[Mattjames]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/3/2003 6:35:09 PM
mbam-log-2003-12-03 (18-35-09).txt

Scan type: Quick scan
Objects scanned: 121606
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\DINPUT832.DLL (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dpnet32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f4b41d2e937 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{11f7db56-9a30-4d71-9471-43ff943f76f2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f7db56-9a30-4d71-9471-43ff943f76f2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f7db56-9a30-4d71-9471-43ff943f76f2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dinput832.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dinput832.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\DINPUT832.DLL (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dpnet32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\d3dx9_3132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnetcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\davclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmime32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dskquota32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsound32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dx8vb32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

[Advertisements]

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[Rorschach112]

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[Mattjames]

should i show you my combo fix log?

[Rorschach112]

yes

[Mattjames]

ComboFix 10-06-06.04 - Owner 12/04/2003 7:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.294 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\winspool.drv
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\0200000007673692937C.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937O.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937P.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937S.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\install.rdf
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\1183218249
c:\windows\system32\unrar.exe

-- Previous Run --

c:\windows\system32\msgsvc.dll . . . is infected!!

--------

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2003-11-04 to 2003-12-04 )))))))))))))))))))))))))))))))
.

2010-06-04 12:58 . 2003-12-04 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-04 12:04 . 2010-06-04 12:06 13391344 ----a-w- c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_chrome_4.1.249.1064_en_setup.exe
2010-06-04 11:58 . 2010-06-04 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-03 07:52 . 2010-06-03 07:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-31 14:38 . 2010-05-31 14:38 -------- d-----w- c:\program files\iPod
2010-05-31 14:37 . 2010-05-31 14:38 -------- d-----w- c:\program files\iTunes
2010-05-31 14:37 . 2010-05-31 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 14:33 . 2010-05-31 14:33 -------- d-----w- c:\program files\QuickTime
2010-05-31 14:24 . 2010-05-31 14:24 -------- d-----w- c:\program files\Bonjour
2010-05-31 14:21 . 2010-05-31 14:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-27 01:13 . 2010-05-27 01:13 561152 ----a-w- c:\windows\AJScreensaver.scr
2010-05-16 00:11 . 2010-05-16 00:11 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-15 23:09 . 2010-05-15 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-05-10 08:43 . 2010-06-03 15:06 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-10 01:16 . 2010-05-10 01:16 -------- d-----w- c:\documents and settings\Owner\AppData
2010-05-10 01:12 . 2010-05-10 01:12 -------- d-----w- c:\program files\AhnLab
2010-05-03 14:18 . 2010-05-03 14:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-29 17:17 . 2010-04-29 17:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2010-04-28 19:45 . 2003-12-04 15:26 -------- d-----w- c:\documents and settings\Owner\Tracing
2010-04-28 19:43 . 2010-04-28 19:43 -------- d-----w- c:\program files\Microsoft
2010-04-28 19:43 . 2010-04-28 19:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-28 19:42 . 2010-04-28 19:43 -------- d-----w- c:\program files\Windows Live
2010-04-28 19:37 . 2010-04-28 19:37 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-20 07:53 . 2001-08-17 20:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-04-20 07:53 . 2001-08-17 20:48 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys
2010-04-17 06:12 . 2010-04-17 06:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 13:41 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-16 13:41 . 2010-04-16 13:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PassMark
2010-04-16 13:41 . 2010-04-16 13:41 57856 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{849089CF-4988-49ED-A2DD-110CD5D9D7E8}\Icon849089CF.exe
2010-04-16 13:41 . 2010-04-16 13:41 -------- d-----w- c:\program files\PerformanceTest
2010-04-16 13:08 . 2010-04-16 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-04-16 13:08 . 2003-12-03 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-16 13:06 . 2010-04-16 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-16 13:03 . 2003-12-04 10:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-04-16 12:53 . 2010-04-16 12:53 -------- d-----w- c:\program files\Smith Micro
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 10:58 . 2010-04-07 10:58 -------- d-----w- c:\windows\Sun
2010-04-03 06:45 . 2006-02-28 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-03 06:03 . 2010-04-03 06:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-03 06:01 . 2010-04-03 06:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-02 17:04 . 2010-06-03 22:05 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-02 17:04 . 2003-12-02 23:51 -------- d-----w- c:\program files\Ask.com
2010-04-02 17:03 . 2010-04-02 17:03 -------- d-----w- c:\program files\LimeWire
2010-04-01 20:05 . 2010-04-01 20:05 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-03-29 19:00 . 2010-03-29 19:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-03-29 19:00 . 2003-12-02 09:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2010-03-29 19:00 . 2010-04-28 19:45 13688 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-28 06:31 . 2010-03-28 06:31 -------- d-----w- c:\windows\ServicePackFiles
2010-03-28 00:14 . 2010-04-01 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-27 22:05 . 2010-03-27 22:05 190 ----a-w- c:\windows\DelIndex.BAT
2010-03-27 22:03 . 2010-03-27 22:05 -------- d-----w- c:\program files\Privacy Keeper
2010-03-27 18:03 . 2004-08-04 07:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-03-27 16:36 . 2010-04-03 06:01 -------- d-----w- c:\windows\system32\LogFiles
2010-03-26 21:47 . 2010-03-26 22:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-26 21:45 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-26 21:45 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-26 21:38 . 2009-12-08 18:53 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-26 21:38 . 2009-12-08 18:55 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-26 21:38 . 2009-12-08 18:19 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-26 21:38 . 2009-12-08 18:19 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-26 21:37 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-26 21:21 . 2009-01-08 02:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonSystemWorks
2010-03-26 21:13 . 2010-04-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-26 21:09 . 2005-01-23 18:30 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-03-26 21:06 . 2010-03-26 21:06 -------- d-s---w- c:\windows\system32\Microsoft
2010-03-26 21:03 . 2006-02-28 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-03-26 21:02 . 2006-02-28 12:00 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2010-03-26 21:01 . 2010-03-30 19:28 -------- d--h--w- c:\windows\$hf_mig$
2010-03-26 21:01 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-26 21:01 . 2010-03-26 21:01 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2010-03-26 20:57 . 2010-03-26 21:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-03-26 20:57 . 2006-02-28 12:00 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-03-26 20:57 . 2006-02-28 12:00 40448 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-03-26 20:57 . 2006-02-28 12:00 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-03-26 20:57 . 2006-02-28 12:00 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-03-26 20:55 . 2004-08-04 08:56 32285 ----a-w- c:\windows\system32\HSFCISP2.dll
2010-03-26 20:55 . 2004-08-04 06:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-26 20:55 . 2004-08-04 06:41 685056 ----a-w- c:\windows\system32\drivers\HSFCXTS2.sys
2010-03-26 20:55 . 2004-08-04 08:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-03-26 20:55 . 2004-08-04 06:41 1041536 ----a-w- c:\windows\system32\drivers\HSFDPSP2.sys
2010-03-26 20:55 . 2004-08-04 06:41 220032 ----a-w- c:\windows\system32\drivers\HSFBS2S2.sys
2010-03-26 20:51 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-26 20:51 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-26 20:51 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-26 20:51 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-26 20:35 . 2010-03-26 20:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2010-03-26 20:33 . 2010-03-26 20:34 -------- d-----w- c:\windows\system32\URTTemp
2010-03-26 20:23 . 2010-03-26 20:23 -------- d-----w- c:\windows\system32\bits
2010-03-26 12:43 . 2010-03-26 12:49 -------- d-----w- c:\windows\PeerNet
2010-03-26 12:43 . 2010-03-26 12:43 -------- d-----w- c:\windows\Provisioning
2010-03-26 09:37 . 2010-03-26 09:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2010-03-25 03:12 . 2006-02-28 12:00 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
2010-03-25 03:12 . 2006-02-28 12:00 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2010-03-25 03:12 . 2006-02-28 12:00 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
2010-03-25 03:12 . 2006-02-28 12:00 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2010-03-25 03:12 . 2006-02-28 12:00 18944 -c--a-w- c:\windows\system32\dllcache\qmgrprxy.dll
2010-03-25 03:12 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-s---w- c:\documents and settings\Owner\UserData
2010-03-24 00:57 . 2004-08-04 08:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-24 00:51 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-03-24 00:51 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-03-24 00:51 . 2006-02-28 12:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-03-24 00:51 . 2006-02-28 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-03-24 00:51 . 2006-02-28 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-03-24 00:51 . 2006-02-28 12:00 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 6144 ----a-w- c:\windows\system32\snmpmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 39936 ----a-w- c:\windows\system32\hostmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2010-03-24 00:51 . 2006-02-28 12:00 101888 ----a-w- c:\windows\system32\evntagnt.dll
2010-03-22 18:38 . 2010-03-22 18:38 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-22 17:09 . 2010-03-22 17:12 -------- d-----w- c:\program files\Microsoft Plus!
2010-03-22 01:13 . 2010-05-31 14:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-21 18:47 . 2010-03-21 18:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-21 18:47 . 2010-05-04 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-03-21 18:47 . 2010-03-21 18:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-21 10:44 . 2010-03-21 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-21 10:43 . 2010-06-04 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-21 09:40 . 2010-03-21 09:40 0 ----a-w- c:\windows\nsreg.dat
2010-03-21 09:39 . 2010-03-21 09:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-03-21 09:37 . 2010-04-01 20:38 -------- d-----w- c:\program files\Carbonite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 13:58 . 2010-05-31 15:40 320 ----a-w- c:\documents and settings\Owner\udpcrawl.tmp
2010-06-04 12:17 . 2010-06-03 07:47 -------- d-----w- c:\program files\Google
2010-06-03 07:50 . 2010-06-03 07:50 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-03 07:50 . 2010-06-03 07:47 -------- d-----w- c:\program files\DivX
2010-06-03 07:50 . 2010-06-03 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-03 07:50 . 2010-06-03 07:50 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-03 07:50 . 2010-06-03 07:50 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-03 07:49 . 2010-06-03 07:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-03 07:49 . 2010-06-03 07:49 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-03 07:49 . 2010-06-03 07:49 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-03 07:46 . 2010-06-03 07:46 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-01 06:01 . 2003-12-02 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-31 15:36 . 2010-05-31 15:36 0 ---ha-w- c:\documents and settings\Owner\iirziqwbgt.tmp
2010-05-31 14:37 . 2003-12-02 19:48 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 23:39 . 2003-12-04 02:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 23:39 . 2003-12-04 02:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 18:14 . 2010-03-21 06:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 02:45 . 2010-03-21 06:21 77423 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-26 20:59 . 2010-03-21 06:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-21 09:37 . 2010-03-21 05:38 -------- d-----w- c:\program files\Java
2010-03-21 06:37 . 2010-03-21 06:37 -------- d-----w- c:\program files\Broadcom
2010-03-21 06:34 . 2010-03-21 06:34 -------- d-----w- c:\program files\Intel
2010-03-21 06:34 . 2010-03-21 06:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 06:32 . 2010-03-21 06:32 -------- d-----w- c:\program files\Analog Devices
2010-03-21 06:31 . 2010-03-21 06:31 -------- d-----w- c:\program files\Dell
2010-03-21 06:27 . 2010-03-21 06:27 2232 ----a-w- c:\windows\java\Packages\Data\D3DBXVRP.DAT
2010-03-21 06:27 . 2010-03-21 06:27 155995 ----a-w- c:\windows\java\Packages\41VBDJ97.ZIP
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\4Z7NXB1B.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\6HZ3ZHBR.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\J57739BJ.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\CV33179J.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\1BBXZD33.DAT
2010-03-21 06:23 . 2010-03-21 06:23 -------- d-----w- c:\program files\microsoft frontpage
2010-03-21 05:38 . 2010-03-21 05:38 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-05 19:16 . 2010-02-05 19:16 94208 ----a-w- c:\windows\system32\dpl100.dll
2009-12-31 16:14 . 2006-02-28 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-22 18:39 . 2006-02-28 12:00 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-12-16 12:58 . 2010-03-21 06:17 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2006-02-28 12:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2006-02-28 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:36 . 2006-02-28 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-16 06:51 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-15 17:21 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:53 . 2006-02-28 12:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-02-28 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-02-28 12:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-11 14:33 . 2006-02-28 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 12:19 . 2006-02-28 12:00 1850112 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 03:24 . 2010-03-25 03:09 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 03:24 . 2010-03-25 03:09 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 03:24 . 2010-03-25 03:09 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 03:24 . 2009-08-07 03:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 03:24 . 2010-03-21 06:17 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 03:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 03:23 . 2010-03-25 03:09 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 03:23 . 2010-03-21 06:17 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 04:57 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2006-02-28 12:00 1435648 ----a-w- c:\windows\system32\query.dll
2009-06-25 08:44 . 2006-02-28 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2006-02-28 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2006-02-28 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2006-02-28 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2006-02-28 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2006-02-28 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:32 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2010-03-21 06:17 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-05-18 22:17 . 2003-12-02 19:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-18 20:17 . 2009-05-18 20:17 26600 ----a-w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspiWDM.sys
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 15:11 . 2006-02-28 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-08 12:34 . 2006-02-28 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 12:34 . 2006-02-28 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 12:33 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 12:32 . 2006-02-28 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 12:32 . 2006-02-28 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 12:31 . 2006-02-28 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 12:31 . 2006-02-28 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-06-04 12:00 . 2010-06-04 12:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 19:11 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-21 149280]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-01-23 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-04 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCloseDragDropBands"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [4/1/2010 12:05 PM 18432]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2010 11:47 PM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/4/2010 3:59 AM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2003-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-04 11:58]

2003-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 07:47]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 07:47]

2010-06-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-03-28 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Contains
DPF: DownloadInformation -
DPF: InstalledVersion
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\[email protected]\defaults\preferences\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
Notify-f4b41d2e937 - c:\windows\SYSTEM32\DINPUT832.DLL
AddRemove-EarthBound-RO FULL CLIENT - c:\documents and settings\Owner\My Documents\Ragnarok\EarthBound Ro\Uninstal.exe
AddRemove-MyProduct - c:\documents and settings\Owner\My Documents\Ragnarok\Old School RO\Uninstal.exe
AddRemove-{ED7474E0-CCD3-4730-9A66-D92C9BCA66FF} - c:\documents and settings\Owner\Local Settings\Application Data\{B67AE4AE-D3BC-4A7E-A478-AFD4EC8988DA}\ChosenRO Large Installer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2003-12-04 07:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2003-12-04 07:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2003-12-04 15:31

Pre-Run: 48,990,859,264 bytes free
Post-Run: 48,957,882,368 bytes free

- - End Of File - - 46E48E0CD852F44E93BC883889561365

[Rorschach112]

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  c:\documents and settings\Owner\*.tmp
  c:\windows\java\Packages\Data\D3DBXVRP.DAT
  c:\windows\java\Packages\41VBDJ97.ZIP
  c:\windows\java\Packages\Data\4Z7NXB1B.DAT
  c:\windows\java\Packages\Data\6HZ3ZHBR.DAT
  c:\windows\java\Packages\Data\J57739BJ.DAT
  c:\windows\java\Packages\Data\CV33179J.DAT
  c:\windows\java\Packages\Data\1BBXZD33.DAT
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles /all
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  CREATERESTOREPOINT
  %PROGRAMFILES%\*.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  /md5start
  msgsvc.dll
  /md5stop
  
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.