c--- c:\windows\ie8
2008-11-13 02:06 . 2008-11-13 02:06 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-09 20:26 . 2008-11-09 20:26 <DIR> d---s---- c:\documents and settings\Zamora Famiy\UserData
2008-11-08 19:34 . 2008-11-08 19:34 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-07 20:21 . 2008-11-07 20:21 <DIR> d-------- C:\logs
2008-11-07 20:21 . 2008-11-07 20:21 <DIR> d-------- c:\documents and settings\Zamora Famiy\ChikkaDefault
2008-11-01 14:32 . 2008-11-01 14:33 <DIR> d-------- c:\program files\ERUNT
2008-11-01 14:00 . 2008-11-01 14:00 <DIR> d-------- C:\rsit
2008-11-01 14:00 . 2008-11-13 11:22 <DIR> d-------- c:\program files\trend micro
2008-10-28 13:28 . 2008-10-28 13:28 <DIR> d-------- c:\program files\Microsoft
2008-10-24 15:53 . 2008-10-15 08:53 339,456 --------- c:\windows\system32\DllCache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 16:58 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\LimeWire
2008-11-16 05:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-14 23:02 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\Skype
2008-11-13 08:03 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\skypePM
2008-11-08 04:20 --------- d-----w c:\program files\AudioGrabber
2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:25 455,936 ------w c:\windows\system32\DllCache\mrxsmb.sys
2008-10-08 05:05 --------- d-----w c:\program files\Common Files\Ahead
2008-10-08 05:02 --------- d-----w c:\program files\Nero
2008-10-08 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-05 19:57 --------- d-----w c:\documents and settings\PERSONAL FILES\Application Data\Skinux
2008-10-04 18:23 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\Skinux
2008-10-04 18:20 --------- d-----w c:\program files\Kodak
2008-10-04 18:20 --------- d-----w c:\program files\Common Files\Kodak
2008-10-04 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-10-03 21:58 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\MP3Rocket
2008-10-03 21:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-03 21:32 --------- d-----w c:\documents and settings\Zamora Famiy\Application Data\ByteCrusher
2008-10-01 18:21 --------- d-----w c:\program files\Easy File Sharing Web Server
2008-10-01 17:01 --------- d-----w c:\program files\Zuma
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 03:07 --------- d-----w c:\program files\Google
2008-09-27 20:30 --------- d-----w c:\program files\Common Files\Scanner
2008-09-15 12:17 1,846,912 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:17 1,846,912 ------w c:\windows\system32\DllCache\win32k.sys
2008-09-06 07:30 241,704 ------w c:\windows\system32\DllCache\wgaLogon.dll
2008-09-06 07:29 917,032 ------w c:\windows\system32\DllCache\WgaTray.exe
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\DllCache\msxml3.dll
2008-08-30 14:41 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-08-30 04:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-28 10:35 333,056 ------w c:\windows\system32\DllCache\srv.sys
2008-08-22 11:16 637,984 ------w c:\windows\system32\DllCache\iexplore.exe
2008-08-22 11:15 1,216,512 ----a-w c:\windows\system32\DllCache\SET6E.tmp
2008-08-22 11:14 2,651,968 ----a-w c:\windows\inf\SET9D.tmp
2008-08-22 11:10 11,985,408 ----a-w c:\windows\system32\DllCache\SET6D.tmp
2008-08-22 11:10 11,985,408 ----a-w c:\windows\system32\DllCache\ieframe.dll
2008-08-22 11:09 5,699,584 ----a-w c:\windows\system32\SETDA.tmp
2008-08-22 11:09 5,699,584 ----a-w c:\windows\system32\DllCache\SET88.tmp
2008-08-22 11:09 5,699,584 ----a-w c:\windows\system32\DllCache\mshtml.dll
2008-08-22 11:07 755,200 ------w c:\windows\system32\DllCache\VGX.dll
2008-08-22 11:07 193,536 ----a-w c:\windows\system32\SETDF.tmp
2008-08-22 11:07 193,536 ----a-w c:\windows\system32\DllCache\SET8D.tmp
2008-08-22 11:07 193,536 ----a-w c:\windows\system32\DllCache\msrating.dll
2008-08-22 11:07 18,944 ----a-w c:\windows\system32\SETBB.tmp
2008-08-22 11:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 11:07 18,944 ------w c:\windows\system32\DllCache\corpol.dll
2008-08-22 11:07 116,224 ----a-w c:\windows\system32\SETE1.tmp
2008-08-22 11:07 116,224 ------w c:\windows\system32\DllCache\occache.dll
2008-08-22 11:07 105,984 ----a-w c:\windows\system32\SETE6.tmp
2008-08-22 11:07 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-08-22 11:05 70,656 ----a-w c:\windows\system32\SETDC.tmp
2008-08-22 11:04 66,560 ----a-w c:\windows\system32\SETE4.tmp
2008-08-22 11:04 45,568 ----a-w c:\windows\system32\SETD9.tmp
2008-08-22 11:04 45,568 ----a-w c:\windows\system32\mshta.exe
2008-08-22 11:04 45,568 ------w c:\windows\system32\DllCache\mshta.exe
2008-08-22 11:04 1,659,392 ----a-w c:\windows\system32\SETDB.tmp
2008-08-22 11:00 68,608 ------w c:\windows\system32\DllCache\hmmapi.dll
2008-08-22 10:57 156,160 ----a-w c:\windows\system32\SETDE.tmp
2008-08-22 10:57 156,160 ----a-w c:\windows\system32\msls31.dll
2008-08-22 10:57 156,160 ------w c:\windows\system32\DllCache\msls31.dll
2008-08-22 10:49 56,413 ----a-w c:\windows\system32\SETCF.tmp
2008-08-22 10:42 443,392 ----a-w c:\windows\system32\DllCache\SET6C.tmp
2008-08-22 10:42 443,392 ----a-w c:\windows\system32\DllCache\ieapfltr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-01-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-06-28 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"VMonitorVMUVC"="c:\program files\Vimicro\A4 TECH USB2.0 PC Camera J\x86\VMonitor.exe" [2007-11-08 135168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"nwiz"="nwiz.exe" [2006-10-30 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-12 44544]

c:\documents and settings\Zamora Famiy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-12-14 03:13 7095344 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-01 16:42 10752 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-30 76040]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2008-09-03 250240]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-09-03 476032]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2008-08-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2008-11-01 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 12:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 20:49:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 20:50:22
ComboFix-quarantined-files.txt 2008-11-20 04:50:06
ComboFix2.txt 2008-11-15 03:23:19
ComboFix3.txt 2008-11-09 04:36:33

Pre-Run: 27,898,650,624 bytes free
Post-Run: 27,953,209,344 bytes free

199 --- E O F --- 2008-11-14 04:00:50

This post has been edited by ryan_07: Nov 19 2008, 07:00 AM

Hey buddy, thanks for the help... I would like you to know that my PC had already been reformatted few hours ago. It went crazy that it wasn't able to boot. I think my topic should already be closed by you. I hope for your immediate response.

Thanks!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.