[Resolved] Re-directed sites - Can't System Restore - Can't Install

  1. 19-06-2009  #11
    Digidan
    Digidan is offline Newbie

    re: [Resolved] Re-directed sites - Can't System Restore - Can't Install

    Here are the new "LOGS"

    ComboFix 09-06-18.02 - Daniel Bautista 06/19/2009 17:45.1 - NTFSx86
    Running from: c:\documents and settings\Daniel Bautista\Desktop\6501\6501.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Daniel Bautista\Application Data\.#
    c:\documents and settings\Daniel Bautista\Application Data\IUpd721
    c:\temp\1cb
    c:\windows\system32\drivers\UACvjgdlrvotyekhbd.sys
    c:\windows\system32\T2
    c:\windows\system32\UACfqerrwastrrmkmo.dll
    c:\windows\system32\UACgwcytjdgynwapls.log
    c:\windows\system32\UACiovyyhnnfaxnsay.dll
    c:\windows\system32\UACjljgxlqlxujhcnj.dat
    c:\windows\system32\UACmmfxgtyxluahnif.db
    c:\windows\system32\UACnvwnwewiqmrvpnr.log
    c:\windows\system32\UACodxoewvkipuavpi.dll
    c:\windows\system32\UACqlpllynptilwpvq.log
    c:\windows\system32\UACrcpjjlarfpywpfs.dll
    c:\windows\system32\UACwpejbcjwkgrpdkr.dll
    c:\windows\system32\UACxrodkqkctsnbuma.dll
    C:\Documents
    c:\documents and settings\Daniel Bautista\Application Data\.#\MBX@8E8@10B3288.###
    c:\documents and settings\Daniel Bautista\Application Data\.#\MBX@8E8@10B3298.###
    c:\documents and settings\Daniel Bautista\Application Data\IUpd721\Logs\scns.log
    c:\documents and settings\Daniel Bautista\Temporary Internet Files\fbk.sts
    c:\temp\1cb\syscheck.log
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\_000003_.tmp.dll
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\drivers\UACvjgdlrvotyekhbd.sys
    c:\windows\system32\esvjnqpo.ini
    c:\windows\system32\fsdqchyt.ini
    c:\windows\system32\grb.exe
    c:\windows\system32\iuprdvvh.ini
    c:\windows\system32\msvcsv60.dll
    c:\windows\system32\prsgrc.dll
    c:\windows\system32\rYHilnmp.ini
    c:\windows\system32\rYHilnmp.ini2
    c:\windows\system32\UACfqerrwastrrmkmo.dll
    c:\windows\system32\UACgwcytjdgynwapls.log
    c:\windows\system32\uacinit.dll
    c:\windows\system32\UACiovyyhnnfaxnsay.dll
    c:\windows\system32\UACjljgxlqlxujhcnj.dat
    c:\windows\system32\UACmmfxgtyxluahnif.db
    c:\windows\system32\UACnvwnwewiqmrvpnr.log
    c:\windows\system32\UACodxoewvkipuavpi.dll
    c:\windows\system32\UACqlpllynptilwpvq.log
    c:\windows\system32\UACrcpjjlarfpywpfs.dll
    c:\windows\system32\uactmp.db
    c:\windows\system32\UACwpejbcjwkgrpdkr.dll
    c:\windows\system32\UACxrodkqkctsnbuma.dll
    D:\Autorun.inf
    D:\Desktop.ini

    ----- BITS: Possible infected sites -----

    hxxp://www.graboid.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys
    -------\Legacy_EPSON_PM_RPCV4_01
    -------\Service_EPSON_PM_RPCV4_01


    ((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
    .

    2009-06-17 23:53 . 2009-06-17 23:53 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Malwarebytes
    2009-06-17 23:37 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 23:37 . 2009-06-17 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-17 23:37 . 2009-06-17 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-17 23:37 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-17 19:02 . 2009-06-17 23:21 117760 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
    2009-06-17 19:02 . 2009-06-17 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-17 18:59 . 2009-06-17 19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com
    2009-06-15 02:45 . 2009-06-15 02:45 -------- d-----w- C:\Templates
    2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\Wave Arts
    2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\program files\Wave Arts
    2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FabFilter
    2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\Common Files\VST3
    2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\FabFilter
    2009-06-07 17:36 . 2009-06-09 23:28 16 ----a-w- c:\windows\msocreg32.dat
    2009-06-02 22:45 . 2009-06-02 22:45 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker Pro Advanced
    2009-06-02 22:44 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\FileMaker
    2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\program files\FileMaker
    2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker
    2009-05-22 10:23 . 2009-05-22 10:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Thinstall

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-06-19 21:58 . 2009-05-12 03:22 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-06-17 18:58 . 2007-02-21 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-15 02:23 . 2008-12-06 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-06-14 17:59 . 2009-02-20 14:23 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\uTorrent
    2009-06-14 15:03 . 2007-05-24 01:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\UseNeXT
    2009-06-10 01:08 . 2007-05-24 01:24 -------- d-----w- c:\program files\UseNeXT
    2009-06-07 17:34 . 2006-08-17 05:46 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-07 17:34 . 2006-12-12 03:32 -------- d-----w- c:\program files\IK Multimedia
    2009-05-27 01:28 . 2006-12-12 06:10 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Apple Computer
    2009-05-12 03:13 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\BitDefender
    2009-05-12 03:01 . 2009-05-12 03:00 -------- d-----w- c:\program files\Common Files\BitDefender
    2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\program files\BitDefender
    2009-05-12 01:20 . 2009-05-12 01:20 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Kasper-Key_Sharing_Networ
    2009-05-11 20:16 . 2009-02-19 22:16 -------- d-----w- c:\program files\IrfanView
    2009-05-01 15:36 . 2009-05-01 15:36 -------- d-----w- c:\program files\PlayPianoTODAY
    2009-04-28 11:15 . 2009-04-28 11:15 3128 ----a-r- c:\documents and settings\Daniel Bautista\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
    2009-04-25 03:25 . 2008-06-29 22:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-04-25 03:25 . 2008-06-29 22:09 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-04-25 00:15 . 2009-04-10 13:47 -------- d-----w- c:\program files\FXhome PhotoKey 2 Pro
    2009-04-20 23:18 . 2009-04-20 23:18 1878984 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth2.dll
    2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth1.dll
    2009-04-04 16:01 . 2008-06-29 22:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-04-04 11:30 . 2006-08-17 06:52 165592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-01 01:23 . 2009-04-01 01:23 161 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Kompoz Konnect.dat
    2004-03-11 18:27 . 2007-03-10 18:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2009-03-05 22:08 . 2009-05-12 03:14 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
    .

    ------- Sigcheck -------

    [7] 2005-05-26 03:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    [7] 2006-01-14 01:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2004-08-04 21:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
    [7] 2005-05-26 03:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
    [7] 2006-01-13 10:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
    [7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    [7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
    .
    2007-03-09 15:09 . 2007-03-09 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

    2007-05-11 07:06 . 2007-05-11 07:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
    2008-01-12 03:16 . 2008-01-12 03:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    2007-09-07 23:01 . 2007-09-07 23:01 43008 c:\program files\BitTorrent\bak\bittorrent.exe

    2007-05-10 23:33 . 2007-05-10 23:33 216064 c:\program files\BitTorrent_DNA\bak\dna.exe

    2006-03-20 22:34 . 2006-03-20 22:34 86960 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
    2006-09-11 09:40 . 2006-09-11 09:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    2006-03-20 22:34 . 2006-03-20 22:34 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

    2006-12-17 05:10 . 2006-12-17 05:10 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

    2007-02-01 02:39 . 2006-07-13 19:02 40960 c:\program files\Hewlett-Packard\Default Settings\bak\cpqset.exe

    2005-02-17 03:11 . 2005-02-17 03:11 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    2007-05-08 20:24 . 2007-05-08 20:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    2006-08-17 07:19 . 2006-07-19 22:14 102400 c:\program files\HP\QuickPlay\bak\QPService.exe

    2007-09-26 18:42 . 2007-09-26 18:42 267064 c:\program files\iTunes\bak\iTunesHelper.exe
    2008-09-10 21:40 . 2008-09-10 21:40 289576 c:\program files\iTunes\iTunesHelper.exe

    2007-08-09 01:54 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

    2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\bak\MMReminderService.exe
    2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\MmReminderService.exe

    2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe
    2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
    2008-09-06 19:09 . 2008-09-06 19:09 413696 c:\program files\QuickTime\QTTask.exe

    2006-08-17 07:18 . 2006-06-17 05:22 794713 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

    2004-09-05 22:20 . 2004-09-05 22:20 380928 c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\bak\pdfSaver3.exe

    2006-12-12 14:52 . 2005-03-08 15:02 910336 c:\program files\Webroot\Washer\bak\wwDisp.exe

    2006-10-19 01:05 . 2006-10-19 01:05 204288 c:\program files\Windows Media Player\bak\WMPNSCFG.exe

    2006-08-17 08:09 . 2006-02-09 16:52 643072 c:\windows\CREATOR\bak\Remind_XP.exe

    2006-08-17 08:09 . 2005-10-11 17:23 1187840 c:\windows\SMINST\bak\RecGuard.exe

    2004-08-04 21:00 . 2004-08-04 21:00 15360 c:\windows\system32\bak\ctfmon.exe
    2004-08-04 21:00 . 2004-08-04 13:00 15360 c:\windows\system32\ctfmon.exe

    2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_F ATIABA.EXE
    2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIA BA.EXE

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "AdobeBridge"="" [N/A]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2006-03-20 213936]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "ReminderApp"="c:\program files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-09-27 86016]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
    "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
    "pdfSaver3"="" [N/A]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-27 1617920]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2008-11-14 1126400]
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-8-6 51776]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1"=usbmn1x1.dll
    "midi2"=ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Config V1\\EpsonNet Config.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\BitTorrent_DNA\\btdna.exe"=
    "c:\\Documents and Settings\\Daniel Bautista\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
    "c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R0 Winem43;Winem43;c:\windows\System32\Drivers\Winem4 3.sys [x]
    R0 Winks21;Winks21;c:\windows\System32\Drivers\Winks2 1.sys [x]
    R0 Winvd53;Winvd53;c:\windows\System32\Drivers\Winvd5 3.sys [x]
    R1 c2scsi;c2scsi; [x]
    R2 aspnet_statemnmsrvc;ASP.NET State Service aspnet_statemnmsrvc;ð%€|x srv [x]
    R2 Eventlogusnjsvc;Event Log Eventlogusnjsvc;ð%€|x srv [x]
    R2 gupdate1c95c0c7f53fe46;Google Update Service (gupdate1c95c0c7f53fe46);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
    R2 lanmanserverwscsvc;Server lanmanserverwscsvc;ð%€|x srv [x]
    R2 mnmsrvcFastUserSwitchingCompatibility;NetMeeting Remote Desktop Sharing mnmsrvcFastUserSwitchingCompatibility;ð%€|x srv [x]
    R2 NVSvcWmi;NVIDIA Display Driver Service NVSvcWmi;ð%€|x srv [x]
    R2 PolicyAgentTermService;IPSEC Services PolicyAgentTermService;ð%€|x srv [x]
    R2 RemoteRegistrydmadmin;Remote Registry RemoteRegistrydmadmin;ð%€|x srv [x]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 SCardSvr Mobile Device;Smart Card SCardSvr Mobile Device;ð%€|x srv [x]
    R2 SENSVSS;System Event Notification SENSVSS;ˆ srv [x]
    R2 SessionLauncher;SessionLauncher; [x]
    R2 TapiSrvTlntSvr;Telephony TapiSrvTlntSvr;ð%€|x srv [x]
    R2 TapiSrvTlntSvrNetlogon;Telephony TapiSrvTlntSvr TapiSrvTlntSvrNetlogon;ð%€|x srv [x]
    R2 wuauserv Driver HPZ12;Automatic Updates wuauserv Driver HPZ12;ð%€|x srv [x]
    R2 WudfSvcRSVP;Windows Driver Foundation - User-mode Driver Framework WudfSvcRSVP;ð%€|x srv [x]
    R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
    R3 arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
    R3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\Drivers\avcuwfl.sys [2003-12-23 18644]
    R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\DRIVERS\avcuwilo.sys [2004-01-03 51166]
    R3 L6SeaMonkDev;Line 6 Variax USB Service;c:\windows\system32\Drivers\L6SM.sys [2005-03-21 35712]
    R3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
    R3 ps_1394;ps_1394;c:\windows\system32\Drivers\ps_139 4.sys [2004-10-14 97152]
    R3 ps_avs;ps_avs;c:\windows\system32\Drivers\ps_avs.s ys [2004-10-14 24576]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
    R3 Stlnpitds;Stlnpitds; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
    S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder

    2008-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

    2009-06-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 18:44]

    2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 04:01]
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-c008931 - c008931.mat
    Notify-ssqNFVMf - ssqNFVMf.dll
    SafeBoot-Winah75.sys
    SafeBoot-Winbi20.sys
    SafeBoot-Windk30.sys
    SafeBoot-Winem43.sys
    SafeBoot-Winks21.sys
    SafeBoot-Winrx63.sys
    SafeBoot-Winsa20.sys
    SafeBoot-Wintb31.sys
    SafeBoot-Winvd53.sys


    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 0.0.0.0:80
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath -
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-06-19 18:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\a spnet_statemnmsrvc]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\E ventlogusnjsvc]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\l anmanserverwscsvc]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\m nmsrvcFastUserSwitchingCompatibility]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N VSvcWmi]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\P olicyAgentTermService]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\R emoteRegistrydmadmin]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S CardSvr Mobile Device]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S ENSVSS]
    "ImagePath"="ˆ\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T apiSrvTlntSvr]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T apiSrvTlntSvrNetlogon]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\w uauserv Driver HPZ12]
    "ImagePath"="ð%€|x\01\09 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W udfSvcRSVP]
    "ImagePath"="ð%€|x\01\09 srv"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3508402763-3168612021-2433035992-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{27C6E1B6-8CB0-521C-4E4E-4EEE811F3222}*]
    "hajbingbmkgglpfb"=hex:6a,61,64,6f,6a,70,6f,6e,61, 6e,69,6a,69,6b,6c,61,6b,6a,
    64,6d,00,a3
    "iahaogncbcpgbbhgih"=hex:6a,61,64,6f,66,70,6b,70,6 e,61,6b,70,6b,65,67,70,65,65,
    68,6f,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:8b,da,88,f0,e0,d6,d0,30,c3,52,ab,19, 62,6c,88,98,d4,3a,b4,41,13,
    7e,06,bc,dd,3c,0d,a9,d7,43,73,05,2a,19,7f,5d,fa,9d ,51,08,f3,03,f9,74,e6,39,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1012)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2804)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\UPnPUI.dll
    c:\program files\Common Files\Roxio Shared\10.0\DLLShared\FakeAvRenderer.dll
    c:\program files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2009\vsserv.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\mqtgsvc.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    c:\program files\Common Files\InstallShield\UpdateService\agent.exe
    .
    ************************************************** ************************
    .
    Completion time: 2009-06-19 18:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-19 22:10

    Pre-Run: 94,503,514,112 bytes free
    Post-Run: 94,846,599,168 bytes free

    417 --- E O F --- 2008-07-17 05:04
    __________________________________________________ ____________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:12 PM, on 6/19/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: ASP.NET State Service aspnet_statemnmsrvc (aspnet_statemnmsrvc) - Unknown owner - C:\WINDOWS\
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Event Log Eventlogusnjsvc (Eventlogusnjsvc) - Unknown owner - C:\WINDOWS\
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Server lanmanserverwscsvc (lanmanserverwscsvc) - Unknown owner - C:\WINDOWS\
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
    O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcFastUserSwitchingCompatibility (mnmsrvcFastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Display Driver Service NVSvcWmi (NVSvcWmi) - Unknown owner - C:\WINDOWS\
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: IPSEC Services PolicyAgentTermService (PolicyAgentTermService) - Unknown owner - C:\WINDOWS\
    O23 - Service: Remote Registry RemoteRegistrydmadmin (RemoteRegistrydmadmin) - Unknown owner - C:\WINDOWS\
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: Smart Card SCardSvr Mobile Device (SCardSvr Mobile Device) - Unknown owner - C:\WINDOWS\
    O23 - Service: System Event Notification SENSVSS (SENSVSS) - Unknown owner - ˆ .exe (file missing)
    O23 - Service: SessionLauncher - Unknown owner - (no file)
    O23 - Service: Telephony TapiSrvTlntSvr (TapiSrvTlntSvr) - Unknown owner - C:\WINDOWS\
    O23 - Service: Telephony TapiSrvTlntSvr TapiSrvTlntSvrNetlogon (TapiSrvTlntSvrNetlogon) - Unknown owner - C:\WINDOWS\
    O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    O23 - Service: Automatic Updates wuauserv Driver HPZ12 (wuauserv Driver HPZ12) - Unknown owner - C:\WINDOWS\
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcRSVP (WudfSvcRSVP) - Unknown owner - C:\WINDOWS\

    --
    End of file - 15135 bytes

    Thank you so much!

  3. 20-06-2009  #12
    broni
    broni is offline Senior Member
    Any reason, you skipped Recovery Console installation?
    It's pretty important part.
    When you run Combofix again, accept Recovery console installation.

    ================================================== ===========

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.


    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\msocreg32.dat
c:\windows\system32\bdod.bin
c:\windows\System32\Drivers\Winem43.sys
c:\windows\System32\Drivers\Winks21.sys
c:\windows\System32\Drivers\Winvd53.sys


Folder::

Driver::
Winem43
Winks21
Winvd53
aspnet_statemnmsrvc
Eventlogusnjsvc
lanmanserverwscsvc
mnmsrvcFastUserSwitchingCompatibility
NVSvcWmi
PolicyAgentTermService
RemoteRegistrydmadmin
"SCardSvr Mobile Device"
SENSVSS
TapiSrvTlntSvr
TapiSrvTlntSvrNetlogon
"wuauserv Driver HPZ12"
WudfSvcRSVP
Stlnpitds


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_statemnmsrvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlogusnjsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserverwscsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvcFastUserSwitchingCompatibility]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVSvcWmi]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgentTermService]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteRegistrydmadmin]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr Mobile Device]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENSVSS]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrvTlntSvr]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrvTlntSvrNetlogon]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv Driver HPZ12]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvcRSVP]

RegLockDel::

AWF::
c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\QTTask.exe
    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
  4. 20-06-2009  #13
    Digidan
    Digidan is offline Newbie
    I'm so sorry for the newbie errors,

    Here are the Logs:

    ComboFix 09-06-19.01 - Daniel Bautista 06/20/2009 10:31.2 - NTFSx86
    Running from: c:\documents and settings\Daniel Bautista\Desktop\6501.exe
    Command switches used :: c:\documents and settings\Daniel Bautista\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    "c:\windows\msocreg32.dat"
    "c:\windows\system32\bdod.bin"
    "c:\windows\System32\Drivers\Winem43.sys"
    "c:\windows\System32\Drivers\Winks21.sys"
    "c:\windows\System32\Drivers\Winvd53.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\msocreg32.dat
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\bdod.bin

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASPNET_STATEMNMSRVC
    -------\Legacy_EVENTLOGUSNJSVC
    -------\Legacy_LANMANSERVERWSCSVC
    -------\Legacy_MNMSRVCFASTUSERSWITCHINGCOMPATIBILITY
    -------\Legacy_NVSVCWMI
    -------\Legacy_POLICYAGENTTERMSERVICE
    -------\Legacy_REMOTEREGISTRYDMADMIN
    -------\Legacy_SCARDSVR_MOBILE_DEVICE
    -------\Legacy_SENSVSS
    -------\Legacy_TAPISRVTLNTSVR
    -------\Legacy_TAPISRVTLNTSVRNETLOGON
    -------\Legacy_WUAUSERV_DRIVER_HPZ12
    -------\Legacy_WUDFSVCRSVP
    -------\Service_Stlnpitds
    -------\Service_Winem43
    -------\Service_Winks21
    -------\Service_Winvd53


    ((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
    .

    2009-06-19 23:40 . 2009-06-19 23:40 -------- d-----w- c:\program files\iPod
    2009-06-19 23:40 . 2009-06-19 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-19 23:34 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-06-19 22:28 . 2009-06-19 23:06 -------- d-----w- c:\windows\system32\CatRoot_bak
    2009-06-19 22:27 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2009-06-19 22:26 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2009-06-17 23:53 . 2009-06-17 23:53 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Malwarebytes
    2009-06-17 23:37 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 23:37 . 2009-06-17 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-17 23:37 . 2009-06-17 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-17 23:37 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-17 19:02 . 2009-06-17 23:21 117760 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
    2009-06-17 19:02 . 2009-06-17 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-17 18:59 . 2009-06-17 19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\SUPERAntiSpyware.com
    2009-06-15 02:45 . 2009-06-15 02:45 -------- d-----w- C:\Templates
    2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\Wave Arts
    2009-06-09 23:26 . 2009-06-09 23:26 -------- d-----w- c:\program files\Wave Arts
    2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FabFilter
    2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\Common Files\VST3
    2009-06-09 23:25 . 2009-06-09 23:25 -------- d-----w- c:\program files\FabFilter
    2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-02 22:45 . 2009-06-02 22:45 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker Pro Advanced
    2009-06-02 22:44 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Daniel Bautista\Local Settings\Application Data\FileMaker
    2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\program files\FileMaker
    2009-06-02 22:42 . 2009-06-02 22:42 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\FileMaker
    2009-05-22 10:23 . 2009-05-22 10:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Thinstall

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-06-20 14:39 . 2007-05-24 23:50 -------- d-----w- c:\program files\QuickTime
    2009-06-20 14:38 . 2008-12-06 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-06-20 14:31 . 2007-07-05 02:27 -------- d-----w- c:\program files\iTunes
    2009-06-19 23:40 . 2007-07-05 02:26 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-19 23:36 . 2006-12-12 06:09 -------- d-----w- c:\program files\Apple Software Update
    2009-06-19 23:34 . 2007-07-05 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-06-19 22:45 . 2008-09-04 21:53 -------- d-----w- c:\program files\Bonjour
    2009-06-17 18:58 . 2007-02-21 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-14 17:59 . 2009-02-20 14:23 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\uTorrent
    2009-06-14 15:03 . 2007-05-24 01:24 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\UseNeXT
    2009-06-10 01:08 . 2007-05-24 01:24 -------- d-----w- c:\program files\UseNeXT
    2009-06-07 17:34 . 2006-08-17 05:46 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-07 17:34 . 2006-12-12 03:32 -------- d-----w- c:\program files\IK Multimedia
    2009-06-05 15:42 . 2008-07-31 22:26 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-05-27 01:28 . 2006-12-12 06:10 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Apple Computer
    2009-05-12 03:13 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\BitDefender
    2009-05-12 03:01 . 2009-05-12 03:00 -------- d-----w- c:\program files\Common Files\BitDefender
    2009-05-12 03:01 . 2009-05-12 03:01 -------- d-----w- c:\program files\BitDefender
    2009-05-12 01:20 . 2009-05-12 01:20 -------- d-----w- c:\documents and settings\Daniel Bautista\Application Data\Kasper-Key_Sharing_Networ
    2009-05-11 20:16 . 2009-02-19 22:16 -------- d-----w- c:\program files\IrfanView
    2009-05-01 15:36 . 2009-05-01 15:36 -------- d-----w- c:\program files\PlayPianoTODAY
    2009-04-29 04:56 . 2004-08-04 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-28 11:15 . 2009-04-28 11:15 3128 ----a-r- c:\documents and settings\Daniel Bautista\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
    2009-04-25 03:25 . 2008-06-29 22:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-04-25 03:25 . 2008-06-29 22:09 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-04-25 00:15 . 2009-04-10 13:47 -------- d-----w- c:\program files\FXhome PhotoKey 2 Pro
    2009-04-20 23:18 . 2009-04-20 23:18 1878984 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-04-17 09:58 . 2004-08-04 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 15:26 . 2004-08-04 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth2.dll
    2009-04-10 16:14 . 2009-04-10 16:14 1024 ----a-w- c:\windows\system32\grcauth1.dll
    2009-04-04 16:01 . 2008-06-29 22:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-04-04 11:30 . 2006-08-17 06:52 165592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-01 01:23 . 2009-04-01 01:23 161 ----a-w- c:\documents and settings\Daniel Bautista\Application Data\Kompoz Konnect.dat
    2004-03-11 18:27 . 2007-03-10 18:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2009-03-05 22:08 . 2009-05-12 03:14 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
    .

    ------- Sigcheck -------

    [7] 2005-05-26 03:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    [7] 2006-01-14 01:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2004-08-04 21:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
    [7] 2005-05-26 03:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
    [7] 2006-01-13 10:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
    [7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    [7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\tcpip.sys
    [-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-06-19_22.00.57 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-30 20:45 . 2008-09-30 20:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
    + 2005-05-26 09:16 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
    + 2004-08-04 21:00 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
    + 2004-08-04 21:00 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
    + 2005-06-29 00:21 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe
    + 2009-06-19 22:23 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\Ser viceStartup\wups2.dll\7.2.6001.788\wups2.dll
    + 2009-06-19 22:23 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2009-06-19 23:34 . 2008-07-23 00:32 32000 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaapl.sys
    + 2005-07-03 10:11 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
    - 2005-07-03 10:11 . 2008-04-23 04:16 44544 c:\windows\system32\pngfilt.dll
    + 2004-08-04 21:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
    - 2004-08-04 21:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
    + 2004-08-04 21:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
    + 2006-11-08 02:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
    - 2006-11-08 02:03 . 2008-04-23 04:16 52224 c:\windows\system32\msfeedsbs.dll
    + 2004-08-04 21:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
    - 2004-08-04 21:00 . 2004-08-04 21:00 58880 c:\windows\system32\msdtclog.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 27648 c:\windows\system32\jsproxy.dll
    + 2006-11-07 08:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
    + 2004-08-04 21:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 44544 c:\windows\system32\iernonce.dll
    + 2004-08-04 21:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
    - 2004-08-04 21:00 . 2008-04-22 07:39 70656 c:\windows\system32\ie4uinit.exe
    - 2006-10-17 16:58 . 2008-04-23 04:16 63488 c:\windows\system32\icardie.dll
    + 2006-10-17 16:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
    + 2009-06-19 23:34 . 2009-06-05 15:42 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205 D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
    + 2009-06-19 23:34 . 2009-06-05 15:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3 BEE74986FDE8E16A64162342BFF\netaapl.sys
    + 2009-06-19 23:40 . 2009-03-19 20:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D 36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
    + 2006-09-19 20:44 . 2009-03-19 20:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
    - 2008-08-29 13:53 . 2008-08-29 13:53 61440 c:\windows\system32\dnssd.dll
    + 2008-12-12 15:11 . 2008-12-12 15:11 61440 c:\windows\system32\dnssd.dll
    + 2008-12-12 15:18 . 2008-12-12 15:18 87336 c:\windows\system32\dns-sd.exe
    - 2008-08-29 14:18 . 2008-08-29 14:18 87336 c:\windows\system32\dns-sd.exe
    + 2004-08-04 21:00 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
    + 2004-08-04 21:00 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
    - 2006-10-23 15:17 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\pngfilt.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
    + 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
    + 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
    - 2007-05-10 01:32 . 2008-04-23 04:16 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-05-10 01:32 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
    - 2006-10-23 15:17 . 2008-04-23 04:16 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-10-23 15:17 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
    - 2007-05-10 01:32 . 2008-04-22 07:39 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2007-05-10 01:32 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2006-11-07 08:26 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\iernonce.dll
    + 2006-11-07 08:26 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
    + 2006-10-17 17:06 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
    - 2006-10-17 17:06 . 2007-08-13 22:45 78336 c:\windows\system32\dllcache\ieencode.dll
    + 2006-11-07 08:26 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
    - 2006-11-07 08:26 . 2008-04-22 07:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
    - 2007-08-20 10:04 . 2008-04-23 04:16 63488 c:\windows\system32\dllcache\icardie.dll
    + 2004-08-04 21:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
    + 2004-08-04 21:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
    + 2009-06-20 14:13 . 2009-06-20 14:13 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
    + 2009-06-19 23:36 . 2009-06-19 23:36 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
    + 2009-06-19 22:45 . 2009-06-19 22:45 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
    + 2009-06-20 14:16 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
    + 2009-06-20 14:16 . 2007-08-13 22:39 13312 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
    + 2009-06-20 14:16 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
    + 2009-06-20 14:16 . 2007-08-13 22:45 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
    + 2009-06-20 14:16 . 2008-04-22 07:39 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
    + 2009-06-20 14:16 . 2008-04-23 04:16 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
    + 2006-08-17 07:20 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
    + 2004-08-04 21:00 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
    + 2004-08-04 21:00 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
    + 2004-08-04 21:00 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
    + 2006-10-19 02:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
    - 2006-10-19 02:47 . 2006-10-19 02:47 295936 c:\windows\system32\wmpeffects.dll
    - 2004-08-04 21:00 . 2004-08-04 21:00 351232 c:\windows\system32\winhttp.dll
    + 2004-08-04 21:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 233472 c:\windows\system32\webcheck.dll
    + 2004-08-04 21:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
    + 2004-08-04 21:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 105984 c:\windows\system32\url.dll
    + 2004-08-04 21:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
    + 2004-08-04 21:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 102912 c:\windows\system32\occache.dll
    + 2004-08-04 21:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 671232 c:\windows\system32\mstime.dll
    + 2004-08-04 21:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
    + 2005-07-03 10:11 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
    - 2005-07-03 10:11 . 2008-04-23 04:16 193024 c:\windows\system32\msrating.dll
    + 2005-07-03 10:11 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
    + 2006-11-08 02:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
    - 2006-11-08 02:03 . 2008-04-23 04:16 459264 c:\windows\system32\msfeeds.dll
    + 2004-08-04 21:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
    + 2004-08-04 21:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
    + 2004-08-04 21:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
    - 2004-08-04 21:00 . 2007-08-21 06:15 683520 c:\windows\system32\inetcomm.dll
    + 2004-08-04 21:00 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
    + 2006-10-17 16:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
    + 2006-10-17 16:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
    - 2006-10-17 16:27 . 2008-04-23 04:16 383488 c:\windows\system32\ieapfltr.dll
    + 2004-08-04 21:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
    - 2004-08-04 21:00 . 2008-04-20 05:07 161792 c:\windows\system32\ieakui.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 230400 c:\windows\system32\ieaksie.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 153088 c:\windows\system32\ieakeng.dll
    - 2006-10-03 23:47 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
    + 2006-10-03 23:47 . 2008-04-17 16:12 107368 c:\windows\system32\GEARAspi.dll
    + 2004-08-04 21:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 133120 c:\windows\system32\extmgr.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 214528 c:\windows\system32\dxtrans.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 347136 c:\windows\system32\dxtmsft.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
    + 2009-06-19 23:40 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D 36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
    + 2005-05-10 08:17 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
    + 2005-01-19 12:26 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
    + 2004-08-04 21:00 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
    + 2004-08-04 21:00 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
    + 2004-08-04 21:00 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
    + 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
    + 2006-11-08 02:03 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
    - 2006-11-08 02:03 . 2008-04-23 04:16 233472 c:\windows\system32\dllcache\webcheck.dll
    + 2006-10-17 17:05 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
    - 2006-10-17 17:05 . 2008-04-23 04:16 105984 c:\windows\system32\dllcache\url.dll
    + 2006-08-21 14:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2006-08-14 10:34 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
    + 2007-10-10 01:32 . 2009-04-15 15:26 583168 c:\windows\system32\dllcache\rpcrt4.dll
    - 2006-10-17 17:04 . 2008-04-23 04:16 102912 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 17:04 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
    + 2006-08-17 12:28 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
    - 2006-10-23 15:17 . 2008-04-23 04:16 671232 c:\windows\system32\dllcache\mstime.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
    - 2006-10-23 15:17 . 2008-04-23 04:16 193024 c:\windows\system32\dllcache\msrating.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
    - 2007-05-10 01:32 . 2008-04-23 04:16 459264 c:\windows\system32\dllcache\msfeeds.dll
    + 2007-05-10 01:32 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
    + 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
    + 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
    + 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
    + 2006-11-08 05:06 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
    - 2006-11-08 05:06 . 2007-08-21 06:15 683520 c:\windows\system32\dllcache\inetcomm.dll
    + 2006-10-17 17:04 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
    + 2007-05-10 01:32 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
    + 2006-11-07 08:27 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-05-10 01:32 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
    - 2007-05-10 01:32 . 2008-04-23 04:16 383488 c:\windows\system32\dllcache\ieapfltr.dll
    - 2006-11-07 08:25 . 2008-04-20 05:07 161792 c:\windows\system32\dllcache\ieakui.dll
    + 2006-11-07 08:25 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
    - 2006-11-07 08:27 . 2008-04-23 04:16 230400 c:\windows\system32\dllcache\ieaksie.dll
    + 2006-11-07 08:27 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
    + 2006-11-07 08:26 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
    - 2006-11-07 08:26 . 2008-04-23 04:16 153088 c:\windows\system32\dllcache\ieakeng.dll
    + 2007-03-08 15:36 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
    + 2006-10-23 15:17 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
    - 2006-10-23 15:17 . 2008-04-23 04:16 133120 c:\windows\system32\dllcache\extmgr.dll
    - 2006-10-23 15:17 . 2008-04-23 04:16 214528 c:\windows\system32\dllcache\dxtrans.dll
    + 2006-10-23 15:17 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
    - 2006-10-23 15:17 . 2008-04-23 04:16 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2006-10-23 15:17 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2006-11-07 08:26 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
    - 2006-11-07 08:26 . 2008-04-23 04:16 124928 c:\windows\system32\dllcache\advpack.dll
    + 2004-08-04 21:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 124928 c:\windows\system32\advpack.dll
    + 2009-06-19 23:40 . 2009-06-19 23:40 102400 c:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe
    + 2009-06-20 14:16 . 2008-04-23 04:16 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
    + 2009-06-20 14:16 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
    + 2009-06-20 14:16 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
    + 2009-06-20 14:16 . 2008-04-23 04:16 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 478208 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
    + 2009-06-20 14:16 . 2008-04-22 07:40 625664 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
    + 2009-06-20 14:16 . 2008-04-23 04:16 267776 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 384512 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
    + 2009-06-20 14:16 . 2008-04-20 05:07 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
    + 2005-01-19 12:26 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
    + 2004-08-04 21:00 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
    + 2004-08-04 21:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
    - 2004-08-04 21:00 . 2008-04-23 04:16 1159680 c:\windows\system32\urlmon.dll
    + 2004-08-04 21:00 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
    + 2006-05-10 20:46 . 2009-06-20 14:12 6275374 c:\windows\system32\perfc009.dat
    + 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\system32\msxml4.dll
    + 2004-08-04 21:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
    + 2004-08-04 21:00 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
    - 2006-11-08 02:03 . 2008-04-23 04:16 6066176 c:\windows\system32\ieframe.dll
    + 2006-11-08 02:03 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
    - 2006-09-06 04:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
    + 2006-09-06 04:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
    - 2006-05-10 20:42 . 2009-04-04 17:04 2563496 c:\windows\system32\FNTCACHE.DAT
    + 2006-05-10 20:42 . 2009-06-20 14:37 2563496 c:\windows\system32\FNTCACHE.DAT
    + 2009-06-19 23:34 . 2009-06-05 15:42 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205 D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
    + 2009-06-19 23:34 . 2009-06-05 15:42 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3 BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dl l
    + 2004-08-04 21:00 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
    + 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
    - 2006-10-23 15:17 . 2008-04-23 04:16 1159680 c:\windows\system32\dllcache\urlmon.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
    + 2006-07-13 13:33 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
    + 2006-09-13 05:01 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
    + 2006-10-23 15:17 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
    - 2007-05-10 01:32 . 2008-04-23 04:16 6066176 c:\windows\system32\dllcache\ieframe.dll
    + 2007-05-10 01:32 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
    - 2007-05-10 01:32 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
    + 2007-05-10 01:32 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
    + 2009-06-20 14:16 . 2008-04-23 04:16 1159680 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
    + 2009-06-20 14:16 . 2008-04-24 02:16 3591680 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
    + 2009-06-20 14:16 . 2008-04-23 04:16 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
    + 2009-06-20 14:16 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
    + 2005-12-20 10:30 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
    + 2006-05-10 20:46 . 2009-06-20 14:12 10574150 c:\windows\system32\perfh009.dat
    + 2006-12-18 03:29 . 2009-06-01 13:51 23635392 c:\windows\system32\MRT.exe
    + 2005-12-20 10:30 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
    .
    2007-03-09 15:09 . 2007-03-09 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

    2007-09-07 23:01 . 2007-09-07 23:01 43008 c:\program files\BitTorrent\bak\bittorrent.exe

    2007-05-10 23:33 . 2007-05-10 23:33 216064 c:\program files\BitTorrent_DNA\bak\dna.exe

    2006-03-20 22:34 . 2006-03-20 22:34 86960 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
    2006-09-11 09:40 . 2006-09-11 09:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    2006-03-20 22:34 . 2006-03-20 22:34 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

    2006-12-17 05:10 . 2006-12-17 05:10 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

    2007-02-01 02:39 . 2006-07-13 19:02 40960 c:\program files\Hewlett-Packard\Default Settings\bak\cpqset.exe

    2006-08-17 07:19 . 2006-07-19 22:14 102400 c:\program files\HP\QuickPlay\bak\QPService.exe

    2007-08-09 01:54 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

    2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\bak\MMReminderService.exe
    2005-09-13 07:02 . 2005-09-13 07:02 28672 c:\program files\Mindjet\MindManager 6\MmReminderService.exe

    2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe
    2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    2006-08-17 07:18 . 2006-06-17 05:22 794713 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

    2004-09-05 22:20 . 2004-09-05 22:20 380928 c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\bak\pdfSaver3.exe

    2006-12-12 14:52 . 2005-03-08 15:02 910336 c:\program files\Webroot\Washer\bak\wwDisp.exe

    2006-10-19 01:05 . 2006-10-19 01:05 204288 c:\program files\Windows Media Player\bak\WMPNSCFG.exe

    2006-08-17 08:09 . 2006-02-09 16:52 643072 c:\windows\CREATOR\bak\Remind_XP.exe

    2006-08-17 08:09 . 2005-10-11 17:23 1187840 c:\windows\SMINST\bak\RecGuard.exe

    2004-08-04 21:00 . 2004-08-04 21:00 15360 c:\windows\system32\bak\ctfmon.exe
    2004-08-04 21:00 . 2004-08-04 13:00 15360 c:\windows\system32\ctfmon.exe

    2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_F ATIABA.EXE
    2005-01-27 08:00 . 2005-01-27 08:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIA BA.EXE

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "AdobeBridge"="" [N/A]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2006-03-20 213936]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "ReminderApp"="c:\program files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe" [2007-06-08 161864]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-09-27 86016]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
    "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
    "pdfSaver3"="" [N/A]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-27 1617920]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    FirePod Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2008-11-14 1126400]
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-8-6 51776]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi1"=usbmn1x1.dll
    "midi2"=ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aawservice"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Config V1\\EpsonNet Config.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\BitTorrent_DNA\\btdna.exe"=
    "c:\\Documents and Settings\\Daniel Bautista\\Application Data\\Vusion\\WARPVideoStreamer.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
    "c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R1 c2scsi;c2scsi; [x]
    R2 gupdate1c95c0c7f53fe46;Google Update Service (gupdate1c95c0c7f53fe46);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R2 SessionLauncher;SessionLauncher; [x]
    R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
    R3 arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
    R3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\Drivers\avcuwfl.sys [2003-12-23 18644]
    R3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\DRIVERS\avcuwilo.sys [2004-01-03 51166]
    R3 L6SeaMonkDev;Line 6 Variax USB Service;c:\windows\system32\Drivers\L6SM.sys [2005-03-21 35712]
    R3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
    R3 ps_1394;ps_1394;c:\windows\system32\Drivers\ps_139 4.sys [2004-10-14 97152]
    R3 ps_avs;ps_avs;c:\windows\system32\Drivers\ps_avs.s ys [2004-10-14 24576]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
    S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-06-20 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 18:44]

    2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 04:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 0.0.0.0:80
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath -
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-06-20 10:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3508402763-3168612021-2433035992-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{27C6E1B6-8CB0-521C-4E4E-4EEE811F3222}*]
    "hajbingbmkgglpfb"=hex:6a,61,64,6f,6a,70,6f,6e,61, 6e,69,6a,69,6b,6c,61,6b,6a,
    64,6d,00,a3
    "iahaogncbcpgbbhgih"=hex:6a,61,64,6f,66,70,6b,70,6 e,61,6b,70,6b,65,67,70,65,65,
    68,6f,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:8b,da,88,f0,e0,d6,d0,30,c3,52,ab,19, 62,6c,88,98,d4,3a,b4,41,13,
    7e,06,bc,dd,3c,0d,a9,d7,43,73,05,2a,19,7f,5d,fa,9d ,51,08,f3,03,f9,74,e6,39,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1012)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'explorer.exe'(2280)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\UPnPUI.dll
    c:\program files\Common Files\Roxio Shared\10.0\DLLShared\FakeAvRenderer.dll
    c:\program files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\BitDefender\BitDefender 2009\vsserv.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\mqtgsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    .
    ************************************************** ************************
    .
    Completion time: 2009-06-20 10:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-20 14:48
    ComboFix2.txt 2009-06-19 22:10

    Pre-Run: 92,534,951,936 bytes free
    Post-Run: 92,536,225,792 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

    574 --- E O F --- 2009-06-20 14:21
    __________________________________________________ _________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:49:11 AM, on 6/20/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 13660 bytes

    Thank You......
  5. 20-06-2009  #14
    broni
    broni is offline Senior Member
    Uninstall Combofix:

    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u"
    Restart computer.


    Please download DrWeb CureIt (Dr.Web CureIt! ? download free anti-virus! Cure viruses, Best free anti-virus scanner!) & save it to your desktop.

    Scan with DrWeb-CureIt as follows:

    * Double-click on drweb-cureit.exe and then click Start. Click OK in a pop-up window allowing Express Scan
    o This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
    * Once the short scan has finished, Click Options > Change settings
    * Choose the Scan tab and uncheck Heuristic analysis and click OK
    * Back at the main window, select the Complete scan button.
    * Then click the Green Arrow Start Scanning button on the right and the scan will start.
    o Click Yes to all if it asks if you want to cure/move any file(s).
    * When the scan is done...
    * In the Dr.Web CureIt menu on top left, click File and choose Save report list.
    * Save the DrWeb.csv report to your Desktop.
    * Exit Dr.Web Cureit.


    * Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

    * After reboot. Leave the Dr. Web CureIt log on the desktop.

    Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan a pop-up window will appear, asking you to buy a full version. Simply close the pop-up window.
  6. 22-06-2009  #15
    Digidan
    Digidan is offline Newbie
    Here are the LOGS:

    DR Web
    AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown ;;
    AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
    UACiovyyhnnfaxnsay.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Invalid path to file ;
    UACrcpjjlarfpywpfs.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Incurable.Moved .;
    UACwpejbcjwkgrpdkr.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.105;Deleted.;
    UACxrodkqkctsnbuma.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.49;Deleted.;
    SP31524.exe/musicnow1.exe\data008;C:\SWSetup\AOLMN\SP31524.exe/musicnow1.exe;Trojan.Click.2093;;
    \musicnow1.exe;C:\SWSetup\AOLMN;Archive contains infected objects;;
    SP31524.exe;C:\SWSetup\AOLMN;Archive contains infected objects;Moved.;
    cakemania-setup.exe/data030\data002;C:\SWSetup\HPGame\games\cakemania-setup.exe/data030;Adware.SpywareStorm;;
    data030;C:\SWSetup\HPGame\games;Archive contains infected objects;;
    cakemania-setup.exe;C:\SWSetup\HPGame\games;Archive contains infected objects;Moved.;
    A0019605.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP13;Win32.HLLW.Facebook.63;Deleted. ;
    A0019606.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP13;Win32.HLLW.Facebook.63;Deleted. ;
    A0029873.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;BackDoor.Tdss.49;Deleted.;
    A0029874.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;BackDoor.Tdss.105;Deleted.;
    A0029875.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;Trojan.Packed.365;Incurable.Mov ed.;
    A0029876.dll;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP21;Trojan.Packed.365;Incurable.Mov ed.;
    A0032632.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25\A0032632.EXE;Adware.Gdown;;
    A0032632.EXE;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;Moved.;
    A0032634.exe/musicnow1.exe\data008;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25\A0032634.exe/musicnow1.exe;Trojan.Click.2093;;
    \musicnow1.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;;
    A0032634.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;Moved.;
    A0032635.exe/data030\data002;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25\A0032635.exe/data030;Adware.SpywareStorm;;
    data030;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;;
    A0032635.exe;C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP25;Archive contains infected objects;Moved.;
    __________________________________________________ ________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:37:59 PM, on 6/21/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 13890 bytes

    Again, thank you for all your great help....I truly appreciate it.
  7. 22-06-2009  #16
    broni
    broni is offline Senior Member
    This entries from Dr.Web:
    UACiovyyhnnfaxnsay.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Invalid path to file ;
    UACrcpjjlarfpywpfs.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;Trojan.Packed.365;Incurable.Moved .;
    UACwpejbcjwkgrpdkr.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.105;Deleted.;
    UACxrodkqkctsnbuma.dll.vir;C:\Qoobox\Quarantine\C\ WINDOWS\system32;BackDoor.Tdss.49;Deleted.;
    tell me, that you either didn't uninstall Combofix, or you didn't restart computer before running Dr.Web.

    In any case, make sure, that Combofix, Qoobox folders,and Combofix.txt file are gone from C:, and Combofix is gone from your desktop.

    ================================================== ===========

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ================================================== ============

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - none

    4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -scheduler
    - O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    - O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    - O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    - O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    - O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    - O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    - O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    - O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    - O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (User '?')
    - O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
  8. 23-06-2009  #17
    Digidan
    Digidan is offline Newbie
    Ooops, I just deleted all the ComboFix files from C:

    Here is the latest log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:32:10 AM, on 6/22/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - Welcome to AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 0.0.0.0:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3508402763-3168612021-2433035992-1005\..\Run: [AdobeBridge] (User '?')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Arrakis Server (arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c95c0c7f53fe46) (gupdate1c95c0c7f53fe46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (livesrv) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - M-Audio - (no file)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - (no file)
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - (no file)
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - (no file)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: BitDefender Virus Shield (vsserv) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 12536 bytes
  9. 23-06-2009  #18
    broni
    broni is offline Senior Member
    Your computer is clean

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    7. Download, and install WOT (Web OF Trust): Internet Security | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

    10. Let me know, how is your computer doing.
  10. 24-06-2009  #19
    Digidan
    Digidan is offline Newbie
    Thank you for your great support Broni,

    The computer is running perfectly fine now thanks to your night after night help. I truly appreciate your service.
  11. 24-06-2009  #20
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Super!
    Happy surfing
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« [Resolved] Re-directed sites | [Active] The virus changed my password administrator »