cleaning help please....

**Mister** · 03-08-2010

Hi

Thank you VERY much in advance - your help is appreciated.

Computer is infected, Ive tried some virus cleaning. Tried to run Malwarebytes but it didnt run. Came to your web site for help....

AMD Semperon 2600+, 1.83 ghz, and 1.46 ram on sotec computer.

Thanks,Ive followed instructions

1. firewall on (windows)
2. up to date antivirus - avast already installed and updated
3. tempfile cleaner - done
4. Malwarebytes - done had to rename to run. restart
5. GMER - done
6. mbr check - done
7. otl - did not run. tried in safe mode,tried renaming in normal and safe and sono log to post for this. All other logs attached.

Thank you again - what is the next step please ?

**broni** · 03-08-2010

I don't see GMER log and MBRCheck seems to be cut off.
Please, re-run it.

**Mister** · 03-08-2010

Apologies. gmer.log is an invalid file for upload - i didnt notice the first time. saved as *txt and reloaded. mbrcheck rerun and posted. thank you.

**broni** · 03-08-2010

Both logs look clean

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Mister** · 03-08-2010

Thanks, something has been blocking internet access to anti virus sites.....must be a problem somewhere...

combofix didnt run in normal,so booted to safe mode and it ran ok. Log attached.
Thank you :-)

**broni** · 03-08-2010

I prefer, if you just paste all logs. Sorry, I didn't tell you earlier

ComboFix 10-08-02.01 - Pw 03/08/2010 13:46:27.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1132 [GMT 10:00]
Running from: c:\documents and settings\Pw\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pw\Application Data\9f09628a.exe
c:\documents and settings\Pw\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Pw\System
c:\documents and settings\Pw\System\win_qs8.jqx
c:\program files\INSTALL.LOG
c:\windows\start.exe
c:\windows\system32\dzgtactx.dll
c:\windows\system32\ernel32.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\twain.dll
c:\windows\system32\zip32.dll
c:\windows\Web\default.htt
c:\windows\WINDOWS
c:\windows\WINDOWS\OLAGNT32.INI

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-02 07:03 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 07:03 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 00:39 . 2010-08-01 00:39 -------- d-----w- c:\documents and settings\Pw\DoctorWeb
2010-08-01 00:34 . 2010-08-01 00:34 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\ppctl.dll
2010-08-01 00:34 . 2010-08-01 00:34 552070 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\ppclean.exe
2010-08-01 00:34 . 2010-08-01 00:34 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\caAspyScan.dll
2010-08-01 00:32 . 2010-08-01 00:32 337192 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\arclib.dll
2010-08-01 00:32 . 2010-08-01 00:32 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\CAAVScan.dll
2010-08-01 00:32 . 2010-08-01 00:32 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\vete.dll
2010-07-31 05:23 . 2010-07-30 13:52 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-31 05:23 . 2010-07-31 05:23 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-07-31 05:23 . 2010-07-31 09:49 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-31 05:18 . 2010-07-31 05:18 147968 --sha-r- c:\windows\system32\defragh.dll
2010-07-29 11:41 . 2010-07-29 11:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-29 11:40 . 2010-07-29 11:40 -------- d-----w- c:\program files\Auslogics
2010-07-28 01:05 . 2010-06-27 06:49 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-28 01:05 . 2010-05-11 06:29 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-28 01:05 . 2010-05-11 06:29 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-28 01:05 . 2010-05-11 06:29 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-28 01:05 . 2010-05-11 06:29 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-07-28 01:05 . 2010-07-28 01:05 -------- d-----w- c:\program files\EASEUS
2010-07-25 13:17 . 2010-07-25 13:17 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-07-25 13:17 . 2010-07-25 13:17 22 --sha-w- c:\documents and settings\Pw\Application Data\Sys6925.Config Collection.sys
2010-07-25 13:16 . 2010-07-25 13:16 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-07-25 12:54 . 2010-07-25 12:54 -------- d-----w- c:\documents and settings\Pw\Application Data\Philipp Winterberg
2010-07-25 12:54 . 2010-07-25 12:54 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-07-25 08:42 . 2008-04-13 19:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-25 08:42 . 2001-08-17 12:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-25 08:42 . 2008-04-13 19:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-25 08:42 . 2001-08-17 12:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-25 08:42 . 2001-08-17 12:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-25 08:41 . 2001-08-17 12:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-25 08:41 . 2001-08-17 02:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-25 08:41 . 2008-04-13 12:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-25 08:41 . 2008-04-13 12:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-07-25 08:41 . 2008-04-13 19:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-07-25 08:39 . 2001-08-17 03:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-07-25 08:38 . 2001-08-17 12:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-07-25 08:37 . 2001-08-17 03:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-07-25 08:37 . 2001-08-17 12:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-07-25 08:37 . 2001-08-17 04:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-07-25 08:37 . 2001-08-17 03:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-07-25 08:37 . 2001-08-17 02:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-07-25 08:37 . 2001-08-17 12:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-07-25 08:37 . 2001-08-17 02:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-07-25 08:37 . 2008-04-13 14:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-07-25 08:37 . 2001-08-17 03:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-07-25 08:37 . 2001-08-17 03:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-07-25 07:34 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-07-25 07:33 . 2001-08-17 03:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-07-25 07:32 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-07-25 07:31 . 2008-04-13 14:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-07-25 07:30 . 2008-04-13 12:09 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-07-25 07:29 . 2001-08-17 03:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-07-25 07:28 . 2008-04-13 14:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-25 07:27 . 2001-08-17 12:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-07-25 07:26 . 2001-08-17 02:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2010-07-25 07:25 . 2001-08-17 12:36 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2010-07-25 07:24 . 2001-08-17 04:56 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2010-07-25 07:23 . 2001-08-17 03:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-07-25 07:22 . 2004-09-08 13:05 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-07-25 07:21 . 2001-08-17 03:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-07-25 07:21 . 2008-04-13 12:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-07-25 07:21 . 2001-08-17 03:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2010-07-25 07:21 . 2001-08-17 02:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2010-07-25 07:21 . 2001-08-17 03:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2010-07-25 07:21 . 2001-08-17 03:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-07-25 07:21 . 2001-08-17 04:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2010-07-25 07:21 . 2001-08-17 02:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-07-25 07:21 . 2001-08-17 04:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-07-25 07:21 . 2001-08-17 03:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-07-25 07:10 . 2001-08-17 04:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-07-25 07:10 . 2001-08-17 02:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-07-25 07:10 . 2008-04-13 12:06 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2010-07-25 07:10 . 2001-08-17 02:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2010-07-25 07:10 . 2001-08-17 02:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-07-25 07:10 . 2001-08-17 02:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-07-25 07:10 . 2001-08-17 02:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2010-07-25 07:10 . 2001-08-17 03:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2010-07-23 07:57 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-23 07:57 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-23 07:57 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-23 07:57 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-23 07:57 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-23 07:57 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-23 07:57 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-23 07:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-23 07:56 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-23 03:38 . 2010-07-23 03:38 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-03 01:36 . 2009-06-19 14:28 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-08-03 01:36 . 2009-06-19 14:28 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-08-03 01:34 . 2008-11-18 13:09 -------- d-----w- c:\documents and settings\Pw\Application Data\Free Download Manager
2010-08-03 01:25 . 2010-02-25 11:35 -------- d-----w- c:\program files\IDrive
2010-08-02 09:43 . 2008-08-26 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 00:23 . 2006-04-26 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-30 13:52 . 2008-04-02 13:07 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-07-30 13:51 . 2008-04-02 13:06 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-30 13:51 . 2009-03-11 02:49 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-07-30 13:51 . 2008-04-02 13:05 -------- d-----w- c:\program files\Common Files\Maxtor
2010-07-30 00:57 . 2010-05-05 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-07-29 08:22 . 2009-10-11 06:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-29 08:22 . 2009-10-11 06:47 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-27 07:26 . 2007-04-20 02:33 -------- d-----w- c:\program files\RealWorksLive
2010-07-26 07:41 . 2007-10-09 09:36 -------- d-----w- c:\documents and settings\Pw\Application Data\Sites
2010-07-26 07:41 . 2007-10-09 09:36 -------- d-----w- c:\documents and settings\Pw\Application Data\SiteClasses
2010-07-25 13:19 . 2005-10-22 09:19 -------- d-----w- c:\program files\Yahoo!
2010-07-23 07:56 . 2010-07-02 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-23 07:20 . 2009-10-23 02:39 -------- d-----w- c:\program files\Software Informer
2010-07-23 03:29 . 2010-07-23 06:29 205428 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professio nal_32_1033.dat
2010-07-06 06:59 . 2010-04-11 09:12 439816 ----a-w- c:\documents and settings\Pw\Application Data\Real\Update\setup3.10\setup.exe
2010-07-06 06:28 . 2006-08-22 09:46 -------- d-----w- c:\program files\Alwil Software
2010-06-18 03:57 . 2006-03-27 11:14 -------- d-----w- c:\documents and settings\Pw\Application Data\Canon
2010-06-15 07:10 . 2006-04-04 07:30 -------- d-----w- c:\program files\QuickTime
2010-06-14 14:31 . 2006-03-27 11:09 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-12 00:54 . 2010-06-12 00:54 -------- d-----w- c:\program files\Sibelius Software
2010-06-09 01:33 . 2008-05-08 00:05 -------- d-----w- c:\program files\IGC
2010-06-08 04:31 . 2005-10-22 08:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 08:59 . 2010-05-28 08:59 503808 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\msvcp71.dll
2010-05-28 08:59 . 2010-05-28 08:59 499712 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\jmc.dll
2010-05-28 08:59 . 2010-05-28 08:59 348160 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\msvcr71.dll
2010-05-28 08:59 . 2010-05-28 08:59 12800 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4f9c21ab-n\decora-d3d.dll
2010-05-28 08:59 . 2010-05-28 08:59 61440 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4f9c21ab-n\decora-sse.dll
2010-05-27 05:40 . 2010-05-28 19:01 1277952 ----a-w- c:\windows\system32\IDriveEService.dll
2010-05-14 08:13 . 2006-08-20 10:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-14 07:09 . 2010-05-14 07:09 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-05-06 10:41 . 2004-09-08 13:05 916480 ----a-w- c:\windows\system32\wininet.dll
2008-05-27 22:53 . 2008-05-27 22:53 14290 ----a-w- c:\program files\settings.dat
2006-02-13 03:51 . 2006-02-13 03:51 692 -c--a-w- c:\program files\FreeSecurity.class
2006-02-13 03:51 . 2006-02-13 03:51 389 -c--a-w- c:\program files\FreeSecurity$1.class
2005-09-03 09:00 . 2005-09-03 09:00 5143 -c--a-w- c:\program files\LICENSE.txt
2005-07-12 02:51 . 2005-07-12 02:51 9576 -c--a-w- c:\program files\BrowserLauncher.class
2005-05-31 11:11 . 2005-10-22 08:03 11079 -c-ha-w- c:\program files\folder.htt
2005-03-30 09:49 . 2005-10-22 09:05 2048 -c--a-w- c:\program files\BRANDS.TPS
2005-03-30 09:49 . 2005-10-22 09:05 7168 -c--a-w- c:\program files\BREWS.TPS
2004-01-29 08:11 . 2004-01-29 08:11 2211840 ----a-w- c:\program files\SpaceSynthesizer.dll
2003-06-02 07:15 . 2005-10-22 09:05 32 -c--a-w- c:\program files\wallp.ini
2003-05-05 12:10 . 2005-10-22 09:05 1113600 ----a-w- c:\program files\brewlog.exe
2002-09-11 14:26 . 2007-05-31 05:51 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-11-24 21:05 . 2005-10-22 09:05 5611560 -c--a-w- c:\program files\system.pca
2001-11-24 20:50 . 2005-10-22 09:05 573472 -c--a-w- c:\program files\user.pca
2003-01-13 01:20 . 2008-12-06 08:21 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 06:00 . 2008-12-06 08:21 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2006-05-06 16:42 . 2006-11-22 11:24 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-08-08 15:11 . 2009-08-08 15:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 15:30 . 2009-08-08 15:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2006-08-22 12:18 . 2006-08-22 12:18 5 --sha-w- c:\windows\SYSTEM32\bdfafeec5_g.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-12-03 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2010-04-22 177608]
"Google Update"="c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-07 133104]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-01-30 135168]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-08 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"mdac_runonce"="c:\windows\SYSTEM32\RUNONCE.EX E" [2008-04-13 14336]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"LoadQM"="loadqm.exe" [2000-05-03 7536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2001-08-23 44032]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-17 632048]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"CnxTrApp"="c:\windows\NetComm\CnxTrApp.dll" [2003-07-18 247296]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-28 788880]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Pw\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2010-5-29 292296]
PopTray.exe.lnk - c:\program files\PopTray\PopTray.exe [2009-12-3 979968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE [2002-7-19 38976]
HotSync Manager (2).lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\profile\0PFDNNT c:\program files\COMMON FILES\TOTEM SHARED\UNINSTALL0002\PROFILE\PROFILE.LSF\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\0PFDNNT c:\program files\COMMON FILES\TOTEM SHARED\UNINSTALL0001\PROFILE\PROFILE.LSF\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\0PFDNNT c:\program files\Common Files\Totem Shared\0PFDNNT c:\program files\Common Files\Totem Shared\Update\0PFDNNT c:\program files\Common Files\Totem Shared\0PFDNNT c:\windows\SYSTEM32\IPCCLIENT.DLL\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"LeechGet"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Games\\Descent3Demo\\main.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [21/02/2009 9:24 AM 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\SYSTEM32\DRIVERS\sfdrv01a.sys [5/07/2006 10:46 PM 63352]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [22/07/2006 4:17 PM 6097]
S0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboo t.sys [14/10/2009 4:04 PM 28544]
S1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [23/07/2010 5:57 PM 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [23/07/2010 5:57 PM 17744]
S2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [24/09/2009 11:29 PM 70144]
S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [20/02/2009 1:23 AM 16872]
S2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [29/05/2010 5:01 AM 148936]
S2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [29/05/2010 5:01 AM 267720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 9:17 PM 1181328]
S2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
S2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
S2 MSSQL$RWLIVE;MSSQL$RWLIVE;c:\progra~1\REALWO~1\Msd e\MSSQL$RWLIVE\Binn\sqlservr.exe -sRWLIVE --> c:\progra~1\REALWO~1\Msde\MSSQL$RWLIVE\Binn\sqlser vr.exe -sRWLIVE [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [28/07/2010 11:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [28/07/2010 11:05 AM 8456]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [22/07/2006 4:17 PM 299923]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
S3 SQLAgent$RWLIVE;SQLAgent$RWLIVE;c:\progra~1\REALWO ~1\Msde\MSSQL$RWLIVE\Binn\sqlagent.EXE -i RWLIVE --> c:\progra~1\REALWO~1\Msde\MSSQL$RWLIVE\Binn\sqlage nt.EXE -i RWLIVE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-05-01 23:08 7168 ----a-w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:40]

2010-07-30 c:\windows\Tasks\Ad-Aware.job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareCommand.exe [2009-10-01 03:46]

2010-07-27 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2009-10-22 18:32]

2010-07-29 c:\windows\Tasks\defrag monthly.job
- c:\windows\SYSTEM32\defrag.exe [2004-09-08 19:42]

2010-08-01 c:\windows\Tasks\dfrgntfs- tri weekly.job
- c:\windows\SYSTEM32\defrag.exe [2004-09-08 19:42]

2010-07-31 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2004-09-08 19:42]

2010-07-27 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2010-08-02 05:39]

2010-07-23 c:\windows\Tasks\Maxtor MaxBlast.job
- c:\progra~1\Maxtor\MaxBlast\MaxBlast.exe [2008-06-27 07:45]

2010-08-03 c:\windows\Tasks\User_Feed_Synchronization-{76F70D15-FDCF-4219-BADA-73DD83C657B9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.tpg.com.au:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE: &Yahoo! Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Pw\Application Data\Mozilla\Firefox\Profiles\1omdnr9t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
Notify-WgaLogon - (no file)
AddRemove-OWLDINO12DeinstKey - c:\nodtron\OWLDINO\DeIsL1.isu

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-03 13:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F oxtel]
"ImagePath"="\"c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahiobpkekpjlinoci"=hex:6b,61,69,70,64,70,70,6b,6 a,70,6c,6c,66,66,67,63,68,68,
66,6e,66,70,00,00
"hanjepphepclmfbe"=hex:6b,61,69,70,64,70,70,6b,6a, 70,6c,6c,66,66,67,63,68,68,
66,6e,66,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\l3codeca.acm
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\mvoice.vwp
c:\windows\system32\sirenacm.dll
c:\windows\system32\scg726.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-03 13:54:36
ComboFix-quarantined-files.txt 2010-08-03 03:54

Pre-Run: 36,001,208,320 bytes free
Post-Run: 35,964,411,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1B447DBE75AA47A9762169B85200B192

**broni** · 03-08-2010

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

DDS::
uInternet Settings,ProxyServer = proxy.tpg.com.au:80

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-

RegNull::
[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**Mister** · 03-08-2010

still running in safe mode.

Done and log below.
Thank you.

ComboFix 10-08-02.01 - Pw 03/08/2010 13:46:27.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1132 [GMT 10:00]
Running from: c:\documents and settings\Pw\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pw\Application Data\9f09628a.exe
c:\documents and settings\Pw\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Pw\System
c:\documents and settings\Pw\System\win_qs8.jqx
c:\program files\INSTALL.LOG
c:\windows\start.exe
c:\windows\system32\dzgtactx.dll
c:\windows\system32\ernel32.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\twain.dll
c:\windows\system32\zip32.dll
c:\windows\Web\default.htt
c:\windows\WINDOWS
c:\windows\WINDOWS\OLAGNT32.INI

.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-02 07:03 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 07:03 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 00:39 . 2010-08-01 00:39 -------- d-----w- c:\documents and settings\Pw\DoctorWeb
2010-08-01 00:34 . 2010-08-01 00:34 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\ppctl.dll
2010-08-01 00:34 . 2010-08-01 00:34 552070 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\ppclean.exe
2010-08-01 00:34 . 2010-08-01 00:34 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\caAspyScan.dll
2010-08-01 00:32 . 2010-08-01 00:32 337192 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\arclib.dll
2010-08-01 00:32 . 2010-08-01 00:32 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\CAAVScan.dll
2010-08-01 00:32 . 2010-08-01 00:32 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\vete.dll
2010-07-31 05:23 . 2010-07-30 13:52 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-31 05:23 . 2010-07-31 05:23 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-07-31 05:23 . 2010-07-31 09:49 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-31 05:18 . 2010-07-31 05:18 147968 --sha-r- c:\windows\system32\defragh.dll
2010-07-29 11:41 . 2010-07-29 11:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-29 11:40 . 2010-07-29 11:40 -------- d-----w- c:\program files\Auslogics
2010-07-28 01:05 . 2010-06-27 06:49 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-28 01:05 . 2010-05-11 06:29 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-28 01:05 . 2010-05-11 06:29 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-28 01:05 . 2010-05-11 06:29 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-28 01:05 . 2010-05-11 06:29 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-07-28 01:05 . 2010-07-28 01:05 -------- d-----w- c:\program files\EASEUS
2010-07-25 13:17 . 2010-07-25 13:17 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-07-25 13:17 . 2010-07-25 13:17 22 --sha-w- c:\documents and settings\Pw\Application Data\Sys6925.Config Collection.sys
2010-07-25 13:16 . 2010-07-25 13:16 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-07-25 12:54 . 2010-07-25 12:54 -------- d-----w- c:\documents and settings\Pw\Application Data\Philipp Winterberg
2010-07-25 12:54 . 2010-07-25 12:54 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-07-25 08:42 . 2008-04-13 19:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-25 08:42 . 2001-08-17 12:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-25 08:42 . 2008-04-13 19:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-25 08:42 . 2001-08-17 12:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-25 08:42 . 2001-08-17 12:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-25 08:41 . 2001-08-17 12:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-25 08:41 . 2001-08-17 02:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-25 08:41 . 2008-04-13 12:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-25 08:41 . 2008-04-13 12:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-07-25 08:41 . 2008-04-13 19:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-07-25 08:39 . 2001-08-17 03:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-07-25 08:38 . 2001-08-17 12:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-07-25 08:37 . 2001-08-17 03:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-07-25 08:37 . 2001-08-17 12:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-07-25 08:37 . 2001-08-17 04:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-07-25 08:37 . 2001-08-17 03:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-07-25 08:37 . 2001-08-17 02:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-07-25 08:37 . 2001-08-17 12:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-07-25 08:37 . 2001-08-17 02:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-07-25 08:37 . 2008-04-13 14:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-07-25 08:37 . 2001-08-17 03:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-07-25 08:37 . 2001-08-17 03:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-07-25 07:34 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-07-25 07:33 . 2001-08-17 03:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-07-25 07:32 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-07-25 07:31 . 2008-04-13 14:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-07-25 07:30 . 2008-04-13 12:09 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-07-25 07:29 . 2001-08-17 03:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-07-25 07:28 . 2008-04-13 14:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-25 07:27 . 2001-08-17 12:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-07-25 07:26 . 2001-08-17 02:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2010-07-25 07:25 . 2001-08-17 12:36 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2010-07-25 07:24 . 2001-08-17 04:56 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2010-07-25 07:23 . 2001-08-17 03:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-07-25 07:22 . 2004-09-08 13:05 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-07-25 07:21 . 2001-08-17 03:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-07-25 07:21 . 2008-04-13 12:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-07-25 07:21 . 2001-08-17 03:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2010-07-25 07:21 . 2001-08-17 02:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2010-07-25 07:21 . 2001-08-17 03:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2010-07-25 07:21 . 2001-08-17 03:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-07-25 07:21 . 2001-08-17 04:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2010-07-25 07:21 . 2001-08-17 02:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-07-25 07:21 . 2001-08-17 04:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-07-25 07:21 . 2001-08-17 03:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-07-25 07:10 . 2001-08-17 04:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-07-25 07:10 . 2001-08-17 02:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-07-25 07:10 . 2008-04-13 12:06 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2010-07-25 07:10 . 2001-08-17 02:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2010-07-25 07:10 . 2001-08-17 02:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-07-25 07:10 . 2001-08-17 02:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-07-25 07:10 . 2001-08-17 02:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2010-07-25 07:10 . 2001-08-17 03:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2010-07-23 07:57 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-23 07:57 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-23 07:57 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-23 07:57 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-23 07:57 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-23 07:57 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-23 07:57 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-23 07:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-23 07:56 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-23 03:38 . 2010-07-23 03:38 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-03 01:36 . 2009-06-19 14:28 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-08-03 01:36 . 2009-06-19 14:28 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-08-03 01:34 . 2008-11-18 13:09 -------- d-----w- c:\documents and settings\Pw\Application Data\Free Download Manager
2010-08-03 01:25 . 2010-02-25 11:35 -------- d-----w- c:\program files\IDrive
2010-08-02 09:43 . 2008-08-26 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 00:23 . 2006-04-26 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-30 13:52 . 2008-04-02 13:07 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-07-30 13:51 . 2008-04-02 13:06 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-30 13:51 . 2009-03-11 02:49 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-07-30 13:51 . 2008-04-02 13:05 -------- d-----w- c:\program files\Common Files\Maxtor
2010-07-30 00:57 . 2010-05-05 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-07-29 08:22 . 2009-10-11 06:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-29 08:22 . 2009-10-11 06:47 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-27 07:26 . 2007-04-20 02:33 -------- d-----w- c:\program files\RealWorksLive
2010-07-26 07:41 . 2007-10-09 09:36 -------- d-----w- c:\documents and settings\Pw\Application Data\Sites
2010-07-26 07:41 . 2007-10-09 09:36 -------- d-----w- c:\documents and settings\Pw\Application Data\SiteClasses
2010-07-25 13:19 . 2005-10-22 09:19 -------- d-----w- c:\program files\Yahoo!
2010-07-23 07:56 . 2010-07-02 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-23 07:20 . 2009-10-23 02:39 -------- d-----w- c:\program files\Software Informer
2010-07-23 03:29 . 2010-07-23 06:29 205428 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professio nal_32_1033.dat
2010-07-06 06:59 . 2010-04-11 09:12 439816 ----a-w- c:\documents and settings\Pw\Application Data\Real\Update\setup3.10\setup.exe
2010-07-06 06:28 . 2006-08-22 09:46 -------- d-----w- c:\program files\Alwil Software
2010-06-18 03:57 . 2006-03-27 11:14 -------- d-----w- c:\documents and settings\Pw\Application Data\Canon
2010-06-15 07:10 . 2006-04-04 07:30 -------- d-----w- c:\program files\QuickTime
2010-06-14 14:31 . 2006-03-27 11:09 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-12 00:54 . 2010-06-12 00:54 -------- d-----w- c:\program files\Sibelius Software
2010-06-09 01:33 . 2008-05-08 00:05 -------- d-----w- c:\program files\IGC
2010-06-08 04:31 . 2005-10-22 08:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 08:59 . 2010-05-28 08:59 503808 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\msvcp71.dll
2010-05-28 08:59 . 2010-05-28 08:59 499712 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\jmc.dll
2010-05-28 08:59 . 2010-05-28 08:59 348160 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\msvcr71.dll
2010-05-28 08:59 . 2010-05-28 08:59 12800 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4f9c21ab-n\decora-d3d.dll
2010-05-28 08:59 . 2010-05-28 08:59 61440 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4f9c21ab-n\decora-sse.dll
2010-05-27 05:40 . 2010-05-28 19:01 1277952 ----a-w- c:\windows\system32\IDriveEService.dll
2010-05-14 08:13 . 2006-08-20 10:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-14 07:09 . 2010-05-14 07:09 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-05-06 10:41 . 2004-09-08 13:05 916480 ----a-w- c:\windows\system32\wininet.dll
2008-05-27 22:53 . 2008-05-27 22:53 14290 ----a-w- c:\program files\settings.dat
2006-02-13 03:51 . 2006-02-13 03:51 692 -c--a-w- c:\program files\FreeSecurity.class
2006-02-13 03:51 . 2006-02-13 03:51 389 -c--a-w- c:\program files\FreeSecurity$1.class
2005-09-03 09:00 . 2005-09-03 09:00 5143 -c--a-w- c:\program files\LICENSE.txt
2005-07-12 02:51 . 2005-07-12 02:51 9576 -c--a-w- c:\program files\BrowserLauncher.class
2005-05-31 11:11 . 2005-10-22 08:03 11079 -c-ha-w- c:\program files\folder.htt
2005-03-30 09:49 . 2005-10-22 09:05 2048 -c--a-w- c:\program files\BRANDS.TPS
2005-03-30 09:49 . 2005-10-22 09:05 7168 -c--a-w- c:\program files\BREWS.TPS
2004-01-29 08:11 . 2004-01-29 08:11 2211840 ----a-w- c:\program files\SpaceSynthesizer.dll
2003-06-02 07:15 . 2005-10-22 09:05 32 -c--a-w- c:\program files\wallp.ini
2003-05-05 12:10 . 2005-10-22 09:05 1113600 ----a-w- c:\program files\brewlog.exe
2002-09-11 14:26 . 2007-05-31 05:51 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-11-24 21:05 . 2005-10-22 09:05 5611560 -c--a-w- c:\program files\system.pca
2001-11-24 20:50 . 2005-10-22 09:05 573472 -c--a-w- c:\program files\user.pca
2003-01-13 01:20 . 2008-12-06 08:21 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 06:00 . 2008-12-06 08:21 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2006-05-06 16:42 . 2006-11-22 11:24 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-08-08 15:11 . 2009-08-08 15:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 15:30 . 2009-08-08 15:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2006-08-22 12:18 . 2006-08-22 12:18 5 --sha-w- c:\windows\SYSTEM32\bdfafeec5_g.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-12-03 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2010-04-22 177608]
"Google Update"="c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-07 133104]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-01-30 135168]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-08 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"mdac_runonce"="c:\windows\SYSTEM32\RUNONCE.EX E" [2008-04-13 14336]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"LoadQM"="loadqm.exe" [2000-05-03 7536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2001-08-23 44032]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-17 632048]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"CnxTrApp"="c:\windows\NetComm\CnxTrApp.dll" [2003-07-18 247296]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-28 788880]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Pw\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2010-5-29 292296]
PopTray.exe.lnk - c:\program files\PopTray\PopTray.exe [2009-12-3 979968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE [2002-7-19 38976]
HotSync Manager (2).lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\profile\0PFDNNT c:\program files\COMMON FILES\TOTEM SHARED\UNINSTALL0002\PROFILE\PROFILE.LSF\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\0PFDNNT c:\program files\COMMON FILES\TOTEM SHARED\UNINSTALL0001\PROFILE\PROFILE.LSF\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\0PFDNNT c:\program files\Common Files\Totem Shared\0PFDNNT c:\program files\Common Files\Totem Shared\Update\0PFDNNT c:\program files\Common Files\Totem Shared\0PFDNNT c:\windows\SYSTEM32\IPCCLIENT.DLL\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"LeechGet"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Games\\Descent3Demo\\main.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [21/02/2009 9:24 AM 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\SYSTEM32\DRIVERS\sfdrv01a.sys [5/07/2006 10:46 PM 63352]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [22/07/2006 4:17 PM 6097]
S0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboo t.sys [14/10/2009 4:04 PM 28544]
S1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [23/07/2010 5:57 PM 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [23/07/2010 5:57 PM 17744]
S2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [24/09/2009 11:29 PM 70144]
S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [20/02/2009 1:23 AM 16872]
S2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [29/05/2010 5:01 AM 148936]
S2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [29/05/2010 5:01 AM 267720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 9:17 PM 1181328]
S2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
S2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
S2 MSSQL$RWLIVE;MSSQL$RWLIVE;c:\progra~1\REALWO~1\Msd e\MSSQL$RWLIVE\Binn\sqlservr.exe -sRWLIVE --> c:\progra~1\REALWO~1\Msde\MSSQL$RWLIVE\Binn\sqlser vr.exe -sRWLIVE [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [28/07/2010 11:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [28/07/2010 11:05 AM 8456]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [22/07/2006 4:17 PM 299923]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
S3 SQLAgent$RWLIVE;SQLAgent$RWLIVE;c:\progra~1\REALWO ~1\Msde\MSSQL$RWLIVE\Binn\sqlagent.EXE -i RWLIVE --> c:\progra~1\REALWO~1\Msde\MSSQL$RWLIVE\Binn\sqlage nt.EXE -i RWLIVE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-05-01 23:08 7168 ----a-w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:40]

2010-07-30 c:\windows\Tasks\Ad-Aware.job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareCommand.exe [2009-10-01 03:46]

2010-07-27 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2009-10-22 18:32]

2010-07-29 c:\windows\Tasks\defrag monthly.job
- c:\windows\SYSTEM32\defrag.exe [2004-09-08 19:42]

2010-08-01 c:\windows\Tasks\dfrgntfs- tri weekly.job
- c:\windows\SYSTEM32\defrag.exe [2004-09-08 19:42]

2010-07-31 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2004-09-08 19:42]

2010-07-27 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2010-08-02 05:39]

2010-07-23 c:\windows\Tasks\Maxtor*MaxBlast.job
- c:\progra~1\Maxtor\MaxBlast\MaxBlast.exe [2008-06-27 07:45]

2010-08-03 c:\windows\Tasks\User_Feed_Synchronization-{76F70D15-FDCF-4219-BADA-73DD83C657B9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy.tpg.com.au:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE: &Yahoo! Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Pw\Application Data\Mozilla\Firefox\Profiles\1omdnr9t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
Notify-WgaLogon - (no file)
AddRemove-OWLDINO12DeinstKey - c:\nodtron\OWLDINO\DeIsL1.isu

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-03 13:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F oxtel]
"ImagePath"="\"c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahiobpkekpjlinoci"=hex:6b,61,69,70,64,70,70,6b,6 a,70,6c,6c,66,66,67,63,68,68,
66,6e,66,70,00,00
"hanjepphepclmfbe"=hex:6b,61,69,70,64,70,70,6b,6a, 70,6c,6c,66,66,67,63,68,68,
66,6e,66,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\l3codeca.acm
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\mvoice.vwp
c:\windows\system32\sirenacm.dll
c:\windows\system32\scg726.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-03 13:54:36
ComboFix-quarantined-files.txt 2010-08-03 03:54

Pre-Run: 36,001,208,320 bytes free
Post-Run: 35,964,411,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1B447DBE75AA47A9762169B85200B192

**broni** · 05-08-2010

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-

RegNull::
[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**Mister** · 05-08-2010

Hi Broni, nice to hear from you again, and thank you again kindly for your help.

I've done as requested, however ......

I should mention that during the meantime ( and I know it's the wrong thing perhaps) Ive run some other anti- malware apps, spyboy,malwarebytes and superantispyware. Its come up with some "finds" (rogue clnav4, gen.krpytik and gen.pennystockchaser) and Ive repaired / deleted as requested by the program. Sorry if this was bad to do, but I suppose Im really hanging to get this puter back and running again ASAP - my impatience - sorry.

Log to follow

ComboFix 10-08-02.03 - Pw 05/08/2010 14:23:52.5.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1132 [GMT 10:00]
Running from: c:\documents and settings\Pw\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pw\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-04 13:37 . 2010-08-04 23:08 63488 ----a-w- c:\documents and settings\Pw\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-08-04 13:37 . 2010-08-04 13:37 52224 ----a-w- c:\documents and settings\Pw\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-08-04 13:37 . 2010-08-04 23:08 117760 ----a-w- c:\documents and settings\Pw\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-08-04 13:36 . 2010-08-04 13:36 -------- d-----w- c:\documents and settings\Pw\Application Data\SUPERAntiSpyware.com
2010-08-04 13:36 . 2010-08-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-04 13:36 . 2010-08-04 13:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 12:33 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-02 07:03 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-02 07:03 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 00:39 . 2010-08-01 00:39 -------- d-----w- c:\documents and settings\Pw\DoctorWeb
2010-08-01 00:34 . 2010-08-01 00:34 820464 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\ppctl.dll
2010-08-01 00:34 . 2010-08-01 00:34 552070 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\ppclean.exe
2010-08-01 00:34 . 2010-08-01 00:34 177392 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\PP\caAspyScan.dll
2010-08-01 00:32 . 2010-08-01 00:32 337192 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\arclib.dll
2010-08-01 00:32 . 2010-08-01 00:32 247024 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\CAAVScan.dll
2010-08-01 00:32 . 2010-08-01 00:32 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\WebScanner\05980d85-9b6c-471e-b400-156306246add\AV\vete.dll
2010-07-31 05:23 . 2010-07-30 13:52 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-31 05:23 . 2010-07-31 05:23 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-07-31 05:23 . 2010-07-31 09:49 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-31 05:18 . 2010-07-31 05:18 147968 --sha-r- c:\windows\system32\defragh.dll
2010-07-29 11:41 . 2010-07-29 11:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-29 11:40 . 2010-07-29 11:40 -------- d-----w- c:\program files\Auslogics
2010-07-28 01:05 . 2010-06-27 06:49 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-28 01:05 . 2010-05-11 06:29 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-28 01:05 . 2010-05-11 06:29 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-28 01:05 . 2010-05-11 06:29 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-28 01:05 . 2010-05-11 06:29 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-07-28 01:05 . 2010-07-28 01:05 -------- d-----w- c:\program files\EASEUS
2010-07-25 13:17 . 2010-07-25 13:17 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-07-25 13:17 . 2010-07-25 13:17 22 --sha-w- c:\documents and settings\Pw\Application Data\Sys6925.Config Collection.sys
2010-07-25 13:16 . 2010-07-25 13:16 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-07-25 12:54 . 2010-07-25 12:54 -------- d-----w- c:\documents and settings\Pw\Application Data\Philipp Winterberg
2010-07-25 12:54 . 2010-07-25 12:54 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-07-25 08:42 . 2008-04-13 19:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-25 08:42 . 2001-08-17 12:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-25 08:42 . 2008-04-13 19:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-25 08:42 . 2001-08-17 12:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-25 08:42 . 2001-08-17 12:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-25 08:41 . 2001-08-17 12:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-25 08:41 . 2001-08-17 02:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-25 08:41 . 2008-04-13 12:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-25 08:41 . 2008-04-13 12:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-07-25 08:41 . 2008-04-13 19:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-07-25 08:39 . 2001-08-17 03:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-07-25 08:38 . 2001-08-17 12:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-07-25 08:37 . 2001-08-17 03:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-07-25 08:37 . 2001-08-17 12:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-07-25 08:37 . 2001-08-17 04:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-07-25 08:37 . 2001-08-17 03:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-07-25 08:37 . 2001-08-17 02:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-07-25 08:37 . 2001-08-17 12:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-07-25 08:37 . 2001-08-17 02:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-07-25 08:37 . 2008-04-13 14:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-07-25 08:37 . 2001-08-17 03:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-07-25 08:37 . 2001-08-17 03:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-07-25 07:34 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-07-25 07:33 . 2001-08-17 03:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-07-25 07:32 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-07-25 07:31 . 2008-04-13 14:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-07-25 07:30 . 2008-04-13 12:09 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-07-25 07:29 . 2001-08-17 03:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-07-25 07:28 . 2008-04-13 14:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-25 07:27 . 2001-08-17 12:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-07-25 07:26 . 2001-08-17 02:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2010-07-25 07:25 . 2001-08-17 12:36 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2010-07-25 07:24 . 2001-08-17 04:56 91264 -c--a-w- c:\windows\system32\dllcache\cirrus.dll
2010-07-25 07:23 . 2001-08-17 03:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-07-25 07:22 . 2004-09-08 13:05 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-07-25 07:21 . 2001-08-17 03:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-07-25 07:21 . 2008-04-13 12:05 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-07-25 07:21 . 2001-08-17 03:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2010-07-25 07:21 . 2001-08-17 02:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2010-07-25 07:21 . 2001-08-17 03:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2010-07-25 07:21 . 2001-08-17 03:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-07-25 07:21 . 2001-08-17 04:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2010-07-25 07:21 . 2001-08-17 02:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-07-25 07:21 . 2001-08-17 04:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-07-25 07:21 . 2001-08-17 03:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-07-25 07:10 . 2001-08-17 04:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-07-25 07:10 . 2001-08-17 02:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-07-25 07:10 . 2008-04-13 12:06 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2010-07-25 07:10 . 2001-08-17 02:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2010-07-25 07:10 . 2001-08-17 02:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-07-25 07:10 . 2001-08-17 02:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-07-25 07:10 . 2001-08-17 02:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2010-07-25 07:10 . 2001-08-17 03:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2010-07-23 07:57 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-23 07:57 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-23 07:57 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-23 07:57 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-23 07:57 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-23 07:57 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-23 07:57 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-23 07:56 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-23 07:56 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-23 03:38 . 2010-07-23 03:38 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-05 04:18 . 2009-06-19 14:28 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-08-05 04:18 . 2009-06-19 14:28 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-08-05 04:16 . 2008-11-18 13:09 -------- d-----w- c:\documents and settings\Pw\Application Data\Free Download Manager
2010-08-05 04:16 . 2007-10-04 06:07 -------- d-----w- c:\program files\Express Thumbnail Creator
2010-08-05 04:16 . 2005-10-22 09:16 -------- d-----w- c:\program files\DVD Copy Express
2010-08-05 02:05 . 2010-02-25 11:35 -------- d-----w- c:\program files\IDrive
2010-08-04 13:15 . 2006-04-26 12:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-04 13:13 . 2006-04-26 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-04 11:26 . 2006-08-20 10:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 09:43 . 2008-08-26 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 13:52 . 2008-04-02 13:07 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-07-30 13:51 . 2008-04-02 13:06 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-30 13:51 . 2009-03-11 02:49 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-07-30 13:51 . 2008-04-02 13:05 -------- d-----w- c:\program files\Common Files\Maxtor
2010-07-30 00:57 . 2010-05-05 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-07-29 08:22 . 2009-10-11 06:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-29 08:22 . 2009-10-11 06:47 -------- d-----w- c:\program files\IKEA HomePlanner
2010-07-27 07:26 . 2007-04-20 02:33 -------- d-----w- c:\program files\RealWorksLive
2010-07-26 07:41 . 2007-10-09 09:36 -------- d-----w- c:\documents and settings\Pw\Application Data\Sites
2010-07-26 07:41 . 2007-10-09 09:36 -------- d-----w- c:\documents and settings\Pw\Application Data\SiteClasses
2010-07-25 13:19 . 2005-10-22 09:19 -------- d-----w- c:\program files\Yahoo!
2010-07-23 07:56 . 2010-07-02 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-23 07:20 . 2009-10-23 02:39 -------- d-----w- c:\program files\Software Informer
2010-07-06 06:59 . 2010-04-11 09:12 439816 ----a-w- c:\documents and settings\Pw\Application Data\Real\Update\setup3.10\setup.exe
2010-07-06 06:28 . 2006-08-22 09:46 -------- d-----w- c:\program files\Alwil Software
2010-06-18 03:57 . 2006-03-27 11:14 -------- d-----w- c:\documents and settings\Pw\Application Data\Canon
2010-06-15 07:10 . 2006-04-04 07:30 -------- d-----w- c:\program files\QuickTime
2010-06-14 14:31 . 2006-03-27 11:09 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-12 00:54 . 2010-06-12 00:54 -------- d-----w- c:\program files\Sibelius Software
2010-06-09 01:33 . 2008-05-08 00:05 -------- d-----w- c:\program files\IGC
2010-06-08 04:31 . 2005-10-22 08:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 08:59 . 2010-05-28 08:59 503808 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\msvcp71.dll
2010-05-28 08:59 . 2010-05-28 08:59 499712 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\jmc.dll
2010-05-28 08:59 . 2010-05-28 08:59 348160 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-6b99429a-n\msvcr71.dll
2010-05-28 08:59 . 2010-05-28 08:59 12800 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4f9c21ab-n\decora-d3d.dll
2010-05-28 08:59 . 2010-05-28 08:59 61440 ----a-w- c:\documents and settings\Pw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4f9c21ab-n\decora-sse.dll
2010-05-27 05:40 . 2010-05-28 19:01 1277952 ----a-w- c:\windows\system32\IDriveEService.dll
2010-05-14 07:09 . 2010-05-14 07:09 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2008-05-27 22:53 . 2008-05-27 22:53 14290 ----a-w- c:\program files\settings.dat
2006-02-13 03:51 . 2006-02-13 03:51 692 -c--a-w- c:\program files\FreeSecurity.class
2006-02-13 03:51 . 2006-02-13 03:51 389 -c--a-w- c:\program files\FreeSecurity$1.class
2005-09-03 09:00 . 2005-09-03 09:00 5143 -c--a-w- c:\program files\LICENSE.txt
2005-07-12 02:51 . 2005-07-12 02:51 9576 -c--a-w- c:\program files\BrowserLauncher.class
2005-05-31 11:11 . 2005-10-22 08:03 11079 -c-ha-w- c:\program files\folder.htt
2005-03-30 09:49 . 2005-10-22 09:05 2048 -c--a-w- c:\program files\BRANDS.TPS
2005-03-30 09:49 . 2005-10-22 09:05 7168 -c--a-w- c:\program files\BREWS.TPS
2004-01-29 08:11 . 2004-01-29 08:11 2211840 ----a-w- c:\program files\SpaceSynthesizer.dll
2003-06-02 07:15 . 2005-10-22 09:05 32 -c--a-w- c:\program files\wallp.ini
2003-05-05 12:10 . 2005-10-22 09:05 1113600 ----a-w- c:\program files\brewlog.exe
2002-09-11 14:26 . 2007-05-31 05:51 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf
2001-11-24 21:05 . 2005-10-22 09:05 5611560 -c--a-w- c:\program files\system.pca
2001-11-24 20:50 . 2005-10-22 09:05 573472 -c--a-w- c:\program files\user.pca
2003-01-13 01:20 . 2008-12-06 08:21 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 06:00 . 2008-12-06 08:21 98304 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2006-05-06 16:42 . 2006-11-22 11:24 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-08-08 15:11 . 2009-08-08 15:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 15:30 . 2009-08-08 15:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2006-08-22 12:18 . 2006-08-22 12:18 5 --sha-w- c:\windows\SYSTEM32\bdfafeec5_g.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-03_03.51.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-02 07:27 . 2010-08-03 01:24 32768 c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-04 08:02 . 2010-08-05 02:09 32768 c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-27 11:23 . 2010-08-02 23:07 32768 c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-27 11:23 . 2010-08-05 02:09 32768 c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-10 14:27 . 2010-08-02 23:07 16384 c:\windows\SYSTEM32\config\systemprofile\IETldCach e\index.dat
+ 2009-07-10 14:27 . 2010-08-05 02:09 16384 c:\windows\SYSTEM32\config\systemprofile\IETldCach e\index.dat
- 2006-03-27 11:23 . 2010-08-03 01:24 16384 c:\windows\SYSTEM32\config\systemprofile\Cookies\i ndex.dat
+ 2010-08-04 05:40 . 2010-08-05 02:09 16384 c:\windows\SYSTEM32\config\systemprofile\Cookies\i ndex.dat
+ 2010-08-04 05:40 . 2010-08-05 04:21 81920 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-04 12:52 . 2010-08-04 12:52 294804 c:\windows\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
- 2010-08-01 00:31 . 2010-08-01 00:31 294804 c:\windows\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
+ 2004-09-08 13:05 . 2010-07-27 06:30 8462336 c:\windows\SYSTEM32\shell32.dll
+ 2004-09-08 13:05 . 2010-07-27 06:30 8462336 c:\windows\SYSTEM32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-12-03 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2010-04-22 177608]
"Google Update"="c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-07 133104]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-01-30 135168]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-08 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"mdac_runonce"="c:\windows\SYSTEM32\RUNONCE.EX E" [2008-04-13 14336]
"Maxtor Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2008-06-27 136472]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2008-06-27 1325800]
"LoadQM"="loadqm.exe" [2000-05-03 7536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2001-08-23 44032]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-17 632048]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"CnxTrApp"="c:\windows\NetComm\CnxTrApp.dll" [2003-07-18 247296]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86 \3\CAP3ONN.EXE" [2007-01-19 28288]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-28 788880]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2008-06-27 904776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Pw\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2010-5-29 292296]
PopTray.exe.lnk - c:\program files\PopTray\PopTray.exe [2009-12-3 979968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\SYSTEM32\spool\drivers\w32x86\3\CAP3LAK .EXE [2002-7-19 38976]
HotSync Manager (2).lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\profile\0PFDNNT c:\program files\COMMON FILES\TOTEM SHARED\UNINSTALL0002\PROFILE\PROFILE.LSF\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0002\0PFDNNT c:\program files\COMMON FILES\TOTEM SHARED\UNINSTALL0001\PROFILE\PROFILE.LSF\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\profile\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\0PFDNNT c:\program files\Common Files\Totem Shared\Uninstall0001\0PFDNNT c:\program files\Common Files\Totem Shared\0PFDNNT c:\program files\Common Files\Totem Shared\Update\0PFDNNT c:\program files\Common Files\Totem Shared\0PFDNNT c:\windows\SYSTEM32\IPCCLIENT.DLL\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"LeechGet"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 freeware\\aceftp3free.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Games\\Descent3Demo\\main.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [21/02/2009 9:24 AM 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\SYSTEM32\DRIVERS\sfdrv01a.sys [5/07/2006 10:46 PM 63352]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [22/07/2006 4:17 PM 6097]
S0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboo t.sys [14/10/2009 4:04 PM 28544]
S1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [23/07/2010 5:57 PM 165456]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswF sBlk.sys [23/07/2010 5:57 PM 17744]
S2 Foxtel;Foxtel Download Manager;c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [24/09/2009 11:29 PM 70144]
S2 gupdate1c98da1135dd59c;Google Update Service (gupdate1c98da1135dd59c);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 4:05 PM 133104]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [20/02/2009 1:23 AM 16872]
S2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [29/05/2010 5:01 AM 148936]
S2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [29/05/2010 5:01 AM 267720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 9:17 PM 1181328]
S2 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
S2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
S2 MSSQL$RWLIVE;MSSQL$RWLIVE;c:\progra~1\REALWO~1\Msd e\MSSQL$RWLIVE\Binn\sqlservr.exe -sRWLIVE --> c:\progra~1\REALWO~1\Msde\MSSQL$RWLIVE\Binn\sqlser vr.exe -sRWLIVE [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [27/06/2008 5:03 PM 431384]
S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [28/07/2010 11:05 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [28/07/2010 11:05 AM 8456]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [22/07/2006 4:17 PM 299923]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
S3 SQLAgent$RWLIVE;SQLAgent$RWLIVE;c:\progra~1\REALWO ~1\Msde\MSSQL$RWLIVE\Binn\sqlagent.EXE -i RWLIVE --> c:\progra~1\REALWO~1\Msde\MSSQL$RWLIVE\Binn\sqlage nt.EXE -i RWLIVE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-13 19:42 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2003-05-01 23:08 7168 ----a-w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:40]

2010-08-03 c:\windows\Tasks\CCleaner.job
- c:\progra~1\CCleaner\CCleaner.exe [2009-10-22 18:32]

2010-08-03 c:\windows\Tasks\defrag monthly.job
- c:\windows\SYSTEM32\defrag.exe [2004-09-08 19:42]

2010-08-03 c:\windows\Tasks\dfrgntfs- tri weekly.job
- c:\windows\SYSTEM32\defrag.exe [2004-09-08 19:42]

2010-07-31 c:\windows\Tasks\Maintenance-Disk cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2004-09-08 19:42]

2010-08-03 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2010-08-02 05:39]

2010-07-23 c:\windows\Tasks\Maxtor*MaxBlast.job
- c:\progra~1\Maxtor\MaxBlast\MaxBlast.exe [2008-06-27 07:45]

2010-08-05 c:\windows\Tasks\User_Feed_Synchronization-{76F70D15-FDCF-4219-BADA-73DD83C657B9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE: &Yahoo! Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - Welcome to Windows Live
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?80cab6f4468f4fd5b062c28282d447ed
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?80cab6f4468f4fd5b062c28282d447ed
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
DPF: DirectAnimation Java Classes
DPF: Internet Explorer Classes for Java
DPF: Microsoft XML Parser for Java
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Pw\Application Data\Mozilla\Firefox\Profiles\1omdnr9t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Pw\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-05 14:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F oxtel]
"ImagePath"="\"c:\program files\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\{64EC29B4-1159-FAA0-C48C-8BA29C2BC31D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahiobpkekpjlinoci"=hex:6b,61,69,70,64,70,70,6b,6 a,70,6c,6c,66,66,67,63,68,68,
66,6e,66,70,00,00
"hanjepphepclmfbe"=hex:6b,61,69,70,64,70,70,6b,6a, 70,6c,6c,66,66,67,63,68,68,
66,6e,66,70,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\mvoice.vwp
c:\windows\system32\sirenacm.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\scg726.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1752)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL

- - - - - - - > 'Explorer.exe'(912)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-05 14:35:16
ComboFix-quarantined-files.txt 2010-08-05 04:35
ComboFix2.txt 2010-08-03 07:51
ComboFix3.txt 2010-08-03 06:32
ComboFix4.txt 2010-08-03 06:19
ComboFix5.txt 2010-08-05 04:23

Pre-Run: 36,345,753,600 bytes free
Post-Run: 36,323,655,168 bytes free

- - End Of File - - 98956729D406703D8932AA4A0F13D8C3

cleaning help please....

cleaning help please....

Similar Threads

cleaning pc

cleaning pc

cleaning reg

Cleaning

Cleaning