PWS.LDPinchIE and Smitfraud-C.CoreService (Solved)

[cgtill]

Actually, you can ignore Windows Firewall (most malware does)
It doesn't do very much anyway.

Sounds like a useful program

ComboFix 08-12-07.01 - Cris 2008-12-08 13:04:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1342 [GMT -8:00]
Running from: c:\users\Cris\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\users\Cris\AppData\Roaming\IUpd721
c:\users\Cris\AppData\Roaming\IUpd721\Logs\scns.log
c:\windows\system32\bin
c:\windows\system32\bxeebyksrvlaifiia.dll
c:\windows\system32\dv
c:\windows\system32\dv\BPI7C44.exe
c:\windows\system32\ki3
c:\windows\system32\TDSSdxdfilbj.dat
c:\windows\system32\uv9
c:\windows\system32\VC
c:\windows\Tasks\wvigwcbx.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\users\Cris\AppData\Roaming\Malwarebytes
2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 16:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 16:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 09:30 . 2008-12-07 09:30 <DIR> d-------- C:\rsit
2008-12-03 16:06 . 2008-12-03 16:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 13:27 . 2008-12-08 13:04 <DIR> d-------- C:\Temp
2008-12-03 13:27 . 2008-12-03 13:49 47,598 --a------ c:\windows\System32\jvpjvecdjdzk.exe
2008-12-03 13:19 . 2008-12-03 13:49 2 --a------ C:\-1093278649
2008-12-02 22:10 . 2008-12-02 22:10 <DIR> d-------- c:\program files\Roleplaying City Map Generator
2008-11-25 11:07 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 11:07 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 11:07 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 11:07 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 11:07 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-14 17:07 . 2008-11-14 17:07 <DIR> d-------- c:\program files\Real
2008-11-14 17:07 . 2008-11-14 17:07 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-14 17:07 . 2008-11-14 17:07 <DIR> d-------- c:\program files\Common Files\Real
2008-11-12 10:18 . 2008-09-09 19:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 10:18 . 2008-09-04 21:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:18 . 2008-08-26 17:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 15:54 . 2008-11-19 21:57 <DIR> d-a------ c:\users\All Users\TEMP
2008-11-10 15:54 . 2008-11-19 21:57 <DIR> d-a------ c:\programdata\TEMP
2008-11-10 15:54 . 2008-11-19 21:26 <DIR> d-------- C:\Fraps
2008-11-09 13:54 . 2008-11-09 13:54 <DIR> d-------- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:09 --------- d-----w c:\program files\Steam
2008-12-05 00:52 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-03 21:56 --------- d-----w c:\program files\Common Files\Steam
2008-12-03 21:32 --------- d-----w c:\users\Cris\AppData\Roaming\foobar2000
2008-11-28 19:00 --------- d-----w c:\users\Cris\AppData\Roaming\OpenOffice.org2
2008-11-11 15:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 21:56 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-09 21:55 --------- d-----w c:\users\Cris\AppData\Roaming\SystemRequirementsLab
2008-11-09 03:43 --------- d-----w c:\programdata\NVIDIA
2008-11-04 11:02 --------- d-----w c:\program files\Microsoft Works
2008-10-28 20:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 20:30 --------- d-----w c:\program files\Bethesda Softworks
2008-10-28 02:13 --------- d-----w c:\users\Cris\AppData\Roaming\FLV Extract
2008-10-27 23:08 --------- d-----w c:\programdata\Ironclad Games
2008-10-26 19:57 --------- d--h--w c:\programdata\{9ECEFAAC-75E3-4CC9-864C-D1071F1F0CDF}
2008-10-26 19:57 --------- d-----w c:\programdata\Stardock
2008-10-26 19:56 --------- d-----w c:\program files\Stardock Games
2008-10-25 20:06 --------- d-----w c:\users\Cris\AppData\Roaming\Stardock
2008-10-25 20:02 --------- dc-h--w c:\programdata\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-10-25 20:02 --------- d-----w c:\program files\Stardock
2008-10-17 14:58 --------- d-----w c:\program files\Democracy2 Demo
2008-10-15 10:09 --------- d-----w c:\program files\Windows Mail
2008-10-12 20:39 --------- d-----w c:\program files\foobar2000
2008-10-08 23:32 --------- d-----w c:\users\Cris\AppData\Roaming\vlc
2008-09-15 21:50 174 --sha-w c:\program files\desktop.ini
2008-08-12 21:24 24 ----a-w c:\users\Cris\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-11 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"ImpulseFastStart"="c:\program files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-12-05 22696]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-25 1862144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-07 c:\windows\sttray.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-18 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-05-25 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL,c:\windows\system32\parodupa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EAA8B186-14F3-49C9-9525-6BBB377B9E48}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8F303A0E-9AFE-43C6-B476-E5BD6115A558}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{40F7A7D2-B333-499C-86AA-5320620746E5}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{0AFDDCC7-C1C8-4D67-84EB-8D4CA39BBF17}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{62F371D7-0A43-4A58-B379-8DCA34744B24}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0998027B-BD7E-4632-BC7A-0B56482464CB}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{CAE2EFD5-205D-44FE-B0B1-5ABAF771B8F3}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{AB89EE7D-A5BB-4D37-A992-CA4D0A336177}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"TCP Query User{5A09396B-116B-49E2-A60D-6A2C754A216F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C757CED2-6AA3-4002-A604-1EEA64F5A545}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B6FF903D-B3E8-4947-B3DF-FC67279D5A52}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{DFE1BF3E-7CA1-44C4-9C76-0CFA871774D8}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{A48A2993-78DF-4588-8DED-D62D7E6BDC4A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{23DB7C6E-A0DD-402C-B378-6B2C27CCFE2F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{38838DDC-5981-48BA-A2AB-644D91FA5363}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{48996FC4-0F5A-4319-9E7D-389F318F37A2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6AF2403B-E8B6-4454-94B8-C2DB519F333C}"= UDP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"{1413D8D0-D391-46F8-8EEF-C5B050DB0ECC}"= TCP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"TCP Query User{2982FA6F-11EE-4042-B68C-80B731064704}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient.exe
"UDP Query User{507E8BF9-6B3E-4E9A-8434-869901C3D162}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient.exe
"TCP Query User{8FE9BA3B-51E6-4619-9ADB-B632D8AAE10F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{35C39879-F515-4B7F-9DBC-BE392BA88608}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7D38E5C6-1829-4FC0-96AD-92B25786AF7C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{238ED877-003B-442E-B4CE-21F0528BD1A6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{0016E537-AED3-45E7-8E58-86E80B908938}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:Last.fm
"UDP Query User{74D51921-D372-46DC-A889-B60C1EF527DE}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:Last.fm
"{D820CC63-9609-44BD-B1F9-9E68A7B8E150}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{E92BBCDC-6C9D-47BE-A397-BF5350F42854}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{8AC027DE-2E82-4F14-B668-08B5FBF80D44}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{AFD57EFB-CA89-4497-B60D-E55967CE274D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{A182450F-5C9E-410A-9D9B-88215DAD106A}c:\\neverwinternights\\nwn\\nwmain.exe"= UDP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{C9BFF035-0F01-48CB-B2C8-138F30D73F08}c:\\neverwinternights\\nwn\\nwmain.exe"= TCP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"TCP Query User{E6686E3E-7EB4-4E31-89F2-AB051381F89A}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"UDP Query User{970145B4-07BB-45D4-A9A0-5AF266CFD158}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"{A5FB63F6-139D-4B3B-826D-2DC7FDCBA9B5}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{4CDBC202-10FD-4608-8DF8-37187900CE80}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{940E0D0F-ED56-4886-B29C-20C408AC4D66}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D8220FD7-0A3E-40C7-89D0-1FFD4F8DD205}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{93A9DA53-6DD3-47A3-BC6A-D60A4BD2B2C5}c:\\program files\\steam\\steamapps\\ctillery\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\ctillery\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{AB2F13D9-016D-4DCA-AD32-13A83095DAE7}c:\\program files\\steam\\steamapps\\ctillery\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\ctillery\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{480FE579-262A-4795-A099-0CB32ABFC4AC}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{1ABDA973-064F-46DF-8CF8-4DE81687354A}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{219C7EC4-45F9-4C46-94D0-B78A214B5DD8}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"UDP Query User{923DA9A3-6772-47B8-96B5-ACFA204A643D}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"TCP Query User{B65F92B3-6B1C-41D5-8B58-825385561E90}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{1C6BD907-D75E-40BA-9DCD-6C06A3AFE679}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{A547F004-2E5A-4DFF-B225-78B263866CC6}c:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{D22F0915-F782-4B57-9F91-0F464BAFA6EF}c:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"TCP Query User{B2CA3DE2-E12B-4965-9456-FCDCF7E94828}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{69669BAB-095C-4575-B3DD-3B2CD2756DE8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{1486C307-4711-4C19-B443-9617ABB88756}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{88E0A49B-184E-4F00-8550-A84BD67990DE}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{C482DC3A-50A2-4E2F-9198-36489DD14AFB}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{E3816F67-BC2E-4ADB-93AF-5C4FC319E6AF}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{97E8B0E4-8711-4C8B-9B1F-BC3DA87734D4}c:\\program files\\steam\\steamapps\\common\\dawn of war demo\\w40k.exe"= UDP:c:\program files\steam\steamapps\common\dawn of war demo\w40k.exe:W40K
"UDP Query User{DD913A0E-1738-469B-BDD3-A76C6017FAB7}c:\\program files\\steam\\steamapps\\common\\dawn of war demo\\w40k.exe"= TCP:c:\program files\steam\steamapps\common\dawn of war demo\w40k.exe:W40K
"TCP Query User{0610D84C-7DE4-45DD-80DC-9F46FBE92172}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9CCB3CF2-0B21-4A99-B999-91681FE93EE5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{5322ECF5-FB63-4244-A8B5-078433E371BA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{C905E453-7AFA-4DFB-9A41-C7BA583674F4}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{1458C6D7-08CA-4632-8573-57D90F20BFAB}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{F385D8F5-DD61-4B26-AF2F-E14F043749FD}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"TCP Query User{D54349A9-189F-4BB5-8948-551435D0A01E}c:\\program files\\gametap\\bin\\release\\gametap.exe"= UDP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"UDP Query User{A740E1B4-8A71-437C-A712-079D2139838B}c:\\program files\\gametap\\bin\\release\\gametap.exe"= TCP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"TCP Query User{82C6A510-98CF-42BA-8241-CE9C4FBD360A}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{78A45E52-E14D-492E-BE2E-2CA061D026CB}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{547D0104-8C48-4B02-A952-DEDB84801AD4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E019CDFC-BEA6-4093-B718-6EA6E8A8FD4A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E1E45325-CEDD-42E8-970D-EA697C6AC663}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D3583625-6727-426E-AF52-8601B7CB6422}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2432E36B-2F4A-46A0-98D1-8A830D66A4B4}"= UDP:c:\program files\Stardock Games\The Political Machine 2008 Express\PolMachine2008Express.exe:The Political Machine 2008
"{D0491E05-F64B-42D9-89B0-FEDB262EDC17}"= TCP:c:\program files\Stardock Games\The Political Machine 2008 Express\PolMachine2008Express.exe:The Political Machine 2008
"{287244ED-A2A7-4A21-967B-AF270964E760}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{A79709EA-CC04-4A8C-BC9C-1577690C8D81}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{C029C746-698E-4EA0-AD5A-FD4BC7A6C9B8}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{08B8F9BA-2FC1-490F-BA04-FD04D9DFA88C}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{FD5DDD98-8DA6-40BE-BBB3-1F23AB9549FA}"= UDP:c:\windows\System32\VSSVC.exe:vssvc
"{4532A3EE-E748-4E23-9E78-2E3C510D74C1}"= TCP:c:\windows\System32\VSSVC.exe:vssvc
"{DD402CE2-4BAC-4AFB-8EEE-C9A16A6B7067}"= UDP:c:\windows\System32\SearchProtocolHost.exe:SearchProtocolHost
"{46FAAF6D-1368-4D75-B870-D26985DE3A06}"= TCP:c:\windows\System32\SearchProtocolHost.exe:SearchProtocolHost

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-05-25 202872]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service []
R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-05-31 106808]
R3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-05-25 5504]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2006-12-05 37008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b379c06d-0ab4-11dc-89fc-806e6f6e6963}]
\shell\AutoRun\command - F:\FalloutLauncher.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Cris.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-12-05 19:51]

2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{938F6F14-F77A-4452-A209-37D9C3CB0DD3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-Dell AIO Printer A920 - c:\program files\Dell AIO Printer A920\dlbkbmgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070525
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\users\Cris\AppData\Roaming\Mozilla\Firefox\Profiles\94eyykzz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.cnn.com
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\GameTap\bin\Release\npgametaptool.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 13:09:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3252)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlbkcoms.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-12-08 13:18:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 21:17:26

Pre-Run: 73,446,469,632 bytes free
Post-Run: 73,254,592,512 bytes free

312 --- E O F --- 2008-12-02 01:52:56

[katana]

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  http://forums.spybot.info/showthread.php?p=264466#post264466
  Comment:: Katana
  Suspect::[4]
  c:\windows\System32\jvpjvecdjdzk.exe
  C:\-1093278649
  c:\windows\system32\parodupa.dll
  File::
  c:\windows\System32\jvpjvecdjdzk.exe
  C:\-1093278649
  c:\windows\system32\parodupa.dll
  Registry::
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"="c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL"
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{D820CC63-9609-44BD-B1F9-9E68A7B8E150}"=-
  "{E92BBCDC-6C9D-47BE-A397-BF5350F42854}"=-
  "{8AC027DE-2E82-4F14-B668-08B5FBF80D44}"=-
  "{AFD57EFB-CA89-4497-B60D-E55967CE274D}"=-
  "{A5FB63F6-139D-4B3B-826D-2DC7FDCBA9B5}"=-
  "{4CDBC202-10FD-4608-8DF8-37187900CE80}"=-
  "TCP Query User{0610D84C-7DE4-45DD-80DC-9F46FBE92172}c:\\program files\\utorrent\\utorrent.exe"=-
  "UDP Query User{9CCB3CF2-0B21-4A99-B999-91681FE93EE5}c:\\program files\\utorrent\\utorrent.exe"=-
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
  "c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
  
  ADS::

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
• A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
• Click OK and follow the instructions to submit the file.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

[cgtill]

I've submitted the file as the program requested. I'm going to run the Kaspersky scanner now. Here's the log from CF:

ComboFix 08-12-07.04 - Cris 2008-12-08 15:17:32.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1192 [GMT -8:00]
Running from: c:\users\Cris\Desktop\ComboFix.exe
Command switches used :: c:\users\Cris\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\-1093278649
c:\windows\System32\jvpjvecdjdzk.exe
c:\windows\system32\parodupa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1093278649
c:\windows\System32\jvpjvecdjdzk.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\users\Cris\AppData\Roaming\Malwarebytes
2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-07 16:53 . 2008-12-07 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 16:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 16:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 09:30 . 2008-12-07 09:30 <DIR> d-------- C:\rsit
2008-12-03 16:06 . 2008-12-03 16:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 13:27 . 2008-12-08 13:04 <DIR> d-------- C:\Temp
2008-12-02 22:10 . 2008-12-02 22:10 <DIR> d-------- c:\program files\Roleplaying City Map Generator
2008-11-25 11:07 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 11:07 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 11:07 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 11:07 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 11:07 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-14 17:07 . 2008-11-14 17:07 <DIR> d-------- c:\program files\Real
2008-11-14 17:07 . 2008-11-14 17:07 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-14 17:07 . 2008-11-14 17:07 <DIR> d-------- c:\program files\Common Files\Real
2008-11-12 10:18 . 2008-09-09 19:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 10:18 . 2008-09-04 21:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 10:18 . 2008-08-26 17:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 15:54 . 2008-11-19 21:57 <DIR> d-a------ c:\users\All Users\TEMP
2008-11-10 15:54 . 2008-11-19 21:57 <DIR> d-a------ c:\programdata\TEMP
2008-11-10 15:54 . 2008-11-19 21:26 <DIR> d-------- C:\Fraps
2008-11-09 13:54 . 2008-11-09 13:54 <DIR> d-------- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:09 --------- d-----w c:\program files\Steam
2008-12-05 00:52 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-03 21:56 --------- d-----w c:\program files\Common Files\Steam
2008-12-03 21:32 --------- d-----w c:\users\Cris\AppData\Roaming\foobar2000
2008-11-28 19:00 --------- d-----w c:\users\Cris\AppData\Roaming\OpenOffice.org2
2008-11-11 15:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 21:56 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-09 21:55 --------- d-----w c:\users\Cris\AppData\Roaming\SystemRequirementsLab
2008-11-09 03:43 --------- d-----w c:\programdata\NVIDIA
2008-11-04 11:02 --------- d-----w c:\program files\Microsoft Works
2008-10-28 20:55 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-28 20:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 20:30 --------- d-----w c:\program files\Bethesda Softworks
2008-10-28 02:13 --------- d-----w c:\users\Cris\AppData\Roaming\FLV Extract
2008-10-27 23:08 --------- d-----w c:\programdata\Ironclad Games
2008-10-26 19:57 --------- d--h--w c:\programdata\{9ECEFAAC-75E3-4CC9-864C-D1071F1F0CDF}
2008-10-26 19:57 --------- d-----w c:\programdata\Stardock
2008-10-26 19:56 --------- d-----w c:\program files\Stardock Games
2008-10-25 20:06 --------- d-----w c:\users\Cris\AppData\Roaming\Stardock
2008-10-25 20:02 --------- dc-h--w c:\programdata\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}
2008-10-25 20:02 --------- d-----w c:\program files\Stardock
2008-10-17 14:58 --------- d-----w c:\program files\Democracy2 Demo
2008-10-16 22:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 21:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-15 10:09 --------- d-----w c:\program files\Windows Mail
2008-10-12 20:39 --------- d-----w c:\program files\foobar2000
2008-10-08 23:32 --------- d-----w c:\users\Cris\AppData\Roaming\vlc
2008-10-02 23:46 81,920 ----a-w c:\windows\System32\frapsvid.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-17 16:55 797,216 ----a-w c:\windows\System32\nvcplui.exe
2008-09-17 16:55 704,512 ----a-w c:\windows\System32\nvsvsr.dll
2008-09-17 16:55 196,608 ----a-w c:\windows\System32\nvvsvc.exe
2008-09-17 16:55 122,880 ----a-w c:\windows\System32\nvcodhins.dll
2008-09-17 16:55 122,880 ----a-w c:\windows\System32\nvcodh.dll
2008-09-17 16:55 122,880 ----a-w c:\windows\System32\nvcod134.dll
2008-09-17 16:55 1,486,848 ----a-w c:\windows\System32\nvcuda.dll
2008-09-17 16:55 1,269,760 ----a-w c:\windows\System32\nvsvs.dll
2008-09-15 21:50 174 --sha-w c:\program files\desktop.ini
2008-09-15 21:19 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-15 21:19 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-08-12 21:24 24 ----a-w c:\users\Cris\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_13.16.20.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 21:09:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-08 21:09:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-08 21:09:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 21:12:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-08 21:09:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 21:12:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-08 21:03:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-08 23:17:02 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-12-08 20:38:24 104,834 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-08 21:19:06 104,834 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-08 20:38:24 603,774 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-08 21:19:06 603,774 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-08 20:35:24 9,928 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4173879838-1235674095-440810148-1001_UserData.bin
+ 2008-12-08 21:12:41 10,268 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4173879838-1235674095-440810148-1001_UserData.bin
- 2008-12-08 20:35:23 62,178 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 21:12:40 62,178 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-11 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"ImpulseFastStart"="c:\program files\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-12-05 22696]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-25 1862144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-07 c:\windows\sttray.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-18 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-05-25 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL,c:\windows\system32\parodupa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EAA8B186-14F3-49C9-9525-6BBB377B9E48}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8F303A0E-9AFE-43C6-B476-E5BD6115A558}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{40F7A7D2-B333-499C-86AA-5320620746E5}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{0AFDDCC7-C1C8-4D67-84EB-8D4CA39BBF17}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{62F371D7-0A43-4A58-B379-8DCA34744B24}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0998027B-BD7E-4632-BC7A-0B56482464CB}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{CAE2EFD5-205D-44FE-B0B1-5ABAF771B8F3}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{AB89EE7D-A5BB-4D37-A992-CA4D0A336177}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"TCP Query User{5A09396B-116B-49E2-A60D-6A2C754A216F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C757CED2-6AA3-4002-A604-1EEA64F5A545}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B6FF903D-B3E8-4947-B3DF-FC67279D5A52}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{DFE1BF3E-7CA1-44C4-9C76-0CFA871774D8}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{A48A2993-78DF-4588-8DED-D62D7E6BDC4A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{23DB7C6E-A0DD-402C-B378-6B2C27CCFE2F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{38838DDC-5981-48BA-A2AB-644D91FA5363}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{48996FC4-0F5A-4319-9E7D-389F318F37A2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6AF2403B-E8B6-4454-94B8-C2DB519F333C}"= UDP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"{1413D8D0-D391-46F8-8EEF-C5B050DB0ECC}"= TCP:c:\windows\System32\dlbkcoms.exe:AIO Printer A920 Server
"TCP Query User{2982FA6F-11EE-4042-B68C-80B731064704}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient.exe
"UDP Query User{507E8BF9-6B3E-4E9A-8434-869901C3D162}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient.exe
"TCP Query User{8FE9BA3B-51E6-4619-9ADB-B632D8AAE10F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{35C39879-F515-4B7F-9DBC-BE392BA88608}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7D38E5C6-1829-4FC0-96AD-92B25786AF7C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{238ED877-003B-442E-B4CE-21F0528BD1A6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{0016E537-AED3-45E7-8E58-86E80B908938}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:Last.fm
"UDP Query User{74D51921-D372-46DC-A889-B60C1EF527DE}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:Last.fm
"TCP Query User{A182450F-5C9E-410A-9D9B-88215DAD106A}c:\\neverwinternights\\nwn\\nwmain.exe"= UDP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{C9BFF035-0F01-48CB-B2C8-138F30D73F08}c:\\neverwinternights\\nwn\\nwmain.exe"= TCP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"TCP Query User{E6686E3E-7EB4-4E31-89F2-AB051381F89A}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"UDP Query User{970145B4-07BB-45D4-A9A0-5AF266CFD158}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"{940E0D0F-ED56-4886-B29C-20C408AC4D66}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D8220FD7-0A3E-40C7-89D0-1FFD4F8DD205}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{93A9DA53-6DD3-47A3-BC6A-D60A4BD2B2C5}c:\\program files\\steam\\steamapps\\ctillery\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\ctillery\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{AB2F13D9-016D-4DCA-AD32-13A83095DAE7}c:\\program files\\steam\\steamapps\\ctillery\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\ctillery\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{480FE579-262A-4795-A099-0CB32ABFC4AC}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{1ABDA973-064F-46DF-8CF8-4DE81687354A}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{219C7EC4-45F9-4C46-94D0-B78A214B5DD8}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"UDP Query User{923DA9A3-6772-47B8-96B5-ACFA204A643D}c:\\program files\\steam\\steamapps\\ctillery\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\ctillery\team fortress 2\hl2.exe:hl2
"TCP Query User{B65F92B3-6B1C-41D5-8B58-825385561E90}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{1C6BD907-D75E-40BA-9DCD-6C06A3AFE679}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{A547F004-2E5A-4DFF-B225-78B263866CC6}c:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{D22F0915-F782-4B57-9F91-0F464BAFA6EF}c:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:c:\program files\yahoo!\messenger\yserver.exe:YServer Module
"TCP Query User{B2CA3DE2-E12B-4965-9456-FCDCF7E94828}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{69669BAB-095C-4575-B3DD-3B2CD2756DE8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{1486C307-4711-4C19-B443-9617ABB88756}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{88E0A49B-184E-4F00-8550-A84BD67990DE}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{C482DC3A-50A2-4E2F-9198-36489DD14AFB}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{E3816F67-BC2E-4ADB-93AF-5C4FC319E6AF}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{97E8B0E4-8711-4C8B-9B1F-BC3DA87734D4}c:\\program files\\steam\\steamapps\\common\\dawn of war demo\\w40k.exe"= UDP:c:\program files\steam\steamapps\common\dawn of war demo\w40k.exe:W40K
"UDP Query User{DD913A0E-1738-469B-BDD3-A76C6017FAB7}c:\\program files\\steam\\steamapps\\common\\dawn of war demo\\w40k.exe"= TCP:c:\program files\steam\steamapps\common\dawn of war demo\w40k.exe:W40K
"{5322ECF5-FB63-4244-A8B5-078433E371BA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{C905E453-7AFA-4DFB-9A41-C7BA583674F4}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:Sid Meier's Civilization 4 Gold
"{1458C6D7-08CA-4632-8573-57D90F20BFAB}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{F385D8F5-DD61-4B26-AF2F-E14F043749FD}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"TCP Query User{D54349A9-189F-4BB5-8948-551435D0A01E}c:\\program files\\gametap\\bin\\release\\gametap.exe"= UDP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"UDP Query User{A740E1B4-8A71-437C-A712-079D2139838B}c:\\program files\\gametap\\bin\\release\\gametap.exe"= TCP:c:\program files\gametap\bin\release\gametap.exe:GameTap Application
"TCP Query User{82C6A510-98CF-42BA-8241-CE9C4FBD360A}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{78A45E52-E14D-492E-BE2E-2CA061D026CB}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{547D0104-8C48-4B02-A952-DEDB84801AD4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E019CDFC-BEA6-4093-B718-6EA6E8A8FD4A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E1E45325-CEDD-42E8-970D-EA697C6AC663}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D3583625-6727-426E-AF52-8601B7CB6422}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2432E36B-2F4A-46A0-98D1-8A830D66A4B4}"= UDP:c:\program files\Stardock Games\The Political Machine 2008 Express\PolMachine2008Express.exe:The Political Machine 2008
"{D0491E05-F64B-42D9-89B0-FEDB262EDC17}"= TCP:c:\program files\Stardock Games\The Political Machine 2008 Express\PolMachine2008Express.exe:The Political Machine 2008
"{287244ED-A2A7-4A21-967B-AF270964E760}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{A79709EA-CC04-4A8C-BC9C-1577690C8D81}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{C029C746-698E-4EA0-AD5A-FD4BC7A6C9B8}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{08B8F9BA-2FC1-490F-BA04-FD04D9DFA88C}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{FD5DDD98-8DA6-40BE-BBB3-1F23AB9549FA}"= UDP:c:\windows\System32\VSSVC.exe:vssvc
"{4532A3EE-E748-4E23-9E78-2E3C510D74C1}"= TCP:c:\windows\System32\VSSVC.exe:vssvc
"{DD402CE2-4BAC-4AFB-8EEE-C9A16A6B7067}"= UDP:c:\windows\System32\SearchProtocolHost.exe:SearchProtocolHost
"{46FAAF6D-1368-4D75-B870-D26985DE3A06}"= TCP:c:\windows\System32\SearchProtocolHost.exe:SearchProtocolHost

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-05-25 202872]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service []
R2 DQLWinService;DQLWinService;"c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-05-31 106808]
R3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-05-25 5504]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2006-12-05 37008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b379c06d-0ab4-11dc-89fc-806e6f6e6963}]
\shell\AutoRun\command - F:\FalloutLauncher.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Cris.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-12-05 19:51]

2008-12-08 c:\windows\Tasks\User_Feed_Synchronization-{938F6F14-F77A-4452-A209-37D9C3CB0DD3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070525
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\users\Cris\AppData\Roaming\Mozilla\Firefox\Profiles\94eyykzz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.cnn.com
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\GameTap\bin\Release\npgametaptool.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 15:19:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-12-08 15:22:30
ComboFix-quarantined-files.txt 2008-12-08 23:20:59
ComboFix2.txt 2008-12-08 21:18:09

Pre-Run: 73,075,408,896 bytes free
Post-Run: 73,043,894,272 bytes free

298 --- E O F --- 2008-12-02 01:52:56

[cgtill]

Here's the Kaspersky scan report. Thanks!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 20:42:14
Records in database: 1444573
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 216531
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:09:16


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\bxeebyksrvlaifiia.dll.vir Infected: Trojan.Win32.Agent.asjk 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEGFZEYC\mss32[1].exe Infected: Trojan.Win32.Inject.kyv 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y30JFDYS\mss32[1].exe Infected: Trojan.Win32.Inject.kyv 1

The selected area was scanned.

[katana]

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
• Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

[cgtill]

Here's the GMER log. I didn't receive a notice before starting the scan:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-09 07:35:39
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 87276288 ZwAlertResumeThread
SSDT 87276368 ZwAlertThread
SSDT 87243790 ZwAllocateVirtualMemory
SSDT 871E93B0 ZwConnectPort
SSDT 872B3408 ZwCreateMutant
SSDT 872438E8 ZwCreateThread
SSDT 8726FCB8 ZwFreeVirtualMemory
SSDT 872760C8 ZwImpersonateAnonymousToken
SSDT 872761A8 ZwImpersonateThread
SSDT 872963C0 ZwMapViewOfSection
SSDT 872B3328 ZwOpenEvent
SSDT 872AFF88 ZwOpenProcessToken
SSDT 87277008 ZwOpenThreadToken
SSDT 8728C030 ZwResumeThread
SSDT 872772E8 ZwSetContextThread
SSDT 8727A3E8 ZwSetInformationProcess
SSDT 87277228 ZwSetInformationThread
SSDT 872B3248 ZwSuspendProcess
SSDT 872770A8 ZwSuspendThread
SSDT 8727A540 ZwTerminateProcess
SSDT 87277168 ZwTerminateThread
SSDT 872431C8 ZwUnmapViewOfSection
SSDT 87276578 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81CBE914 8 Bytes [ 88, 62, 27, 87, 68, 63, 27, ... ]
.text ntkrnlpa.exe!KeSetTimerEx + 364 81CBE928 4 Bytes [ 90, 37, 24, 87 ]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CBE9B8 4 Bytes [ B0, 93, 1E, 87 ]
.text ntkrnlpa.exe!KeSetTimerEx + 428 81CBE9EC 4 Bytes [ 08, 34, 2B, 87 ]
.text ntkrnlpa.exe!KeSetTimerEx + 454 81CBEA18 4 Bytes CALL 97530E55
.text ...
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\Windows\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] KERNEL32.dll!GetModuleFileNameA 772E440D 5 Bytes JMP 63001066 C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] KERNEL32.dll!GetModuleHandleA 772EBB4D 2 Bytes JMP 630010ED C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] KERNEL32.dll!GetModuleHandleA + 3 772EBB50 2 Bytes [ D1, EB ]
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] USER32.dll!GetSysColorBrush 7763EECC 5 Bytes JMP 6305DB41 C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] USER32.dll!DefWindowProcA 7763F9E1 5 Bytes JMP 6305DE2E C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] USER32.dll!SetScrollInfo 77648663 5 Bytes JMP 6305DC03 C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] USER32.dll!GetSysColor 77649D02 5 Bytes JMP 6305EB6B C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Stardock\Impulse\Impulse.exe[3372] USER32.dll!DefWindowProcW 776504BD 5 Bytes JMP 6305DEA8 C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305DB0E] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [6302A06B] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [6302A0A8] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305DA8A] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [GDI32.dll!DeleteObject] [6305DB0E] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63029F0C] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongA] [61001530] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!CreateWindowExW] [6302A0A8] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!CallWindowProcW] [63059665] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenu] [63029EE4] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301D95C] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301E510] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305DB41] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!MoveWindow] [6301DB6F] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos] [6301DD7A] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColor] [6305DA8A] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [63029BC4] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowRect] [6301DF8F] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [6305DB0E] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6305DA8A] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [63059665] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [6302A0A8] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowRect] [6301DF8F] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\ole32.dll [USER32.dll!MoveWindow] [6301DB6F] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [63029E99] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63029DCC] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63029F31] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63029D63] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [USER32.dll!DefWindowProcA] [61001850] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowLongA] [61001530] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Program Files\Stardock\Impulse\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW] [6302A0A8] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos] [6301DD7A] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Stardock\Impulse\Impulse.exe[3372] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowRect] [6301DF8F] C:\Program Files\Stardock\Impulse\wbocx32.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

[katana]

Please note:- Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator


Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

[cgtill]

Here it is:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL,C:\\Windows\\system32\\parodupa.dll"
"IconServiceLib"="IconCodecService.dll"
"DdeSendTimeout"=dword:00000000
"DesktopHeapLogging"=dword:00000001
"GDIProcessHandleQuota"=dword:00002710
"ShutdownWarningDialogTimeout"=dword:ffffffff
"USERPostMessageLimit"=dword:00002710
"USERProcessHandleQuota"=dword:00002710
@="mnmsrvc"
"DeviceNotSelectedTimeout"="15"
"Spooler"="yes"
"TransmissionRetryTimeout"="90"

[katana]

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include :Reg )

Code:

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
:Files
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEGFZEYC
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y30JFDYS
:command

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please post the OTMI Log along with a fresh RSIT Log
How are things running now, any problems left ?

[cgtill]

Going to run the program now. I haven't noticed any problems. No more popups. There was a file that I noticed that gave itself access to the internet (csrssc.exe) and blocked it with Norton's firewall. I've noticed that the file no longer attempts to access the internet.

However, I was testing to see if I still got redirects in google and I still do. I used the search term "money" (figured that'd be popular with a bug) and clicked on the first result: money.cnn.com. The first click took me to the actual website, the second took me to www.moneypowercenter.com.

Could you explain what you mean by a new RSIT log?