[james09]

Hi
Iam weary that my computer is infected with a worm. I have done more than a few full scans on my computer using malwarebytes' anti-malware and everytime it finds viruses. These are "worm.p2p" and "trojan.conflicker.h" which are mainly found in registry keys and registry values and alsoanother one that keeps coming up is autorun.inf?.
I have been doing these scans daily just to check up on my system, the first time i did the scan it found 88 infections which i remove as instructed. These have lessened over the last week right down to 7 or 8 infections which are always found right at the beginning of the scan where it goes through HKEY_ such and such. but. The last three times i have performed a scan it hasnt found these viruses at the beginning or even 3 hours through. Malwarebytes' actually crashes and so does my computer causing me to reboot.
I am positive there is something in my system, internet explorer and firefox are crashing ALL THE TIME i really dont get very far at all on either programs. They both redirect to other websites over and over again "especially when i am surfing sites that can help my computer i.e. antivirus, microsoft, and even some forums i have been through.

I followed instructions on a post in G2Gs malware forum on how to clean malware and spyware so I have OTListIt logs and a rooter log. Also, the first time i downloaded rooter it came up with some program in another language and i am pretty sure it was downloading files to my system.... i cant find these files though? I have once yesterday seen a msg come up on my computer in a totally different language but i have no idea what to do but ALT and F4.

The extras and rooter logs are attached to the post. As for OTListIt log it can be found at http://www.fileden.c...59/OTListIt.Txt as it couldnt fit in attachments or in the post itself.

Also I have JUST noticed that all pages internet explorer redirect to are now in this oher language, as they werent before, it was a 360.com site.

Attached Files

•  Extras.Txt   25.91KB   648 downloads
•  Rooter.txt   2.28KB   231 downloads

[Advertisements]

sorry to reply to my own topic but everything i do on the internet now is now redirecting to porn sites. Google is not finding anything i am writing in the search bar... EVERYTHING i type it is finding only porn sites and nothing else.
Should i stop using the internet??

[james09]

sorry to reply to my own topic but everything i do on the internet now is now redirecting to porn sites. Google is not finding anything i am writing in the search bar... EVERYTHING i type it is finding only porn sites and nothing else.
Should i stop using the internet??

[fenzodahl512]

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....



Please download The Comedian.exe to your desktop

• Double click the program to run it. It will only take around several minutes to run.
• It will do a series of tasks and tell you when each one is finished.
• You will be prompted to press any key after each step
• When it is done it will close and exit itself automatically.
• You can delete The_Comedian.exe once it is finished

NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT
• Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>

• Open the program and click on the Rootkit tab.
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
• Click on Scan.
• When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

[james09]

thanks for helping.....
i have the MBAM log and GMER results.
As for RSIT, i was unable to download this program, when I click on the link it takes me to "page cannot be displayed". This happens anytime I visit a site that may help my computer, like windows update site and any site to do with anti-virus. I am also unable to attach GMER results, it says "you are not permitted to upload this type of file. So I have attached it to this link.. http://www.fileden.c...990059/gmer.log


Malwarebytes' Anti-Malware 1.35
Database version: 1932
Windows 5.1.2600 Service Pack 3

4/17/2009 11:40:06 AM
mbam-log-2009-04-17 (11-40-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 167029
Time elapsed: 3 hour(s), 52 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mfaliqaqojune (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{363F1615-A4FE-4684-89F1-ECC2A08455E7}\RP9\A0013680.rbf (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{363F1615-A4FE-4684-89F1-ECC2A08455E7}\RP9\A0013790.rbf (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{363F1615-A4FE-4684-89F1-ECC2A08455E7}\RP9\A0013913.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\DESKTOP\Mwasurixu.dat (Trojan.Agent) -> Delete on reboot.
C:\DESKTOP\system32\NetworkService32\101.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\101.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\102.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\102.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\103.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\103.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\104.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\104.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\105.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\105.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\106.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\106.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\107.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\107.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\108.video.wmv (Worm.Archive) -> Quarantined and deleted successfully.
C:\DESKTOP\system32\NetworkService32\108.video.wmv.kwd (Worm.Archive) -> Quarantined and deleted successfully.

[fenzodahl512]

Lets try this tool first...

Please download Single PC Removal Tool and unzip it to your Desktop.

Click on cleaner_gui and hit the Start button. Let it scan and disinfect your computer.


Reboot your computer and do below..


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

[james09]

ComboFix 09-04-18.03 - LILLIA 04/18/2009 15:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.646 [GMT 10:00]
Running from: c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\desktop\facsveph.dll
c:\desktop\GnuHashes.ini
c:\desktop\system32\GroupPolicy000.dat
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573C.manifest
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573O.manifest
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573P.manifest
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573S.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573C.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573O.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573P.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573S.manifest

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 05:36 . 2009-04-18 05:36 0 -c--a-w c:\desktop\system32\GroupPolicy000.dat
2009-04-18 03:40 . 2009-04-18 03:40 4096 -c--a-w c:\desktop\system32\02.tmp
2009-04-18 03:36 . 2009-04-18 03:36 4096 -c--a-w c:\desktop\system32\01.tmp
2009-04-18 00:20 . 2009-04-18 05:36 -------- dcsh--w c:\desktop\system32\NetworkService32
2009-04-18 00:19 . 2009-04-18 00:19 146944 -c--a-w c:\desktop\Mwasurixu.dat
2009-04-17 07:32 . 2009-04-17 07:32 -------- d-----w c:\program files\NOS
2009-04-16 00:01 . 2009-04-16 00:00 73728 -c--a-w c:\desktop\system32\javacpl.cpl
2009-04-15 23:34 . 2009-04-17 07:32 -------- d-----w c:\program files\iPod
2009-04-15 23:34 . 2009-04-17 07:32 -------- d-----w c:\program files\iTunes
2009-04-15 23:33 . 2009-04-17 07:32 -------- d-----w c:\program files\Bonjour
2009-04-15 01:10 . 2009-04-17 07:32 -------- d-----w c:\program files\AskTBar
2009-04-15 00:49 . 2005-08-26 17:38 1435272 -c--a-w c:\desktop\system32\Flash.ocx
2009-04-15 00:49 . 2009-04-15 00:49 -------- d-----w c:\program files\Robust.ws
2009-04-14 23:22 . 2009-04-14 23:22 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 08:29 . 2009-04-14 08:29 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Malwarebytes
2009-04-14 02:14 . 2009-04-15 09:28 -------- dc----w C:\Rooter$
2009-04-13 07:05 . 2009-04-13 07:05 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\KodakGallery
2009-04-13 06:07 . 2009-04-13 06:07 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\{92DBF11B-E4B1-4EB9-A1AC-F50900593C1E}
2009-04-13 04:16 . 2009-04-16 21:27 0 -c--a-w c:\desktop\Nxopupo.bin
2009-04-13 04:16 . 2009-04-13 04:16 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\{2F72C276-E543-4D52-949F-C86DD5847349}
2009-04-13 03:30 . 2009-04-13 03:30 615 -c--a-w c:\desktop\system32\DsGtluA.vbs
2009-04-13 03:30 . 2009-04-13 03:30 139264 -c--a-w c:\desktop\system32\d3dim70032.dll
2009-04-12 03:19 . 2009-04-12 03:19 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 03:28 . 2009-04-09 03:28 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Identities
2009-04-09 00:06 . 2009-04-09 00:06 -------- dc----w c:\desktop\Sun
2009-04-06 08:39 . 2009-04-06 08:39 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Mozilla
2009-04-06 07:02 . 2009-04-06 07:02 0 -c--a-w c:\desktop\nsreg.dat
2009-04-06 07:02 . 2009-04-06 07:02 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\Mozilla
2009-04-06 05:02 . 2009-04-06 05:02 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Skinux
2009-04-06 02:35 . 2009-04-06 02:35 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\KodakGallery
2009-04-06 02:34 . 2009-04-06 02:34 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Skinux
2009-04-06 02:31 . 2008-04-13 18:45 15104 -c--a-w c:\desktop\system32\drivers\usbscan.sys
2009-04-06 02:31 . 2008-04-13 18:45 15104 -c--a-w c:\desktop\system32\dllcache\usbscan.sys
2009-04-06 02:31 . 2001-08-17 12:36 5632 -c--a-w c:\desktop\system32\ptpusb.dll
2009-04-06 02:31 . 2008-04-14 00:12 159232 -c--a-w c:\desktop\system32\ptpusd.dll
2009-04-06 02:29 . 2009-04-06 02:31 -------- d-----w c:\program files\Common Files\Kodak
2009-04-06 02:26 . 2009-04-06 02:32 -------- d-----w c:\program files\Kodak
2009-04-06 02:25 . 2009-04-06 02:25 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Kodak
2009-04-06 00:06 . 2009-04-06 00:06 -------- dc----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2009-04-04 11:10 . 2009-04-04 11:10 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Apple Computer
2009-04-04 11:09 . 2009-04-04 11:09 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Apple Computer
2009-04-04 10:29 . 2009-04-04 10:29 -------- d-----w c:\program files\ConvertMP3
2009-04-03 06:41 . 2009-04-04 10:04 179 -c--a-w c:\desktop\WMACutjoin.ini
2009-04-03 06:35 . 2009-04-04 10:39 -------- dc----w C:\My Music
2009-04-03 06:34 . 2009-04-04 10:04 5 -c--a-w c:\desktop\system32\SySWMACJ.dat
2009-04-03 06:34 . 2004-12-08 03:21 1843200 -c--a-w c:\desktop\system32\NCTAudioFile2.dll
2009-04-03 06:34 . 2004-12-01 04:43 315392 -c--a-w c:\desktop\system32\NCTAudioPlayer2.dll
2009-04-03 06:34 . 2004-08-02 05:09 450560 -c--a-w c:\desktop\system32\NCTAudioTransform2.dll
2009-04-03 06:34 . 2004-05-20 04:24 196608 -c--a-w c:\desktop\system32\NCTWMAFile2.dll
2009-04-03 06:34 . 2003-12-08 02:49 116304 -c--a-w c:\desktop\system32\NCTWMAProfiles.prx
2009-04-03 06:34 . 2009-04-04 09:26 -------- d-----w c:\program files\HiFisoftware
2009-04-03 06:34 . 2002-01-05 04:37 344064 -c--a-w c:\desktop\system32\msvcr70.dll
2009-04-03 06:24 . 2009-04-04 10:39 135 -c--a-w c:\desktop\Mp3ACutjoin.ini
2009-04-03 06:20 . 2009-04-04 10:39 5 -c--a-w c:\desktop\system32\SySMACJ.dat
2009-04-03 06:07 . 2009-04-03 06:07 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\AVS4YOU
2009-04-03 06:07 . 2009-04-03 06:07 13496 -c--a-w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 06:04 . 2009-04-03 06:04 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\AVS4YOU
2009-04-03 06:04 . 2009-04-03 06:04 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-03 06:04 . 2003-05-21 02:50 24576 -c--a-w c:\desktop\system32\msxml3a.dll
2009-04-03 06:04 . 2009-04-03 06:20 -------- d-----w c:\program files\AVS4YOU
2009-04-03 02:21 . 2009-04-16 05:21 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\LimeWire
2009-04-03 02:21 . 2009-04-17 06:58 664 -c--a-w c:\desktop\system32\d3d9caps.dat
2009-04-03 02:11 . 2009-04-16 00:00 410984 -c--a-w c:\desktop\system32\deploytk.dll
2009-04-02 10:06 . 2009-04-02 10:06 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Foxit
2009-04-02 10:06 . 2009-04-02 10:06 -------- d-----w c:\program files\Foxit Software
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\scripting
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\l2schemas
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\en
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\bits
2009-04-02 10:02 . 2009-04-02 10:02 -------- dc----w c:\desktop\ServicePackFiles
2009-04-02 08:52 . 2008-12-20 23:15 52224 -c----w c:\desktop\system32\dllcache\msfeedsbs.dll
2009-04-02 08:52 . 2008-12-20 23:15 459264 -c----w c:\desktop\system32\dllcache\msfeeds.dll
2009-04-02 08:52 . 2008-12-20 23:15 267776 -c----w c:\desktop\system32\dllcache\iertutil.dll
2009-04-02 08:52 . 2008-12-20 23:15 6066688 -c----w c:\desktop\system32\dllcache\ieframe.dll
2009-04-02 08:52 . 2008-12-20 23:15 383488 -c----w c:\desktop\system32\dllcache\ieapfltr.dll
2009-04-02 08:52 . 2008-12-20 23:15 63488 -c----w c:\desktop\system32\dllcache\icardie.dll
2009-04-02 08:52 . 2008-12-19 09:10 13824 -c----w c:\desktop\system32\dllcache\ieudinit.exe
2009-04-02 08:52 . 2007-04-17 09:32 2455488 -c----w c:\desktop\system32\dllcache\ieapfltr.dat
2009-04-02 08:52 . 2007-03-08 05:10 991232 -c----w c:\desktop\system32\dllcache\ieframe.dll.mui
2009-04-02 08:28 . 2004-08-03 12:29 73216 -c----w c:\desktop\system32\drivers\atintuxx.sys
2009-04-02 08:24 . 2009-03-26 06:49 15504 -c--a-w c:\desktop\system32\drivers\mbam.sys
2009-04-02 08:24 . 2009-03-26 06:49 38496 -c--a-w c:\desktop\system32\drivers\mbamswissarmy.sys
2009-04-02 08:24 . 2009-04-02 08:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 08:21 . 2009-04-02 08:21 13682 -c--a-w c:\desktop\system32\wpa.bak
2009-04-02 08:13 . 2008-06-13 11:05 272128 -c----w c:\desktop\system32\drivers\bthport.sys
2009-04-02 08:13 . 2008-06-13 11:05 272128 -c----w c:\desktop\system32\dllcache\bthport.sys
2009-04-02 08:12 . 2008-08-14 10:09 2145280 -c----w c:\desktop\system32\dllcache\ntkrnlmp.exe
2009-04-02 08:12 . 2008-08-14 10:11 2189184 -c----w c:\desktop\system32\dllcache\ntoskrnl.exe
2009-04-02 08:12 . 2008-08-14 09:33 2023936 -c----w c:\desktop\system32\dllcache\ntkrpamp.exe
2009-04-02 08:12 . 2008-08-14 09:33 2066048 -c----w c:\desktop\system32\dllcache\ntkrnlpa.exe
2009-04-02 08:10 . 2008-05-08 14:02 203136 -c----w c:\desktop\system32\dllcache\rmcast.sys
2009-04-02 08:10 . 2008-10-24 11:21 455296 -c----w c:\desktop\system32\dllcache\mrxsmb.sys
2009-04-02 08:10 . 2008-12-11 10:57 333952 -c----w c:\desktop\system32\dllcache\srv.sys
2009-04-02 08:09 . 2008-04-11 19:04 691712 -c----w c:\desktop\system32\dllcache\inetcomm.dll
2009-04-02 08:08 . 2009-04-02 08:08 -------- dcsh--w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\UserData
2009-04-02 08:08 . 2008-10-15 16:34 337408 -c----w c:\desktop\system32\dllcache\netapi32.dll
2009-04-02 08:06 . 2009-04-02 08:06 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Malwarebytes
2009-04-02 08:06 . 2009-04-02 08:06 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Malwarebytes
2009-04-02 07:54 . 2008-12-10 03:56 187392 -c--a-w c:\desktop\system32\drivers\b57xp32.sys
2009-04-02 07:54 . 2008-12-10 03:56 187392 -c--a-w c:\desktop\system32\dllcache\b57xp32.sys
2009-04-02 05:50 . 2009-04-02 05:50 -------- dc----w C:\win_xp_2k3_32
2009-04-02 04:54 . 2009-04-02 04:54 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\LG Electronics
2009-04-02 04:41 . 2009-04-02 04:41 -------- d-----w c:\program files\LG Electronics
2009-04-02 04:41 . 2007-12-27 01:17 21760 -c--a-w c:\desktop\system32\drivers\lgusbmodem.sys
2009-04-02 04:41 . 2007-12-27 01:15 12672 -c--a-w c:\desktop\system32\drivers\lgusbbus.sys
2009-04-02 04:41 . 2007-12-27 01:14 19968 -c--a-w c:\desktop\system32\drivers\lgusbdiag.sys
2009-04-02 04:40 . 2009-04-02 04:41 -------- d-----w c:\program files\LG PC Suite 2
2009-04-02 04:39 . 2009-04-02 04:39 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\InstallShield
2009-04-02 00:36 . 2009-04-04 11:09 13496 -c--a-w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 09:54 . 2005-05-03 08:43 69632 -c--a-w c:\desktop\Alcmtr.exe
2009-04-01 09:54 . 2009-04-01 09:54 319488 -c--a-w c:\desktop\HideWin.exe
2009-04-01 03:58 . 2009-04-01 09:48 -------- dc----w C:\Inetpub
2009-04-01 02:44 . 2006-02-28 12:00 53248 -c--a-w c:\desktop\system32\dllcache\nextlink.dll
2009-04-01 02:43 . 2001-08-17 12:36 45056 -c--a-w c:\desktop\system32\dllcache\EXCH_aqadmin.dll
2009-04-01 02:43 . 2001-08-17 12:36 5632 -c--a-w c:\desktop\system32\dllcache\EXCH_adsiisex.dll
2009-04-01 02:43 . 2006-02-28 12:00 6144 -c--a-w c:\desktop\system32\dllcache\admxprox.dll
2009-04-01 02:43 . 2006-02-28 12:00 49664 -c--a-w c:\desktop\system32\dllcache\adrot.dll
2009-04-01 02:43 . 2006-02-28 12:00 7168 -c--a-w c:\desktop\system32\dllcache\wamregps.dll
2009-04-01 02:43 . 2006-02-28 12:00 7680 -c--a-w c:\desktop\system32\dllcache\inetmgr.exe
2009-04-01 02:43 . 2006-02-28 12:00 19968 -c--a-w c:\desktop\system32\dllcache\inetsloc.dll
2009-04-01 02:43 . 2006-02-28 12:00 6144 -c--a-w c:\desktop\system32\dllcache\ftpsapi2.dll
2009-04-01 02:43 . 2006-02-28 12:00 5632 -c--a-w c:\desktop\system32\dllcache\iisrstap.dll
2009-04-01 02:43 . 2006-02-28 12:00 169984 -c--a-w c:\desktop\system32\dllcache\iisui.dll
2009-04-01 02:43 . 2006-02-28 12:00 14336 -c--a-w c:\desktop\system32\dllcache\iisreset.exe
2009-04-01 02:43 . 2006-02-28 12:00 94720 -c--a-w c:\desktop\system32\dllcache\certmap.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 05:36 . 2009-04-18 05:36 374272 -csha-w c:\desktop\system32\1.tmp
2009-04-18 03:46 . 2009-04-18 03:45 923 -c----w C:\Win32.Worm.Downladup.Gen.log
2009-04-17 07:32 . 2009-04-17 07:10 -------- dc-h--w c:\documents and settings\All Users.DESKTOP\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 07:32 . 2009-04-16 03:03 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\NOS
2009-04-17 07:32 . 2009-04-04 08:41 -------- d-----w c:\program files\Common Files\Apple
2009-04-17 07:29 . 2009-04-16 21:04 -------- d-----w c:\program files\ERUNT
2009-04-17 07:23 . 2009-04-17 07:28 170838 -c--a-w c:\desktop\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-04-17 07:10 . 2009-04-17 07:10 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Lavasoft
2009-04-17 07:10 . 2009-04-17 07:10 -------- d-----w c:\program files\Lavasoft
2009-04-16 03:23 . 2009-04-16 03:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-16 03:23 . 2008-02-04 03:19 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 09:28 . 2009-04-14 02:15 2336 -c--a-w C:\Rooter.txt
2009-04-14 23:31 . 2009-02-15 11:40 -------- d-----w c:\program files\LimeWire
2009-04-04 11:08 . 2009-04-04 08:43 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Apple Computer
2009-04-04 08:43 . 2009-04-04 08:43 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 08:42 . 2009-04-04 08:42 -------- d-----w c:\program files\QuickTime
2009-04-04 08:42 . 2009-04-04 08:42 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Apple Computer
2009-04-04 08:42 . 2009-04-04 08:41 -------- d-----w c:\program files\Apple Software Update
2009-04-04 08:41 . 2009-04-04 08:41 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Apple
2009-04-04 07:10 . 2008-02-04 03:20 -------- d-----w c:\program files\Java
2009-04-02 10:07 . 2009-03-25 23:54 86327 -c--a-w c:\desktop\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 09:59 . 2009-04-01 02:19 250048 --sha-r C:\ntldr
2009-04-02 04:54 . 2009-04-02 04:43 0 -c--a-w C:\Tech_Vista.log
2009-04-02 04:41 . 2008-02-04 02:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 09:56 . 2008-02-04 02:45 567 -c--a-w C:\RHDSetup.log
2009-04-01 09:54 . 2009-03-25 21:37 -------- d-----w c:\program files\Realtek
2009-04-01 02:41 . 2009-03-25 23:53 22732 -c--a-w c:\desktop\system32\emptyregdb.dat
2009-04-01 02:41 . 2009-04-01 02:41 1071 -c--a-w c:\desktop\Inf\COM97.tmp
2009-03-30 06:05 . 2009-03-26 01:28 -------- d-----w c:\program files\Efficient Networks
2009-03-27 08:45 . 2009-02-14 07:19 -------- d-----w c:\program files\vanBasco's Karaoke Player
2009-03-26 02:15 . 2009-03-26 02:15 -------- d-----w c:\program files\Telstra
2009-03-25 20:49 . 2009-03-25 20:49 10 -c--a-w C:\csb.log
2009-03-24 03:26 . 2009-03-24 03:26 -------- d-----w c:\program files\VIA
2009-03-24 00:10 . 2009-03-24 00:10 -------- d-----w c:\program files\IObit
2009-03-23 09:52 . 2009-03-23 08:14 -------- d-----w c:\program files\Incomplete
2009-03-23 08:16 . 2009-03-23 04:54 -------- d-----w c:\program files\McAfee
2009-03-23 04:54 . 2009-03-23 04:54 -------- d-----w c:\program files\Common Files\McAfee
2009-03-21 00:06 . 2009-02-21 08:48 -------- d-----w c:\program files\Trend Micro
2009-03-19 06:32 . 2009-04-04 08:43 23400 -c--a-w c:\desktop\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:26 . 2009-02-13 11:44 -------- d-----w c:\program files\Digidesign
2009-03-13 10:08 . 2009-03-13 10:07 -------- d-----w c:\program files\DX-Ball
2009-03-05 13:59 . 2009-04-04 08:41 36864 -c--a-w c:\desktop\system32\drivers\usbaapl.sys
2009-03-05 13:59 . 2009-04-04 08:41 1900544 -c--a-w c:\desktop\system32\usbaaplrc.dll
2009-03-02 15:15 . 2009-03-02 02:51 -------- d-----w c:\program files\Any Video Converter
2009-03-01 12:33 . 2009-02-24 02:12 -------- d-----w c:\program files\VSO
2009-03-01 08:16 . 2009-03-01 08:16 -------- d-----w c:\program files\Apowersoft
2009-03-01 08:08 . 2009-03-01 08:08 -------- d-----w c:\program files\aHisoft
2009-02-28 00:47 . 2009-02-28 00:47 -------- d-----w c:\program files\Alwil Software
2009-02-27 23:40 . 2009-02-27 23:40 -------- d-----w c:\program files\AskSearch
2009-02-27 06:20 . 2009-02-26 10:30 -------- d-----w c:\program files\Yahoo!
2009-02-27 06:19 . 2009-02-21 23:46 -------- d-----w c:\program files\SUPERAntiSpyware
2009-02-26 10:12 . 2009-02-26 09:41 -------- d-----w c:\program files\Video Enhancer
2009-02-26 09:37 . 2009-02-26 09:34 -------- d-----w c:\program files\Free Video Zilla
2009-02-24 23:58 . 2009-02-24 14:52 -------- d-----w c:\program files\cheapestsoft
2009-02-24 15:03 . 2009-02-13 08:22 -------- d-----w c:\program files\Easy DVD Copy
2009-02-24 14:55 . 2009-02-24 14:54 27279112 -c--a-w C:\output.dat
2009-02-24 14:51 . 2009-02-24 14:46 -------- d-----w c:\program files\iOrgSoft
2009-02-21 09:38 . 2009-02-21 09:32 -------- d-----w c:\program files\NoAdware
2009-02-20 16:09 . 2008-02-04 02:13 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 11:13 . 2009-04-01 02:19 1846784 -c--a-w c:\desktop\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\desktop\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGPCSuiteLanucher"="c:\program files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" [2008-04-16 2637824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Mfaliqaqojune"="c:\desktop\Mwasurixu.dat" [2009-04-18 146944]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\desktop\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\desktop\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\desktop\alcwzrd.exe [2006-05-04 2808832]

c:\documents and settings\BiG SeXc YaK\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-11 139776]

c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users.DESKTOP\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\3873e018573]
2009-04-13 03:30 139264 -c--a-w c:\desktop\System32\d3dim70032.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\desktop\System32\d3dim70032.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli facsveph.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"= 8073:TCP:dihrt

R0 higqpez;higqpez; [x]
R2 erayb;Manager Shell;c:\desktop\system32\svchost.exe [2008-04-14 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
erayb
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\desktop\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Mozilla\Firefox\Profiles\seb8fejs.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\erayb]
"ServiceDll"="c:\desktop\system32\tpadllb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\desktop\System32\d3dim70032.dll

- - - - - - - > 'explorer.exe'(3144)
c:\desktop\System32\d3dim70032.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\desktop\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-18 15:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 05:38

Pre-Run: 50,955,096,064 bytes free
Post-Run: 51,573,362,688 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
302 --- E O F --- 2009-04-12 03:19







ComboFix 09-04-18.03 - LILLIA 04/18/2009 15:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.646 [GMT 10:00]
Running from: c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\desktop\facsveph.dll
c:\desktop\GnuHashes.ini
c:\desktop\system32\GroupPolicy000.dat
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573C.manifest
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573O.manifest
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573P.manifest
c:\documents and settings\BiG SeXc YaK\Application Data\020000009527082f573S.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573C.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573O.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573P.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573S.manifest

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 05:36 . 2009-04-18 05:36 0 -c--a-w c:\desktop\system32\GroupPolicy000.dat
2009-04-18 03:40 . 2009-04-18 03:40 4096 -c--a-w c:\desktop\system32\02.tmp
2009-04-18 03:36 . 2009-04-18 03:36 4096 -c--a-w c:\desktop\system32\01.tmp
2009-04-18 00:20 . 2009-04-18 05:36 -------- dcsh--w c:\desktop\system32\NetworkService32
2009-04-18 00:19 . 2009-04-18 00:19 146944 -c--a-w c:\desktop\Mwasurixu.dat
2009-04-17 07:32 . 2009-04-17 07:32 -------- d-----w c:\program files\NOS
2009-04-16 00:01 . 2009-04-16 00:00 73728 -c--a-w c:\desktop\system32\javacpl.cpl
2009-04-15 23:34 . 2009-04-17 07:32 -------- d-----w c:\program files\iPod
2009-04-15 23:34 . 2009-04-17 07:32 -------- d-----w c:\program files\iTunes
2009-04-15 23:33 . 2009-04-17 07:32 -------- d-----w c:\program files\Bonjour
2009-04-15 01:10 . 2009-04-17 07:32 -------- d-----w c:\program files\AskTBar
2009-04-15 00:49 . 2005-08-26 17:38 1435272 -c--a-w c:\desktop\system32\Flash.ocx
2009-04-15 00:49 . 2009-04-15 00:49 -------- d-----w c:\program files\Robust.ws
2009-04-14 23:22 . 2009-04-14 23:22 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 08:29 . 2009-04-14 08:29 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Malwarebytes
2009-04-14 02:14 . 2009-04-15 09:28 -------- dc----w C:\Rooter$
2009-04-13 07:05 . 2009-04-13 07:05 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\KodakGallery
2009-04-13 06:07 . 2009-04-13 06:07 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\{92DBF11B-E4B1-4EB9-A1AC-F50900593C1E}
2009-04-13 04:16 . 2009-04-16 21:27 0 -c--a-w c:\desktop\Nxopupo.bin
2009-04-13 04:16 . 2009-04-13 04:16 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\{2F72C276-E543-4D52-949F-C86DD5847349}
2009-04-13 03:30 . 2009-04-13 03:30 615 -c--a-w c:\desktop\system32\DsGtluA.vbs
2009-04-13 03:30 . 2009-04-13 03:30 139264 -c--a-w c:\desktop\system32\d3dim70032.dll
2009-04-12 03:19 . 2009-04-12 03:19 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 03:28 . 2009-04-09 03:28 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Identities
2009-04-09 00:06 . 2009-04-09 00:06 -------- dc----w c:\desktop\Sun
2009-04-06 08:39 . 2009-04-06 08:39 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Mozilla
2009-04-06 07:02 . 2009-04-06 07:02 0 -c--a-w c:\desktop\nsreg.dat
2009-04-06 07:02 . 2009-04-06 07:02 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\Mozilla
2009-04-06 05:02 . 2009-04-06 05:02 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Skinux
2009-04-06 02:35 . 2009-04-06 02:35 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\KodakGallery
2009-04-06 02:34 . 2009-04-06 02:34 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Skinux
2009-04-06 02:31 . 2008-04-13 18:45 15104 -c--a-w c:\desktop\system32\drivers\usbscan.sys
2009-04-06 02:31 . 2008-04-13 18:45 15104 -c--a-w c:\desktop\system32\dllcache\usbscan.sys
2009-04-06 02:31 . 2001-08-17 12:36 5632 -c--a-w c:\desktop\system32\ptpusb.dll
2009-04-06 02:31 . 2008-04-14 00:12 159232 -c--a-w c:\desktop\system32\ptpusd.dll
2009-04-06 02:29 . 2009-04-06 02:31 -------- d-----w c:\program files\Common Files\Kodak
2009-04-06 02:26 . 2009-04-06 02:32 -------- d-----w c:\program files\Kodak
2009-04-06 02:25 . 2009-04-06 02:25 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Kodak
2009-04-06 00:06 . 2009-04-06 00:06 -------- dc----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2009-04-04 11:10 . 2009-04-04 11:10 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Apple Computer
2009-04-04 11:09 . 2009-04-04 11:09 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Apple Computer
2009-04-04 10:29 . 2009-04-04 10:29 -------- d-----w c:\program files\ConvertMP3
2009-04-03 06:41 . 2009-04-04 10:04 179 -c--a-w c:\desktop\WMACutjoin.ini
2009-04-03 06:35 . 2009-04-04 10:39 -------- dc----w C:\My Music
2009-04-03 06:34 . 2009-04-04 10:04 5 -c--a-w c:\desktop\system32\SySWMACJ.dat
2009-04-03 06:34 . 2004-12-08 03:21 1843200 -c--a-w c:\desktop\system32\NCTAudioFile2.dll
2009-04-03 06:34 . 2004-12-01 04:43 315392 -c--a-w c:\desktop\system32\NCTAudioPlayer2.dll
2009-04-03 06:34 . 2004-08-02 05:09 450560 -c--a-w c:\desktop\system32\NCTAudioTransform2.dll
2009-04-03 06:34 . 2004-05-20 04:24 196608 -c--a-w c:\desktop\system32\NCTWMAFile2.dll
2009-04-03 06:34 . 2003-12-08 02:49 116304 -c--a-w c:\desktop\system32\NCTWMAProfiles.prx
2009-04-03 06:34 . 2009-04-04 09:26 -------- d-----w c:\program files\HiFisoftware
2009-04-03 06:34 . 2002-01-05 04:37 344064 -c--a-w c:\desktop\system32\msvcr70.dll
2009-04-03 06:24 . 2009-04-04 10:39 135 -c--a-w c:\desktop\Mp3ACutjoin.ini
2009-04-03 06:20 . 2009-04-04 10:39 5 -c--a-w c:\desktop\system32\SySMACJ.dat
2009-04-03 06:07 . 2009-04-03 06:07 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\AVS4YOU
2009-04-03 06:07 . 2009-04-03 06:07 13496 -c--a-w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 06:04 . 2009-04-03 06:04 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\AVS4YOU
2009-04-03 06:04 . 2009-04-03 06:04 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-03 06:04 . 2003-05-21 02:50 24576 -c--a-w c:\desktop\system32\msxml3a.dll
2009-04-03 06:04 . 2009-04-03 06:20 -------- d-----w c:\program files\AVS4YOU
2009-04-03 02:21 . 2009-04-16 05:21 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\LimeWire
2009-04-03 02:21 . 2009-04-17 06:58 664 -c--a-w c:\desktop\system32\d3d9caps.dat
2009-04-03 02:11 . 2009-04-16 00:00 410984 -c--a-w c:\desktop\system32\deploytk.dll
2009-04-02 10:06 . 2009-04-02 10:06 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Foxit
2009-04-02 10:06 . 2009-04-02 10:06 -------- d-----w c:\program files\Foxit Software
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\scripting
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\l2schemas
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\en
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\bits
2009-04-02 10:02 . 2009-04-02 10:02 -------- dc----w c:\desktop\ServicePackFiles
2009-04-02 08:52 . 2008-12-20 23:15 52224 -c----w c:\desktop\system32\dllcache\msfeedsbs.dll
2009-04-02 08:52 . 2008-12-20 23:15 459264 -c----w c:\desktop\system32\dllcache\msfeeds.dll
2009-04-02 08:52 . 2008-12-20 23:15 267776 -c----w c:\desktop\system32\dllcache\iertutil.dll
2009-04-02 08:52 . 2008-12-20 23:15 6066688 -c----w c:\desktop\system32\dllcache\ieframe.dll
2009-04-02 08:52 . 2008-12-20 23:15 383488 -c----w c:\desktop\system32\dllcache\ieapfltr.dll
2009-04-02 08:52 . 2008-12-20 23:15 63488 -c----w c:\desktop\system32\dllcache\icardie.dll
2009-04-02 08:52 . 2008-12-19 09:10 13824 -c----w c:\desktop\system32\dllcache\ieudinit.exe
2009-04-02 08:52 . 2007-04-17 09:32 2455488 -c----w c:\desktop\system32\dllcache\ieapfltr.dat
2009-04-02 08:52 . 2007-03-08 05:10 991232 -c----w c:\desktop\system32\dllcache\ieframe.dll.mui
2009-04-02 08:28 . 2004-08-03 12:29 73216 -c----w c:\desktop\system32\drivers\atintuxx.sys
2009-04-02 08:24 . 2009-03-26 06:49 15504 -c--a-w c:\desktop\system32\drivers\mbam.sys
2009-04-02 08:24 . 2009-03-26 06:49 38496 -c--a-w c:\desktop\system32\drivers\mbamswissarmy.sys
2009-04-02 08:24 . 2009-04-02 08:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 08:21 . 2009-04-02 08:21 13682 -c--a-w c:\desktop\system32\wpa.bak
2009-04-02 08:13 . 2008-06-13 11:05 272128 -c----w c:\desktop\system32\drivers\bthport.sys
2009-04-02 08:13 . 2008-06-13 11:05 272128 -c----w c:\desktop\system32\dllcache\bthport.sys
2009-04-02 08:12 . 2008-08-14 10:09 2145280 -c----w c:\desktop\system32\dllcache\ntkrnlmp.exe
2009-04-02 08:12 . 2008-08-14 10:11 2189184 -c----w c:\desktop\system32\dllcache\ntoskrnl.exe
2009-04-02 08:12 . 2008-08-14 09:33 2023936 -c----w c:\desktop\system32\dllcache\ntkrpamp.exe
2009-04-02 08:12 . 2008-08-14 09:33 2066048 -c----w c:\desktop\system32\dllcache\ntkrnlpa.exe
2009-04-02 08:10 . 2008-05-08 14:02 203136 -c----w c:\desktop\system32\dllcache\rmcast.sys
2009-04-02 08:10 . 2008-10-24 11:21 455296 -c----w c:\desktop\system32\dllcache\mrxsmb.sys
2009-04-02 08:10 . 2008-12-11 10:57 333952 -c----w c:\desktop\system32\dllcache\srv.sys
2009-04-02 08:09 . 2008-04-11 19:04 691712 -c----w c:\desktop\system32\dllcache\inetcomm.dll
2009-04-02 08:08 . 2009-04-02 08:08 -------- dcsh--w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\UserData
2009-04-02 08:08 . 2008-10-15 16:34 337408 -c----w c:\desktop\system32\dllcache\netapi32.dll
2009-04-02 08:06 . 2009-04-02 08:06 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Malwarebytes
2009-04-02 08:06 . 2009-04-02 08:06 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Malwarebytes
2009-04-02 07:54 . 2008-12-10 03:56 187392 -c--a-w c:\desktop\system32\drivers\b57xp32.sys
2009-04-02 07:54 . 2008-12-10 03:56 187392 -c--a-w c:\desktop\system32\dllcache\b57xp32.sys
2009-04-02 05:50 . 2009-04-02 05:50 -------- dc----w C:\win_xp_2k3_32
2009-04-02 04:54 . 2009-04-02 04:54 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\LG Electronics
2009-04-02 04:41 . 2009-04-02 04:41 -------- d-----w c:\program files\LG Electronics
2009-04-02 04:41 . 2007-12-27 01:17 21760 -c--a-w c:\desktop\system32\drivers\lgusbmodem.sys
2009-04-02 04:41 . 2007-12-27 01:15 12672 -c--a-w c:\desktop\system32\drivers\lgusbbus.sys
2009-04-02 04:41 . 2007-12-27 01:14 19968 -c--a-w c:\desktop\system32\drivers\lgusbdiag.sys
2009-04-02 04:40 . 2009-04-02 04:41 -------- d-----w c:\program files\LG PC Suite 2
2009-04-02 04:39 . 2009-04-02 04:39 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\InstallShield
2009-04-02 00:36 . 2009-04-04 11:09 13496 -c--a-w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 09:54 . 2005-05-03 08:43 69632 -c--a-w c:\desktop\Alcmtr.exe
2009-04-01 09:54 . 2009-04-01 09:54 319488 -c--a-w c:\desktop\HideWin.exe
2009-04-01 03:58 . 2009-04-01 09:48 -------- dc----w C:\Inetpub
2009-04-01 02:44 . 2006-02-28 12:00 53248 -c--a-w c:\desktop\system32\dllcache\nextlink.dll
2009-04-01 02:43 . 2001-08-17 12:36 45056 -c--a-w c:\desktop\system32\dllcache\EXCH_aqadmin.dll
2009-04-01 02:43 . 2001-08-17 12:36 5632 -c--a-w c:\desktop\system32\dllcache\EXCH_adsiisex.dll
2009-04-01 02:43 . 2006-02-28 12:00 6144 -c--a-w c:\desktop\system32\dllcache\admxprox.dll
2009-04-01 02:43 . 2006-02-28 12:00 49664 -c--a-w c:\desktop\system32\dllcache\adrot.dll
2009-04-01 02:43 . 2006-02-28 12:00 7168 -c--a-w c:\desktop\system32\dllcache\wamregps.dll
2009-04-01 02:43 . 2006-02-28 12:00 7680 -c--a-w c:\desktop\system32\dllcache\inetmgr.exe
2009-04-01 02:43 . 2006-02-28 12:00 19968 -c--a-w c:\desktop\system32\dllcache\inetsloc.dll
2009-04-01 02:43 . 2006-02-28 12:00 6144 -c--a-w c:\desktop\system32\dllcache\ftpsapi2.dll
2009-04-01 02:43 . 2006-02-28 12:00 5632 -c--a-w c:\desktop\system32\dllcache\iisrstap.dll
2009-04-01 02:43 . 2006-02-28 12:00 169984 -c--a-w c:\desktop\system32\dllcache\iisui.dll
2009-04-01 02:43 . 2006-02-28 12:00 14336 -c--a-w c:\desktop\system32\dllcache\iisreset.exe
2009-04-01 02:43 . 2006-02-28 12:00 94720 -c--a-w c:\desktop\system32\dllcache\certmap.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 05:36 . 2009-04-18 05:36 374272 -csha-w c:\desktop\system32\1.tmp
2009-04-18 03:46 . 2009-04-18 03:45 923 -c----w C:\Win32.Worm.Downladup.Gen.log
2009-04-17 07:32 . 2009-04-17 07:10 -------- dc-h--w c:\documents and settings\All Users.DESKTOP\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 07:32 . 2009-04-16 03:03 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\NOS
2009-04-17 07:32 . 2009-04-04 08:41 -------- d-----w c:\program files\Common Files\Apple
2009-04-17 07:29 . 2009-04-16 21:04 -------- d-----w c:\program files\ERUNT
2009-04-17 07:23 . 2009-04-17 07:28 170838 -c--a-w c:\desktop\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-04-17 07:10 . 2009-04-17 07:10 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Lavasoft
2009-04-17 07:10 . 2009-04-17 07:10 -------- d-----w c:\program files\Lavasoft
2009-04-16 03:23 . 2009-04-16 03:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-16 03:23 . 2008-02-04 03:19 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 09:28 . 2009-04-14 02:15 2336 -c--a-w C:\Rooter.txt
2009-04-14 23:31 . 2009-02-15 11:40 -------- d-----w c:\program files\LimeWire
2009-04-04 11:08 . 2009-04-04 08:43 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Apple Computer
2009-04-04 08:43 . 2009-04-04 08:43 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 08:42 . 2009-04-04 08:42 -------- d-----w c:\program files\QuickTime
2009-04-04 08:42 . 2009-04-04 08:42 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Apple Computer
2009-04-04 08:42 . 2009-04-04 08:41 -------- d-----w c:\program files\Apple Software Update
2009-04-04 08:41 . 2009-04-04 08:41 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Apple
2009-04-04 07:10 . 2008-02-04 03:20 -------- d-----w c:\program files\Java
2009-04-02 10:07 . 2009-03-25 23:54 86327 -c--a-w c:\desktop\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 09:59 . 2009-04-01 02:19 250048 --sha-r C:\ntldr
2009-04-02 04:54 . 2009-04-02 04:43 0 -c--a-w C:\Tech_Vista.log
2009-04-02 04:41 . 2008-02-04 02:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 09:56 . 2008-02-04 02:45 567 -c--a-w C:\RHDSetup.log
2009-04-01 09:54 . 2009-03-25 21:37 -------- d-----w c:\program files\Realtek
2009-04-01 02:41 . 2009-03-25 23:53 22732 -c--a-w c:\desktop\system32\emptyregdb.dat
2009-04-01 02:41 . 2009-04-01 02:41 1071 -c--a-w c:\desktop\Inf\COM97.tmp
2009-03-30 06:05 . 2009-03-26 01:28 -------- d-----w c:\program files\Efficient Networks
2009-03-27 08:45 . 2009-02-14 07:19 -------- d-----w c:\program files\vanBasco's Karaoke Player
2009-03-26 02:15 . 2009-03-26 02:15 -------- d-----w c:\program files\Telstra
2009-03-25 20:49 . 2009-03-25 20:49 10 -c--a-w C:\csb.log
2009-03-24 03:26 . 2009-03-24 03:26 -------- d-----w c:\program files\VIA
2009-03-24 00:10 . 2009-03-24 00:10 -------- d-----w c:\program files\IObit
2009-03-23 09:52 . 2009-03-23 08:14 -------- d-----w c:\program files\Incomplete
2009-03-23 08:16 . 2009-03-23 04:54 -------- d-----w c:\program files\McAfee
2009-03-23 04:54 . 2009-03-23 04:54 -------- d-----w c:\program files\Common Files\McAfee
2009-03-21 00:06 . 2009-02-21 08:48 -------- d-----w c:\program files\Trend Micro
2009-03-19 06:32 . 2009-04-04 08:43 23400 -c--a-w c:\desktop\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:26 . 2009-02-13 11:44 -------- d-----w c:\program files\Digidesign
2009-03-13 10:08 . 2009-03-13 10:07 -------- d-----w c:\program files\DX-Ball
2009-03-05 13:59 . 2009-04-04 08:41 36864 -c--a-w c:\desktop\system32\drivers\usbaapl.sys
2009-03-05 13:59 . 2009-04-04 08:41 1900544 -c--a-w c:\desktop\system32\usbaaplrc.dll
2009-03-02 15:15 . 2009-03-02 02:51 -------- d-----w c:\program files\Any Video Converter
2009-03-01 12:33 . 2009-02-24 02:12 -------- d-----w c:\program files\VSO
2009-03-01 08:16 . 2009-03-01 08:16 -------- d-----w c:\program files\Apowersoft
2009-03-01 08:08 . 2009-03-01 08:08 -------- d-----w c:\program files\aHisoft
2009-02-28 00:47 . 2009-02-28 00:47 -------- d-----w c:\program files\Alwil Software
2009-02-27 23:40 . 2009-02-27 23:40 -------- d-----w c:\program files\AskSearch
2009-02-27 06:20 . 2009-02-26 10:30 -------- d-----w c:\program files\Yahoo!
2009-02-27 06:19 . 2009-02-21 23:46 -------- d-----w c:\program files\SUPERAntiSpyware
2009-02-26 10:12 . 2009-02-26 09:41 -------- d-----w c:\program files\Video Enhancer
2009-02-26 09:37 . 2009-02-26 09:34 -------- d-----w c:\program files\Free Video Zilla
2009-02-24 23:58 . 2009-02-24 14:52 -------- d-----w c:\program files\cheapestsoft
2009-02-24 15:03 . 2009-02-13 08:22 -------- d-----w c:\program files\Easy DVD Copy
2009-02-24 14:55 . 2009-02-24 14:54 27279112 -c--a-w C:\output.dat
2009-02-24 14:51 . 2009-02-24 14:46 -------- d-----w c:\program files\iOrgSoft
2009-02-21 09:38 . 2009-02-21 09:32 -------- d-----w c:\program files\NoAdware
2009-02-20 16:09 . 2008-02-04 02:13 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 11:13 . 2009-04-01 02:19 1846784 -c--a-w c:\desktop\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\desktop\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGPCSuiteLanucher"="c:\program files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" [2008-04-16 2637824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Mfaliqaqojune"="c:\desktop\Mwasurixu.dat" [2009-04-18 146944]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\desktop\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\desktop\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\desktop\alcwzrd.exe [2006-05-04 2808832]

c:\documents and settings\BiG SeXc YaK\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-11 139776]

c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users.DESKTOP\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\3873e018573]
2009-04-13 03:30 139264 -c--a-w c:\desktop\System32\d3dim70032.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\desktop\System32\d3dim70032.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli facsveph.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"= 8073:TCP:dihrt

R0 higqpez;higqpez; [x]
R2 erayb;Manager Shell;c:\desktop\system32\svchost.exe [2008-04-14 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
erayb
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\desktop\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Mozilla\Firefox\Profiles\seb8fejs.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\erayb]
"ServiceDll"="c:\desktop\system32\tpadllb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\desktop\System32\d3dim70032.dll

- - - - - - - > 'explorer.exe'(3144)
c:\desktop\System32\d3dim70032.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\desktop\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-18 15:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 05:38

Pre-Run: 50,955,096,064 bytes free
Post-Run: 51,573,362,688 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
302 --- E O F --- 2009-04-12 03:19

[james09]

Thanks. I've posted my logs....
Just wanted to let you know my computer isnt booting properly, when it gets to "windows is starting up..." page, a system error comes up with lsass.exe and says object name not found. When i click ok my computer restarts and i get the same thing again. So I have been hitting F8 on boot and going to last known good configuration. When i do this my computer boots fine.
Just wondering if this means anything to you..

[fenzodahl512]

1. Please open Notepad

• If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
erayb

Driver::
higqpez
erayb

File::
c:\desktop\system32\02.tmp
c:\desktop\system32\01.tmp
c:\desktop\Mwasurixu.dat
c:\desktop\system32\DsGtluA.vbs
c:\desktop\system32\d3dim70032.dll
c:\desktop\system32\1.tmp
c:\desktop\system32\tpadllb.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\3873e018573]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\erayb]

DirLook::
c:\desktop\system32\NetworkService32

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[james09]

hey
yesterday i went ahead and bought myself an anti-virus program. When i installed it, it deleted programs off my computer that contained viruses.... one of these programs included combofix. When i go to download it again it tells me all three links contain a virus (win32.nircmd.a) so now i am unable to follow your last steps with combofix.
I ran a full scan on my computer, it found 36 viruses and apparently has got rid of all of them, although, other viruses pop up when using other websites. I am still trying to get the jist of using this program, so i am not sure if it is repairing or deleting the viruses when it lets me know one is there.
Here is a fresh HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:31 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\DESKTOP\System32\smss.exe
C:\DESKTOP\system32\winlogon.exe
C:\DESKTOP\system32\services.exe
C:\DESKTOP\system32\lsass.exe
C:\DESKTOP\system32\svchost.exe
C:\DESKTOP\System32\svchost.exe
C:\DESKTOP\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\DESKTOP\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\DESKTOP\system32\svcprs32.exe
C:\DESKTOP\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\DESKTOP\SOUNDMAN.EXE
C:\DESKTOP\ALCWZRD.EXE
C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\DESKTOP\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\DESKTOP\system32\mdmcls32.exe
C:\DESKTOP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\DESKTOP\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LGPCSuiteLanucher] "C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Mfaliqaqojune] rundll32.exe "C:\DESKTOP\ekuxafes.dll",e
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [dvHighMem] C:\DESKTOP\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe"
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\DESKTOP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\DESKTOP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\DESKTOP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...rk.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/...on.cab64162.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\DESKTOP\system32\svcprs32.exe

--
End of file - 8672 bytes

[fenzodahl512]

I didn't ask you to buy/install any antivirus program yet.. It will only complicate our fixes..

Now, please totally disable your antivirus each time you do the fixes..

Delete your version of ComboFix from the computer and download a fresh one from below.. Run it and post the log here..

Link 1

[james09]

ComboFix 09-04-21.A1 - LILLIA 04/21/2009 21:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.249 [GMT 10:00]
Running from: c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\desktop\facsveph.dll
c:\desktop\system32\1.tmp
c:\desktop\system32\GroupPolicy000.dat
c:\desktop\system32\Memman.vxd
c:\desktop\system32\mkghj.dll
c:\desktop\system32\skinboxer43.dll
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573C.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573O.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573P.manifest
c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\020000009527082f573S.manifest

.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-20 02:44 . 2009-04-20 02:44 754 -c--a-w c:\desktop\WORDPAD.INI
2009-04-18 22:14 . 2009-04-18 22:14 124 -c--a-w c:\desktop\wininit.ini
2009-04-18 11:00 . 2009-04-21 11:05 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\CallingID
2009-04-18 09:19 . 2009-04-18 09:20 -------- d-----w c:\program files\Blaze Media Pro
2009-04-18 09:19 . 2009-04-18 09:20 -------- dc-h--w c:\documents and settings\All Users.DESKTOP\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-04-18 06:23 . 2009-04-18 09:15 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\CallingID
2009-04-18 06:08 . 2009-04-21 10:51 -------- dc----w c:\desktop\rnapxs
2009-04-18 06:08 . 2002-01-01 03:02 7440 -c--a-w c:\desktop\system32\sporder.dll
2009-04-18 06:07 . 2009-04-18 06:09 -------- d-----w c:\program files\CA
2009-04-18 06:05 . 2009-04-18 06:05 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\CA
2009-04-18 06:04 . 2009-04-18 06:04 -------- dc----w c:\documents and settings\LILLIA~1~FON\LOCALS~1
2009-04-18 06:04 . 2009-04-18 06:04 -------- dc----w c:\documents and settings\LILLIA~1~FON
2009-04-18 05:52 . 2009-04-18 05:52 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\{92DBF11B-E4B1-4EB9-A1AC-F50900593C1E}
2009-04-18 05:25 . 2009-03-06 14:22 284160 -c----w c:\desktop\system32\dllcache\pdh.dll
2009-04-18 05:25 . 2009-02-09 12:10 729088 -c----w c:\desktop\system32\dllcache\lsasrv.dll
2009-04-18 05:25 . 2009-02-09 12:10 473600 -c----w c:\desktop\system32\dllcache\fastprox.dll
2009-04-18 05:25 . 2009-02-09 12:10 453120 -c----w c:\desktop\system32\dllcache\wmiprvsd.dll
2009-04-18 05:25 . 2009-02-09 12:10 401408 -c----w c:\desktop\system32\dllcache\rpcss.dll
2009-04-18 05:25 . 2009-02-06 11:11 110592 -c----w c:\desktop\system32\dllcache\services.exe
2009-04-18 05:25 . 2009-02-06 10:10 227840 -c----w c:\desktop\system32\dllcache\wmiprvse.exe
2009-04-18 05:25 . 2009-02-09 12:10 714752 -c----w c:\desktop\system32\dllcache\ntdll.dll
2009-04-18 05:25 . 2009-02-09 12:10 617472 -c----w c:\desktop\system32\dllcache\advapi32.dll
2009-04-18 05:24 . 2009-03-27 06:58 1203922 -c----w c:\desktop\system32\dllcache\sysmain.sdb
2009-04-18 05:24 . 2008-05-03 11:55 2560 -c----w c:\desktop\system32\xpsp4res.dll
2009-04-18 05:24 . 2008-04-21 12:08 215552 -c----w c:\desktop\system32\dllcache\wordpad.exe
2009-04-18 03:40 . 2009-04-18 03:40 4096 -c--a-w c:\desktop\system32\02.tmp
2009-04-18 03:36 . 2009-04-18 03:36 4096 -c--a-w c:\desktop\system32\01.tmp
2009-04-18 00:20 . 2009-04-18 11:34 -------- dcsh--w c:\desktop\system32\NetworkService32
2009-04-18 00:19 . 2009-04-18 22:29 146944 -c--a-w c:\desktop\Mwasurixu.dat
2009-04-17 07:32 . 2009-04-17 07:32 -------- d-----w c:\program files\NOS
2009-04-17 07:32 . 2009-04-17 07:32 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\NOS
2009-04-17 07:31 . 2009-04-17 07:31 -------- dc----w C:\Converted Videos
2009-04-17 07:10 . 2009-04-18 22:12 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Lavasoft
2009-04-16 03:58 . 2009-04-18 22:14 -------- dc----w C:\etax2008
2009-04-16 03:04 . 2009-04-17 07:30 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Adobe
2009-04-16 03:03 . 2009-04-17 07:32 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\NOS
2009-04-16 00:01 . 2009-04-16 00:00 73728 -c--a-w c:\desktop\system32\javacpl.cpl
2009-04-15 23:34 . 2009-04-17 07:32 -------- d-----w c:\program files\iPod
2009-04-15 23:34 . 2009-04-17 07:32 -------- d-----w c:\program files\iTunes
2009-04-15 23:33 . 2009-04-17 07:32 -------- d-----w c:\program files\Bonjour
2009-04-15 01:10 . 2009-04-17 07:32 -------- d-----w c:\program files\AskTBar
2009-04-15 00:49 . 2005-08-26 17:38 1435272 -c--a-w c:\desktop\system32\Flash.ocx
2009-04-15 00:49 . 2009-04-15 00:49 -------- d-----w c:\program files\Robust.ws
2009-04-14 23:22 . 2009-04-14 23:22 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 08:29 . 2009-04-14 08:29 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Malwarebytes
2009-04-14 02:14 . 2009-04-15 09:28 -------- dc----w C:\Rooter$
2009-04-13 07:05 . 2009-04-13 07:05 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\KodakGallery
2009-04-13 04:16 . 2009-04-16 21:27 0 -c--a-w c:\desktop\Nxopupo.bin
2009-04-13 04:16 . 2009-04-13 04:16 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\{2F72C276-E543-4D52-949F-C86DD5847349}
2009-04-13 03:30 . 2009-04-13 03:30 615 -c--a-w c:\desktop\system32\DsGtluA.vbs
2009-04-09 03:28 . 2009-04-09 03:28 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Identities
2009-04-09 00:06 . 2009-04-09 00:06 -------- dc----w c:\desktop\Sun
2009-04-06 08:39 . 2009-04-06 08:39 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Mozilla
2009-04-06 07:02 . 2009-04-06 07:02 0 -c--a-w c:\desktop\nsreg.dat
2009-04-06 07:02 . 2009-04-06 07:02 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\Mozilla
2009-04-06 05:02 . 2009-04-06 05:02 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Skinux
2009-04-06 02:35 . 2009-04-06 02:35 -------- dc----w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\KodakGallery
2009-04-06 02:34 . 2009-04-06 02:34 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Skinux
2009-04-06 02:31 . 2008-04-13 18:45 15104 -c--a-w c:\desktop\system32\drivers\usbscan.sys
2009-04-06 02:31 . 2008-04-13 18:45 15104 -c--a-w c:\desktop\system32\dllcache\usbscan.sys
2009-04-06 02:31 . 2001-08-17 12:36 5632 -c--a-w c:\desktop\system32\ptpusb.dll
2009-04-06 02:31 . 2008-04-14 00:12 159232 -c--a-w c:\desktop\system32\ptpusd.dll
2009-04-06 02:29 . 2009-04-06 02:31 -------- d-----w c:\program files\Common Files\Kodak
2009-04-06 02:26 . 2009-04-06 02:32 -------- d-----w c:\program files\Kodak
2009-04-06 02:25 . 2009-04-06 02:25 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Kodak
2009-04-06 00:06 . 2009-04-06 00:06 -------- dc----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2009-04-04 11:10 . 2009-04-04 11:10 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Apple Computer
2009-04-04 11:09 . 2009-04-04 11:09 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Local Settings\Application Data\Apple Computer
2009-04-04 10:29 . 2009-04-04 10:29 -------- d-----w c:\program files\ConvertMP3
2009-04-03 06:41 . 2009-04-04 10:04 179 -c--a-w c:\desktop\WMACutjoin.ini
2009-04-03 06:35 . 2009-04-04 10:39 -------- dc----w C:\My Music
2009-04-03 06:34 . 2009-04-04 10:04 5 -c--a-w c:\desktop\system32\SySWMACJ.dat
2009-04-03 06:34 . 2004-12-08 03:21 1843200 -c--a-w c:\desktop\system32\NCTAudioFile2.dll
2009-04-03 06:34 . 2004-12-01 04:43 315392 -c--a-w c:\desktop\system32\NCTAudioPlayer2.dll
2009-04-03 06:34 . 2004-08-02 05:09 450560 -c--a-w c:\desktop\system32\NCTAudioTransform2.dll
2009-04-03 06:34 . 2004-05-20 04:24 196608 -c--a-w c:\desktop\system32\NCTWMAFile2.dll
2009-04-03 06:34 . 2003-12-08 02:49 116304 -c--a-w c:\desktop\system32\NCTWMAProfiles.prx
2009-04-03 06:34 . 2009-04-04 09:26 -------- d-----w c:\program files\HiFisoftware
2009-04-03 06:34 . 2002-01-05 04:37 344064 -c--a-w c:\desktop\system32\msvcr70.dll
2009-04-03 06:24 . 2009-04-04 10:39 135 -c--a-w c:\desktop\Mp3ACutjoin.ini
2009-04-03 06:20 . 2009-04-04 10:39 5 -c--a-w c:\desktop\system32\SySMACJ.dat
2009-04-03 06:07 . 2009-04-03 06:07 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\AVS4YOU
2009-04-03 06:07 . 2009-04-03 06:07 13496 -c--a-w c:\documents and settings\BiG SeXc YaK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 06:04 . 2009-04-03 06:04 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\AVS4YOU
2009-04-03 06:04 . 2009-04-03 06:04 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-03 06:04 . 2003-05-21 02:50 24576 -c--a-w c:\desktop\system32\msxml3a.dll
2009-04-03 06:04 . 2009-04-03 06:20 -------- d-----w c:\program files\AVS4YOU
2009-04-03 02:21 . 2009-04-18 09:00 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\LimeWire
2009-04-03 02:21 . 2009-04-21 09:26 664 -c--a-w c:\desktop\system32\d3d9caps.dat
2009-04-03 02:11 . 2009-04-16 00:00 410984 -c--a-w c:\desktop\system32\deploytk.dll
2009-04-02 10:06 . 2009-04-02 10:06 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Foxit
2009-04-02 10:06 . 2009-04-02 10:06 -------- d-----w c:\program files\Foxit Software
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\scripting
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\l2schemas
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\en
2009-04-02 10:05 . 2009-04-02 10:05 -------- dc----w c:\desktop\system32\bits
2009-04-02 10:02 . 2009-04-02 10:02 -------- dc----w c:\desktop\ServicePackFiles
2009-04-02 08:52 . 2009-02-20 18:09 52224 -c----w c:\desktop\system32\dllcache\msfeedsbs.dll
2009-04-02 08:52 . 2009-02-20 18:09 459264 -c----w c:\desktop\system32\dllcache\msfeeds.dll
2009-04-02 08:52 . 2009-02-20 18:09 268288 -c----w c:\desktop\system32\dllcache\iertutil.dll
2009-04-02 08:52 . 2009-02-20 18:09 63488 -c----w c:\desktop\system32\dllcache\icardie.dll
2009-04-02 08:52 . 2009-02-20 18:09 6066176 -c----w c:\desktop\system32\dllcache\ieframe.dll
2009-04-02 08:52 . 2009-02-20 18:09 383488 -c----w c:\desktop\system32\dllcache\ieapfltr.dll
2009-04-02 08:52 . 2009-02-20 10:20 13824 -c----w c:\desktop\system32\dllcache\ieudinit.exe
2009-04-02 08:52 . 2008-07-09 14:30 991232 -c----w c:\desktop\system32\dllcache\ieframe.dll.mui
2009-04-02 08:52 . 2008-07-09 14:25 2455488 -c----w c:\desktop\system32\dllcache\ieapfltr.dat
2009-04-02 08:28 . 2004-08-03 12:29 73216 -c----w c:\desktop\system32\drivers\atintuxx.sys
2009-04-02 08:21 . 2009-04-02 08:21 13682 -c--a-w c:\desktop\system32\wpa.bak
2009-04-02 08:13 . 2008-06-13 11:05 272128 -c----w c:\desktop\system32\drivers\bthport.sys
2009-04-02 08:13 . 2008-06-13 11:05 272128 -c----w c:\desktop\system32\dllcache\bthport.sys
2009-04-02 08:12 . 2009-02-06 11:06 2145280 -c----w c:\desktop\system32\dllcache\ntkrnlmp.exe
2009-04-02 08:12 . 2009-02-06 11:08 2189056 -c----w c:\desktop\system32\dllcache\ntoskrnl.exe
2009-04-02 08:12 . 2009-02-06 10:32 2023936 -c----w c:\desktop\system32\dllcache\ntkrpamp.exe
2009-04-02 08:12 . 2009-02-07 09:02 2066048 -c----w c:\desktop\system32\dllcache\ntkrnlpa.exe
2009-04-02 08:10 . 2008-05-08 14:02 203136 -c----w c:\desktop\system32\dllcache\rmcast.sys
2009-04-02 08:10 . 2008-10-24 11:21 455296 -c----w c:\desktop\system32\dllcache\mrxsmb.sys
2009-04-02 08:10 . 2008-12-11 10:57 333952 -c----w c:\desktop\system32\dllcache\srv.sys
2009-04-02 08:09 . 2008-04-11 19:04 691712 -c----w c:\desktop\system32\dllcache\inetcomm.dll
2009-04-02 08:08 . 2009-04-02 08:08 -------- dcsh--w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\UserData
2009-04-02 08:08 . 2008-10-15 16:34 337408 -c----w c:\desktop\system32\dllcache\netapi32.dll
2009-04-02 08:06 . 2009-04-02 08:06 -------- dc----w c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Malwarebytes
2009-04-02 08:06 . 2009-04-02 08:06 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Malwarebytes
2009-04-02 07:54 . 2008-12-10 03:56 187392 -c--a-w c:\desktop\system32\drivers\b57xp32.sys
2009-04-02 07:54 . 2008-12-10 03:56 187392 -c--a-w c:\desktop\system32\dllcache\b57xp32.sys
2009-04-02 05:50 . 2009-04-02 05:50 -------- dc----w C:\win_xp_2k3_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 09:29 . 2009-04-18 09:29 -------- d-----w c:\program files\Zealot Software
2009-04-18 06:24 . 2009-04-18 06:05 975920 -c--a-w C:\caisslog.txt
2009-04-18 06:18 . 2009-04-18 06:09 880560 ----a-w c:\desktop\system32\drivers\vetefile.sys
2009-04-18 06:18 . 2009-04-18 06:09 26352 -c--a-w c:\desktop\system32\drivers\vet-filt.sys
2009-04-18 06:18 . 2009-04-18 06:09 21488 -c--a-w c:\desktop\system32\drivers\vetfddnt.sys
2009-04-18 06:18 . 2009-04-18 06:09 21104 -c--a-w c:\desktop\system32\drivers\vet-rec.sys
2009-04-18 06:18 . 2009-04-18 06:09 161008 -c--a-w c:\desktop\system32\drivers\vetmonnt.sys
2009-04-18 06:18 . 2009-04-18 06:09 111856 -c--a-w c:\desktop\system32\isafprod.dll
2009-04-18 06:18 . 2009-04-18 06:09 108368 ----a-w c:\desktop\system32\drivers\veteboot.sys
2009-04-18 06:09 . 2009-04-18 06:09 -------- d-----w c:\program files\ISSThirdParty
2009-04-18 06:09 . 2009-04-18 06:09 -------- d-----w c:\program files\Common Files\Scanner
2009-04-18 06:09 . 2009-04-18 06:09 56129 -c--a-w C:\caavsetupLog.txt
2009-04-18 06:09 . 2009-04-18 06:09 2732032 -c--a-w c:\desktop\system32\win32cpr.dll
2009-04-18 06:09 . 2009-04-18 06:09 1564771 -c--a-w c:\desktop\system32\winsflt.dll
2009-04-18 06:08 . 2008-02-04 02:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 03:46 . 2009-04-18 03:45 923 -c----w C:\Win32.Worm.Downladup.Gen.log
2009-04-17 07:32 . 2009-04-04 08:41 -------- d-----w c:\program files\Common Files\Apple
2009-04-17 07:23 . 2009-04-17 07:28 170838 -c--a-w c:\desktop\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-04-16 03:23 . 2008-02-04 03:19 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 09:28 . 2009-04-14 02:15 2336 -c--a-w C:\Rooter.txt
2009-04-04 11:08 . 2009-04-04 08:43 -------- dc----w c:\documents and settings\BiG SeXc YaK\Application Data\Apple Computer
2009-04-04 08:43 . 2009-04-04 08:43 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 08:42 . 2009-04-04 08:42 -------- d-----w c:\program files\QuickTime
2009-04-04 08:42 . 2009-04-04 08:42 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Apple Computer
2009-04-04 08:42 . 2009-04-04 08:41 -------- d-----w c:\program files\Apple Software Update
2009-04-04 08:41 . 2009-04-04 08:41 -------- dc----w c:\documents and settings\All Users.DESKTOP\Application Data\Apple
2009-04-04 07:10 . 2008-02-04 03:20 -------- d-----w c:\program files\Java
2009-04-02 10:07 . 2009-03-25 23:54 86327 -c--a-w c:\desktop\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 09:59 . 2009-04-01 02:19 250048 --sha-r C:\ntldr
2009-04-02 04:54 . 2009-04-02 04:43 0 -c--a-w C:\Tech_Vista.log
2009-04-01 09:56 . 2008-02-04 02:45 567 -c--a-w C:\RHDSetup.log
2009-04-01 09:54 . 2009-03-25 21:37 -------- d-----w c:\program files\Realtek
2009-04-01 02:41 . 2009-03-25 23:53 22732 -c--a-w c:\desktop\system32\emptyregdb.dat
2009-04-01 02:41 . 2009-04-01 02:41 1071 -c--a-w c:\desktop\Inf\COM97.tmp
2009-03-30 06:05 . 2009-03-26 01:28 -------- d-----w c:\program files\Efficient Networks
2009-03-27 08:45 . 2009-02-14 07:19 -------- d-----w c:\program files\vanBasco's Karaoke Player
2009-03-26 02:15 . 2009-03-26 02:15 -------- d-----w c:\program files\Telstra
2009-03-25 20:49 . 2009-03-25 20:49 10 -c--a-w C:\csb.log
2009-03-24 03:26 . 2009-03-24 03:26 -------- d-----w c:\program files\VIA
2009-03-24 00:10 . 2009-03-24 00:10 -------- d-----w c:\program files\IObit
2009-03-23 09:52 . 2009-03-23 08:14 -------- d-----w c:\program files\Incomplete
2009-03-23 08:16 . 2009-03-23 04:54 -------- d-----w c:\program files\McAfee
2009-03-23 04:54 . 2009-03-23 04:54 -------- d-----w c:\program files\Common Files\McAfee
2009-03-21 00:06 . 2009-02-21 08:48 -------- d-----w c:\program files\Trend Micro
2009-03-19 06:32 . 2009-04-04 08:43 23400 -c--a-w c:\desktop\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:26 . 2009-02-13 11:44 -------- d-----w c:\program files\Digidesign
2009-03-13 10:08 . 2009-03-13 10:07 -------- d-----w c:\program files\DX-Ball
2009-03-06 14:22 . 2009-04-01 02:19 284160 -c--a-w c:\desktop\system32\pdh.dll
2009-03-05 13:59 . 2009-04-04 08:41 36864 -c--a-w c:\desktop\system32\drivers\usbaapl.sys
2009-03-05 13:59 . 2009-04-04 08:41 1900544 -c--a-w c:\desktop\system32\usbaaplrc.dll
2009-03-03 00:18 . 2009-04-01 02:19 826368 -c--a-w c:\desktop\system32\wininet.dll
2009-03-02 15:15 . 2009-03-02 02:51 -------- d-----w c:\program files\Any Video Converter
2009-03-01 12:33 . 2009-02-24 02:12 -------- d-----w c:\program files\VSO
2009-03-01 08:16 . 2009-03-01 08:16 -------- d-----w c:\program files\Apowersoft
2009-03-01 08:08 . 2009-03-01 08:08 -------- d-----w c:\program files\aHisoft
2009-02-28 00:47 . 2009-02-28 00:47 -------- d-----w c:\program files\Alwil Software
2009-02-27 23:40 . 2009-02-27 23:40 -------- d-----w c:\program files\AskSearch
2009-02-27 06:20 . 2009-02-26 10:30 -------- d-----w c:\program files\Yahoo!
2009-02-27 06:19 . 2009-02-21 23:46 -------- d-----w c:\program files\SUPERAntiSpyware
2009-02-26 10:12 . 2009-02-26 09:41 -------- d-----w c:\program files\Video Enhancer
2009-02-26 09:37 . 2009-02-26 09:34 -------- d-----w c:\program files\Free Video Zilla
2009-02-24 23:58 . 2009-02-24 14:52 -------- d-----w c:\program files\cheapestsoft
2009-02-24 15:03 . 2009-02-13 08:22 -------- d-----w c:\program files\Easy DVD Copy
2009-02-24 14:55 . 2009-02-24 14:54 27279112 -c--a-w C:\output.dat
2009-02-24 14:51 . 2009-02-24 14:46 -------- d-----w c:\program files\iOrgSoft
2009-02-21 09:38 . 2009-02-21 09:32 -------- d-----w c:\program files\NoAdware
2009-02-20 18:09 . 2009-04-01 02:19 78336 -c--a-w c:\desktop\system32\ieencode.dll
2009-02-20 16:09 . 2008-02-04 02:13 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 12:10 . 2009-04-01 02:19 729088 -c--a-w c:\desktop\system32\lsasrv.dll
2009-02-09 12:10 . 2009-04-01 02:19 401408 -c--a-w c:\desktop\system32\rpcss.dll
2009-02-09 12:10 . 2009-04-01 02:19 714752 -c--a-w c:\desktop\system32\ntdll.dll
2009-02-09 12:10 . 2009-04-01 02:18 617472 -c--a-w c:\desktop\system32\advapi32.dll
2009-02-09 11:13 . 2009-04-01 02:19 1846784 -c--a-w c:\desktop\system32\win32k.sys
2009-02-06 11:11 . 2009-04-01 02:19 110592 -c--a-w c:\desktop\system32\services.exe
2009-02-06 11:06 . 2004-08-03 23:18 2145280 -c--a-w c:\desktop\system32\ntoskrnl.exe
2009-02-06 10:39 . 2009-04-01 02:19 35328 -c--a-w c:\desktop\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 -c--a-w c:\desktop\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-04-01 02:19 56832 -c--a-w c:\desktop\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_05.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 11:09 . 2009-04-21 11:09 16384 c:\desktop\Temp\Perflib_Perfdata_6e4.dat
+ 2009-04-18 09:29 . 2003-08-18 18:31 52736 c:\desktop\system32\viscomwave.dll
+ 2009-04-18 09:29 . 2006-05-02 12:16 60416 c:\desktop\system32\viscomtran.dll
+ 2009-04-18 09:29 . 2007-03-04 07:54 54272 c:\desktop\system32\viscomframe.dll
+ 2009-04-18 09:29 . 2006-12-05 06:19 59904 c:\desktop\system32\viscomaudioencoder.dll
+ 2009-04-18 09:29 . 2006-12-06 02:59 59904 c:\desktop\system32\viscomaudiodata.dll
+ 2008-08-28 11:18 . 2008-08-28 11:18 98304 c:\desktop\system32\VideoInfo.dll
+ 2009-04-18 09:29 . 2007-02-26 06:13 17920 c:\desktop\system32\videocore.dll
+ 2009-04-18 06:09 . 2008-08-19 18:42 83256 c:\desktop\system32\vetredir.dll
+ 2008-08-28 11:17 . 2008-08-28 11:17 97280 c:\desktop\system32\Uncommon.dll
+ 2007-06-06 06:46 . 2007-06-06 06:46 79368 c:\desktop\system32\UmxWNP.dll
- 2009-03-30 06:29 . 2007-08-10 10:46 26488 c:\desktop\system32\spupdsvc.exe
+ 2009-03-30 06:29 . 2008-07-09 07:38 26488 c:\desktop\system32\spupdsvc.exe
- 2009-04-01 02:19 . 2008-12-20 23:15 44544 c:\desktop\system32\pngfilt.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 44544 c:\desktop\system32\pngfilt.dll
+ 2009-03-25 23:35 . 2009-04-18 21:00 75946 c:\desktop\system32\perfc009.dat
- 2009-03-25 23:35 . 2009-04-06 02:29 75946 c:\desktop\system32\perfc009.dat
+ 2008-08-28 11:17 . 2008-08-28 11:17 61440 c:\desktop\system32\NormalizeDSP.dll
+ 2008-08-28 11:22 . 2008-08-28 11:22 71096 c:\desktop\system32\NMSAccess.exe
- 2009-03-25 23:52 . 2008-04-14 00:12 91648 c:\desktop\system32\mtxoci.dll
+ 2009-03-25 23:52 . 2008-06-12 14:23 91648 c:\desktop\system32\mtxoci.dll
+ 2009-04-01 02:19 . 2008-06-12 14:23 66560 c:\desktop\system32\mtxclu.dll
- 2009-04-01 02:19 . 2008-04-14 00:12 66560 c:\desktop\system32\mtxclu.dll
- 2007-08-13 08:54 . 2008-12-20 23:15 52224 c:\desktop\system32\msfeedsbs.dll
+ 2007-08-13 08:54 . 2009-02-20 18:09 52224 c:\desktop\system32\msfeedsbs.dll
+ 2009-03-25 23:52 . 2008-06-12 14:23 58880 c:\desktop\system32\msdtclog.dll
- 2009-03-25 23:52 . 2008-04-14 00:11 58880 c:\desktop\system32\msdtclog.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 27648 c:\desktop\system32\jsproxy.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 27648 c:\desktop\system32\jsproxy.dll
+ 2009-04-18 06:09 . 2008-08-19 18:42 99568 c:\desktop\system32\isafeif.dll
+ 2009-04-18 09:29 . 2007-08-08 02:25 61440 c:\desktop\system32\imgscaler.dll
+ 2009-04-18 09:29 . 2007-08-08 02:26 22016 c:\desktop\system32\img_utils.dll
+ 2007-08-13 08:39 . 2009-02-20 10:20 13824 c:\desktop\system32\ieudinit.exe
- 2007-08-13 08:39 . 2008-12-19 09:10 13824 c:\desktop\system32\ieudinit.exe
+ 2009-04-01 02:19 . 2009-02-20 18:09 44544 c:\desktop\system32\iernonce.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 44544 c:\desktop\system32\iernonce.dll
+ 2009-04-01 02:19 . 2009-02-20 10:20 70656 c:\desktop\system32\ie4uinit.exe
- 2009-04-01 02:19 . 2008-12-19 09:10 70656 c:\desktop\system32\ie4uinit.exe
- 2007-08-13 08:36 . 2008-12-20 23:15 63488 c:\desktop\system32\icardie.dll
+ 2007-08-13 08:36 . 2009-02-20 18:09 63488 c:\desktop\system32\icardie.dll
+ 2005-05-17 20:37 . 2005-05-17 20:37 76800 c:\desktop\system32\Faac.exe
+ 2008-07-30 03:38 . 2008-07-30 03:38 58872 c:\desktop\system32\drivers\KmxSbx.sys
+ 2009-01-09 06:25 . 2009-01-09 06:25 52728 c:\desktop\system32\drivers\KmxFile.sys
+ 2009-01-09 06:25 . 2009-01-09 06:25 72696 c:\desktop\system32\drivers\KmxAgent.sys
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\desktop\system32\dllcache\secur32.dll
+ 2009-04-01 02:19 . 2009-02-06 10:39 35328 c:\desktop\system32\dllcache\sc.exe
+ 2009-04-01 02:19 . 2009-02-20 18:09 44544 c:\desktop\system32\dllcache\pngfilt.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 44544 c:\desktop\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\desktop\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\desktop\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\desktop\system32\dllcache\msdtclog.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 27648 c:\desktop\system32\dllcache\jsproxy.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 27648 c:\desktop\system32\dllcache\jsproxy.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 44544 c:\desktop\system32\dllcache\iernonce.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 44544 c:\desktop\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\desktop\system32\dllcache\ieencode.dll
- 2009-04-01 02:19 . 2008-12-19 09:10 70656 c:\desktop\system32\dllcache\ie4uinit.exe
+ 2009-04-01 02:19 . 2009-02-20 10:20 70656 c:\desktop\system32\dllcache\ie4uinit.exe
+ 2008-08-28 11:20 . 2008-08-28 11:20 65536 c:\desktop\system32\comLyricGetter.dll
+ 2009-04-18 06:09 . 2009-04-18 06:09 30720 c:\desktop\rnapxs\rnapxs.dat
+ 2009-04-18 06:24 . 2009-04-21 11:07 69632 c:\desktop\rnapxs\CSDK\urlcache\domainNames.dat
+ 2009-04-18 06:10 . 2009-04-18 06:10 10134 c:\desktop\Installer\{2681A52E-FCFA-4982-A030-7B652BDD346C}\ARPPRODUCTICON.exe
+ 2009-04-18 06:11 . 2009-04-18 06:11 10134 c:\desktop\Installer\{166478EA-A017-43C0-BE42-7560BD5A646B}\ARPPRODUCTICON.exe
+ 2009-04-18 14:06 . 2008-12-20 23:15 44544 c:\desktop\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 52224 c:\desktop\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 27648 c:\desktop\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-18 14:06 . 2008-12-19 09:10 13824 c:\desktop\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-18 14:06 . 2008-12-20 23:15 44544 c:\desktop\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-18 14:06 . 2008-04-14 00:11 81920 c:\desktop\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-18 14:06 . 2008-12-19 09:10 70656 c:\desktop\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-18 14:06 . 2008-12-20 23:15 63488 c:\desktop\ie7updates\KB963027-IE7\icardie.dll
+ 2009-04-18 06:19 . 2009-04-18 06:19 8854 c:\desktop\Installer\{F05A5232-CE5E-4274-AB27-44EB8105898D}\ARPPRODUCTICON.exe
+ 2009-04-18 09:29 . 2004-04-05 03:36 217088 c:\desktop\system32\xvidcore.dll
+ 2009-04-18 09:29 . 2004-02-10 09:15 128512 c:\desktop\system32\xvid.dll
+ 2009-04-18 09:29 . 2005-01-09 02:41 245760 c:\desktop\system32\writelib.dll
- 2009-04-01 02:19 . 2008-04-14 00:12 354304 c:\desktop\system32\winhttp.dll
+ 2009-04-01 02:19 . 2008-12-16 12:30 354304 c:\desktop\system32\winhttp.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 233472 c:\desktop\system32\webcheck.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 233472 c:\desktop\system32\webcheck.dll
+ 2009-03-25 23:52 . 2009-02-06 10:10 227840 c:\desktop\system32\wbem\wmiprvse.exe
+ 2009-03-25 23:52 . 2009-02-09 12:10 453120 c:\desktop\system32\wbem\wmiprvsd.dll
+ 2009-03-25 23:52 . 2009-02-09 12:10 473600 c:\desktop\system32\wbem\fastprox.dll
+ 2009-04-18 06:07 . 2008-08-22 08:33 111856 c:\desktop\system32\wbem\canvprov.dll
+ 2008-08-28 11:17 . 2008-08-28 11:17 139264 c:\desktop\system32\voltoCDX.dll
+ 2009-04-18 09:29 . 2008-03-31 04:08 140288 c:\desktop\system32\viscomqtde.dll
+ 2009-04-18 09:29 . 2008-03-17 12:18 713728 c:\desktop\system32\viscommpgenc.dll
+ 2009-04-18 09:29 . 2007-12-05 03:48 117760 c:\desktop\system32\viscommpgdec.dll
+ 2009-04-18 09:29 . 2008-03-21 05:09 387584 c:\desktop\system32\viscomflvdec.dll
+ 2008-08-28 11:17 . 2008-08-28 11:17 233472 c:\desktop\system32\viscomdvdimg.dll
+ 2009-04-18 09:29 . 2007-02-26 06:13 215040 c:\desktop\system32\videoformat.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 105984 c:\desktop\system32\url.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 105984 c:\desktop\system32\url.dll
+ 2009-01-09 06:25 . 2009-01-09 06:25 264696 c:\desktop\system32\UmxSbxw.dll
+ 2009-01-09 06:25 . 2009-01-09 06:25 113144 c:\desktop\system32\UmxSbxExw.dll
+ 2009-04-18 06:09 . 2007-11-14 02:35 823296 c:\desktop\system32\svcprs32.exe
+ 2009-03-25 23:35 . 2009-04-18 21:00 441980 c:\desktop\system32\perfh009.dat
- 2009-03-25 23:35 . 2009-04-06 02:29 441980 c:\desktop\system32\perfh009.dat
+ 2002-07-19 16:48 . 2002-07-19 16:48 157696 c:\desktop\system32\OggEnc.exe
- 2009-04-01 02:19 . 2008-12-20 23:15 102912 c:\desktop\system32\occache.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 102912 c:\desktop\system32\occache.dll
+ 2008-08-28 11:19 . 2008-08-28 11:19 626688 c:\desktop\system32\NCTImageFile.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 671232 c:\desktop\system32\mstime.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 671232 c:\desktop\system32\mstime.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 193024 c:\desktop\system32\msrating.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 193024 c:\desktop\system32\msrating.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 477696 c:\desktop\system32\mshtmled.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 477696 c:\desktop\system32\mshtmled.dll
- 2007-08-13 08:54 . 2008-12-20 23:15 459264 c:\desktop\system32\msfeeds.dll
+ 2007-08-13 08:54 . 2009-02-20 18:09 459264 c:\desktop\system32\msfeeds.dll
+ 2009-03-25 23:52 . 2008-06-12 14:23 161792 c:\desktop\system32\msdtcuiu.dll
- 2009-03-25 23:52 . 2008-04-14 00:11 161792 c:\desktop\system32\msdtcuiu.dll
+ 2009-03-25 23:52 . 2008-06-12 14:23 956928 c:\desktop\system32\msdtctm.dll
- 2009-03-25 23:52 . 2008-04-14 00:11 956928 c:\desktop\system32\msdtctm.dll
+ 2009-03-25 23:52 . 2008-06-12 14:23 428032 c:\desktop\system32\msdtcprx.dll
+ 2008-09-28 17:33 . 2008-09-28 17:33 253952 c:\desktop\system32\Manipulate.dll
+ 2005-11-05 23:34 . 2005-11-05 23:34 145408 c:\desktop\system32\Lame.exe
+ 2009-04-01 02:19 . 2009-03-21 14:06 989696 c:\desktop\system32\kernel32.dll
- 2009-04-01 02:19 . 2008-04-14 00:11 989696 c:\desktop\system32\kernel32.dll
+ 2007-08-13 08:34 . 2009-02-20 18:09 268288 c:\desktop\system32\iertutil.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 385024 c:\desktop\system32\iedkcs32.dll
+ 2007-07-11 02:27 . 2009-02-20 18:09 383488 c:\desktop\system32\ieapfltr.dll
- 2007-07-11 02:27 . 2008-12-20 23:15 383488 c:\desktop\system32\ieapfltr.dll
+ 2009-04-01 02:19 . 2009-02-20 05:14 161792 c:\desktop\system32\ieakui.dll
- 2009-04-01 02:19 . 2008-12-19 05:23 161792 c:\desktop\system32\ieakui.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 230400 c:\desktop\system32\ieaksie.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 230400 c:\desktop\system32\ieaksie.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 153088 c:\desktop\system32\ieakeng.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 153088 c:\desktop\system32\ieakeng.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 133120 c:\desktop\system32\extmgr.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 133120 c:\desktop\system32\extmgr.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 214528 c:\desktop\system32\dxtrans.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 214528 c:\desktop\system32\dxtrans.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 347136 c:\desktop\system32\dxtmsft.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 347136 c:\desktop\system32\dxtmsft.dll
+ 2009-04-18 09:29 . 2005-01-05 06:17 655360 c:\desktop\system32\dvdlib.dll
+ 2009-01-09 06:25 . 2009-01-09 06:25 107512 c:\desktop\system32\drivers\KmxStart.sys
+ 2009-01-09 06:25 . 2009-01-09 06:25 115704 c:\desktop\system32\drivers\KmxFw.sys
+ 2009-01-09 06:25 . 2009-01-09 06:25 205304 c:\desktop\system32\drivers\KmxCfg.sys
+ 2009-01-09 06:25 . 2009-01-09 06:25 144376 c:\desktop\system32\drivers\KmxCF.sys
+ 2009-04-01 02:19 . 2009-03-03 00:18 826368 c:\desktop\system32\dllcache\wininet.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 826368 c:\desktop\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\desktop\system32\dllcache\winhttp.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 233472 c:\desktop\system32\dllcache\webcheck.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 233472 c:\desktop\system32\dllcache\webcheck.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 105984 c:\desktop\system32\dllcache\url.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 105984 c:\desktop\system32\dllcache\url.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 102912 c:\desktop\system32\dllcache\occache.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 102912 c:\desktop\system32\dllcache\occache.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 671232 c:\desktop\system32\dllcache\mstime.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 671232 c:\desktop\system32\dllcache\mstime.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 193024 c:\desktop\system32\dllcache\msrating.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 193024 c:\desktop\system32\dllcache\msrating.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 477696 c:\desktop\system32\dllcache\mshtmled.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 477696 c:\desktop\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\desktop\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\desktop\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\desktop\system32\dllcache\msdtcprx.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\desktop\system32\dllcache\kernel32.dll
+ 2008-02-04 01:58 . 2009-02-28 04:54 636072 c:\desktop\system32\dllcache\iexplore.exe
+ 2009-04-01 02:19 . 2009-02-20 18:09 385024 c:\desktop\system32\dllcache\iedkcs32.dll
+ 2009-04-01 02:19 . 2009-02-20 05:14 161792 c:\desktop\system32\dllcache\ieakui.dll
- 2009-04-01 02:19 . 2008-12-19 05:23 161792 c:\desktop\system32\dllcache\ieakui.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 230400 c:\desktop\system32\dllcache\ieaksie.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 230400 c:\desktop\system32\dllcache\ieaksie.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 153088 c:\desktop\system32\dllcache\ieakeng.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 153088 c:\desktop\system32\dllcache\ieakeng.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 133120 c:\desktop\system32\dllcache\extmgr.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 133120 c:\desktop\system32\dllcache\extmgr.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 214528 c:\desktop\system32\dllcache\dxtrans.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 214528 c:\desktop\system32\dllcache\dxtrans.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 347136 c:\desktop\system32\dllcache\dxtmsft.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 347136 c:\desktop\system32\dllcache\dxtmsft.dll
+ 2009-04-01 02:18 . 2009-02-20 18:09 124928 c:\desktop\system32\dllcache\advpack.dll
- 2009-04-01 02:18 . 2008-12-20 23:15 124928 c:\desktop\system32\dllcache\advpack.dll
+ 2009-04-18 09:29 . 2003-05-22 03:27 620094 c:\desktop\system32\divx.dll
+ 2008-10-03 22:14 . 2008-10-03 22:14 172032 c:\desktop\system32\DirectEncode.dll
+ 2007-10-15 02:23 . 2007-10-15 02:23 511328 c:\desktop\system32\CapiCom.dll
+ 2008-08-28 11:19 . 2008-08-28 11:19 323584 c:\desktop\system32\AudioGenie2.dll
+ 2009-04-01 02:18 . 2009-02-20 18:09 124928 c:\desktop\system32\advpack.dll
- 2009-04-01 02:18 . 2008-12-20 23:15 124928 c:\desktop\system32\advpack.dll
+ 2008-08-28 11:19 . 2008-08-28 11:19 630784 c:\desktop\system32\ActSoft-Videos.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 826368 c:\desktop\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 233472 c:\desktop\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 105984 c:\desktop\ie7updates\KB963027-IE7\url.dll
+ 2009-04-18 14:06 . 2008-07-09 07:38 382840 c:\desktop\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-18 14:06 . 2008-07-08 13:02 231288 c:\desktop\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-18 14:06 . 2008-12-20 23:15 102912 c:\desktop\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 671232 c:\desktop\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 193024 c:\desktop\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 477696 c:\desktop\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 459264 c:\desktop\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-18 14:06 . 2008-12-19 05:25 634024 c:\desktop\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-18 14:06 . 2008-12-20 23:15 267776 c:\desktop\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 384512 c:\desktop\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 383488 c:\desktop\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-18 14:06 . 2008-12-19 05:23 161792 c:\desktop\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 230400 c:\desktop\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 153088 c:\desktop\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 133120 c:\desktop\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 214528 c:\desktop\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 347136 c:\desktop\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 124928 c:\desktop\ie7updates\KB963027-IE7\advpack.dll
+ 2009-04-18 20:57 . 2009-04-18 20:57 172032 c:\desktop\ERDNT\AutoBackup\4-19-2009\Users\00000002\UsrClass.dat
+ 2009-04-18 20:57 . 2005-10-20 02:02 163328 c:\desktop\ERDNT\AutoBackup\4-19-2009\ERDNT.EXE
+ 2009-04-01 02:19 . 2008-04-14 00:12 146944 c:\desktop\ekuxafes.dll
+ 2009-04-18 06:09 . 2007-11-14 02:26 1830912 c:\desktop\system32\winsflte.dll
+ 2009-04-18 09:29 . 2007-02-26 06:13 2392064 c:\desktop\system32\videotrans.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 1160192 c:\desktop\system32\urlmon.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 1160192 c:\desktop\system32\urlmon.dll
+ 2009-04-01 02:19 . 2008-12-20 22:14 1288192 c:\desktop\system32\quartz.dll
- 2009-04-01 02:19 . 2008-05-07 05:12 1288192 c:\desktop\system32\quartz.dll
+ 2008-08-28 11:22 . 2008-08-28 11:22 1189304 c:\desktop\system32\NMSDVDX.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 3595264 c:\desktop\system32\mshtml.dll
+ 2009-04-18 06:09 . 2007-11-14 02:34 1212416 c:\desktop\system32\mdmcls32.exe
+ 2007-08-13 08:54 . 2009-02-20 18:09 6066176 c:\desktop\system32\ieframe.dll
+ 2007-02-12 06:10 . 2008-07-09 14:25 2455488 c:\desktop\system32\ieapfltr.dat
- 2007-02-12 06:10 . 2007-04-17 09:32 2455488 c:\desktop\system32\ieapfltr.dat
+ 2008-08-28 11:16 . 2005-02-02 06:07 1709568 c:\desktop\system32\gdiplus.dll
+ 2008-10-03 23:07 . 2008-10-03 23:07 3754896 c:\desktop\system32\erdmpg-6.dll
- 2009-04-01 02:19 . 2008-12-20 23:15 1160192 c:\desktop\system32\dllcache\urlmon.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 1160192 c:\desktop\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\desktop\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\desktop\system32\dllcache\quartz.dll
+ 2009-04-01 02:19 . 2009-02-20 18:09 3595264 c:\desktop\system32\dllcache\mshtml.dll
+ 2009-04-18 06:09 . 2008-08-22 08:33 1254640 c:\desktop\system32\cfgmig32.dll
+ 2009-04-18 06:24 . 2009-04-21 11:07 1118208 c:\desktop\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2009-04-18 14:06 . 2008-12-20 23:15 1160192 c:\desktop\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-18 14:06 . 2009-01-16 11:35 3594752 c:\desktop\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-18 14:06 . 2008-12-20 23:15 6066688 c:\desktop\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-18 14:06 . 2007-04-17 09:32 2455488 c:\desktop\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-04-18 20:57 . 2009-04-18 20:57 1748992 c:\desktop\ERDNT\AutoBackup\4-19-2009\Users\00000001\ntuser.dat
+ 2009-04-02 08:12 . 2009-02-06 11:08 2189056 c:\desktop\Driver Cache\i386\ntoskrnl.exe
- 2009-04-02 08:12 . 2008-08-14 09:33 2023936 c:\desktop\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-02 08:12 . 2009-02-06 10:32 2023936 c:\desktop\Driver Cache\i386\ntkrpamp.exe
- 2009-04-02 08:12 . 2008-08-14 09:33 2066048 c:\desktop\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-02 08:12 . 2009-02-07 09:02 2066048 c:\desktop\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-02 08:12 . 2008-08-14 10:09 2145280 c:\desktop\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-02 08:12 . 2009-02-06 11:06 2145280 c:\desktop\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-02 08:36 . 2009-04-06 14:57 24921544 c:\desktop\system32\MRT.exe
+ 2009-04-18 06:09 . 2007-11-14 02:34 11333632 c:\desktop\cfgmng32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\desktop\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGPCSuiteLanucher"="c:\program files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" [2008-04-16 2637824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Mfaliqaqojune"="c:\desktop\Mwasurixu.dat" [2009-04-18 146944]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-04-18 374000]
"dvHighMem"="c:\desktop\cfgmng32.exe" [2007-11-14 11333632]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-04-18 271600]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-04-18 1512688]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-04-18 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-04-18 337136]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe" [2009-04-18 14064]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-04-18 324848]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\desktop\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\desktop\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\desktop\alcwzrd.exe [2006-05-04 2808832]

c:\documents and settings\All Users.DESKTOP\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-12-14 1376256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 06:46 79368 -c--a-w c:\desktop\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli facsveph.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"= 8073:TCP:dihrt

R0 higqpez;higqpez; [x]
R2 erayb;Manager Shell;c:\desktop\system32\svchost.exe [2008-04-14 14336]
S0 KmxStart;KmxStart;c:\desktop\System32\DRIVERS\kmxstart.sys [2009-01-09 107512]
S1 KmxAgent;KmxAgent;c:\desktop\system32\DRIVERS\kmxagent.sys [2009-01-09 72696]
S1 KmxFile;KmxFile;c:\desktop\system32\DRIVERS\KmxFile.sys [2009-01-09 52728]
S1 KmxFw;KmxFw;c:\desktop\system32\DRIVERS\kmxfw.sys [2009-01-09 115704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-04-18 128240]
S2 KmxCF;KmxCF;c:\desktop\system32\DRIVERS\KmxCF.sys [2009-01-09 144376]
S2 KmxSbx;KmxSbx;c:\desktop\system32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-01-09 1153528]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-01-09 797176]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-01-09 297464]
S2 WinSvchostManager;WinSock Svchost Manager;c:\desktop\system32\svcprs32.exe [2007-11-14 823296]
S3 KmxCfg;KmxCfg;c:\desktop\system32\DRIVERS\kmxcfg.sys [2009-01-09 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-04-18 222448]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
erayb
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\desktop\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\desktop\system32\winsflt.dll
LSP: c:\desktop\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\LILLIA.FONOTI-6BD08A2B\Application Data\Mozilla\Firefox\Profiles\seb8fejs.default\
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 21:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\erayb]
"ServiceDll"="c:\desktop\system32\tpadllb.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\desktop\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(804)
c:\desktop\system32\winsflt.dll

- - - - - - - > 'explorer.exe'(2752)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\desktop\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\desktop\system32\mdmcls32.exe
.
**************************************************************************
.
Completion time: 2009-04-21 21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 11:14
ComboFix2.txt 2009-04-18 05:38

Pre-Run: 49,799,933,952 bytes free
Post-Run: 49,826,566,144 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
608 --- E O F --- 2009-04-18 14:07

[fenzodahl512]

1. Please open Notepad

• If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
erayb

Driver::
higqpez
erayb

Rootkit::
c:\desktop\system32\tpadllb.dll

File::
c:\desktop\system32\tpadllb.dll
c:\desktop\system32\02.tmp
c:\desktop\system32\01.tmp
c:\desktop\Mwasurixu.dat
c:\desktop\ekuxafes.dll

Folder::
c:\desktop\system32\NetworkService32

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mfaliqaqojune"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8073:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\erayb]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[fenzodahl512]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.