Unsure what i have..

[slash_tbh]

Yea i opened some program and i dunno what the heck is goin on. I can't list a Hijackthis log cause i get this error that say "hijackthis.exe is not a valid Win32 Application" I also get this with a few other programs. Since i can't run hijackthis what should i do?

[Rorschach112]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[slash_tbh]

here is the combo fix log, And i still can't post a hijackthis log getting "this is not a valid win32 application"


ComboFix 08-05-29.1 - Owner 2008-05-30 9:08:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\m
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\662343.exe
C:\WINDOWS\system32\drivers\downld\676890.exe
C:\WINDOWS\system32\drivers\downld\691500.exe
C:\WINDOWS\system32\drivers\downld\693843.exe
C:\WINDOWS\system32\drivers\downld\716390.exe
C:\WINDOWS\system32\drivers\downld\729625.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-30 09:14 . 2008-05-30 09:14 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-05-29 03:44 . 2008-05-29 03:52 <DIR> d-------- C:\Soldat
2008-05-29 03:26 . 2008-05-29 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 01:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 01:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 10:06 . 2008-05-27 10:16 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-27 09:58 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-27 09:58 . 2008-05-27 09:58 1,347 --a------ C:\WINDOWS\ST6UNST.001
2008-05-27 09:57 . 2008-05-27 10:16 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-27 09:57 . 2008-05-27 09:57 342 --a------ C:\WINDOWS\ST6UNST.000
2008-05-16 03:40 . 2008-05-17 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-16 03:40 . 2008-05-12 20:53 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-16 03:40 . 2008-05-12 20:53 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-16 03:39 . 2008-05-16 03:40 <DIR> d-------- C:\Program Files\DivX
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\Program Files\FLV Player
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-12 20:53 . 2008-05-12 20:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:53 . 2008-05-12 20:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 03:57 . 2008-05-12 16:33 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-07 04:20 . 2008-05-07 04:20 <DIR> d-------- C:\Logs
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\system32\{E7022AC0-C745-4CB7-8691-2A3DED902CA6}.dat
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\{BECC9981-C01D-4114-9BFF-6F1F16D4E9D9}.dat
2008-05-06 20:22 . 2008-05-06 20:27 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2008-05-06 20:22 . 2008-05-06 20:22 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-05-06 20:04 . 2008-05-08 04:00 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-02 01:37 . 2008-05-30 08:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-02 01:37 . 2008-05-02 01:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-02 01:06 . 2008-05-30 09:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-01 03:45 . 2008-05-01 03:45 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-01 03:45 . 2003-07-20 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-01 03:45 . 2005-01-04 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-01 01:31 . 2008-05-28 19:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-05-01 01:30 . 2008-05-01 01:30 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-30 23:14 . 2008-04-30 23:14 <DIR> d-------- C:\Documents and Settings\Owner\workspace
2008-04-30 22:39 . 2008-04-30 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-30 16:57 . 2008-04-30 16:57 0 --a------ C:\WINDOWS\iPlayer.INI
2008-04-30 16:39 . 2008-04-30 16:40 <DIR> d-------- C:\Program Files\InterActual
2008-04-28 22:25 . 2008-04-28 22:26 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-28 22:20 . 2008-04-28 22:20 <DIR> d-------- C:\ie-spyad
2008-04-28 22:20 . 1999-12-21 10:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-04-28 22:06 . 2008-05-28 18:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-28 22:06 . 2008-05-28 18:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 21:02 . 2004-11-02 11:58 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-28 17:30 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-28 17:30 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-28 17:30 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-28 17:30 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-28 17:30 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-28 17:30 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-28 17:30 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-28 17:30 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-28 17:30 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-28 17:21 . 2007-08-13 21:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-27 09:41 . 2008-05-28 02:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 09:41 . 2008-04-27 09:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-27 09:41 . 2008-04-27 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 09:21 . 2008-04-27 09:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-04-26 17:31 . 2002-04-11 23:21 13,335 --a------ C:\WINDOWS\system32\drivers\usbcm.sys
2008-04-26 17:04 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-26 17:04 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-26 17:04 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-26 16:59 . 2008-04-26 16:59 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-26 12:23 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-26 06:57 . 2008-04-26 06:57 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-26 06:57 . 2008-04-26 06:57 <DIR> d-------- C:\WINDOWS\peernet
2008-04-26 06:54 . 2008-04-26 06:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-26 06:41 . 2008-04-26 06:41 <DIR> d-------- C:\WINDOWS\EHome
2008-04-26 05:30 . 2004-08-04 01:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-26 05:30 . 2004-08-04 01:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-25 06:01 . 2008-04-25 06:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 06:01 . 2008-04-25 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 05:49 . 2008-05-12 02:03 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper
2008-04-25 05:12 . 2008-04-25 05:12 <DIR> d-------- C:\Program Files\Safer Networking
2008-04-25 01:27 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-24 23:28 . 2008-04-24 23:28 136 --ah----- C:\sqmnoopt02.sqm
2008-04-24 23:28 . 2008-04-24 23:28 136 --ah----- C:\sqmdata02.sqm
2008-04-24 15:37 . 2008-04-24 15:37 268 --ah----- C:\sqmdata01.sqm
2008-04-24 15:37 . 2008-04-24 15:37 244 --ah----- C:\sqmnoopt01.sqm
2008-04-24 15:13 . 2008-04-24 15:16 543 --a------ C:\WINDOWS\wininit.ini
2008-04-24 14:20 . 2008-04-24 14:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-24 14:20 . 2008-04-24 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 05:21 . 2008-04-24 05:21 268 --ah----- C:\sqmdata00.sqm
2008-04-24 05:21 . 2008-04-24 05:21 244 --ah----- C:\sqmnoopt00.sqm
2008-04-23 17:55 . 2007-07-30 21:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-23 17:55 . 2007-07-30 21:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-23 09:06 . 2008-04-23 09:10 <DIR> d-------- C:\Program Files\BitLord
2008-04-23 08:30 . 2008-05-27 10:22 <DIR> d-------- C:\Program Files\eMule
2008-04-23 06:40 . 2008-04-23 06:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Soldat
2008-04-23 06:40 . 2008-04-23 06:40 0 -ra------ C:\logwmemory.bin
2008-04-23 06:36 . 2008-04-23 06:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-23 06:35 . 2008-04-23 06:35 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-23 06:30 . 2008-04-23 06:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-04-23 06:29 . 2008-04-23 06:30 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-23 06:29 . 2008-04-23 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 06:29 . 2008-04-23 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 06:29 . 2008-04-23 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-23 06:28 . 2008-04-23 06:28 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-23 06:28 . 2008-04-23 06:30 <DIR> d-------- C:\Program Files\AIM6
2008-04-23 06:28 . 2008-04-23 06:30 450 --ah----- C:\IPH.PH
2008-04-23 06:08 . 2007-03-07 18:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-23 06:08 . 2007-03-07 18:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-23 06:07 . 2008-04-23 06:12 <DIR> d-------- C:\Program Files\Winamp
2008-04-23 06:07 . 2008-05-12 02:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-04-23 06:07 . 2008-05-12 20:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-04-23 05:23 . 2008-04-23 05:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nexon
2008-04-23 04:59 . 2008-04-23 04:59 <DIR> d-------- C:\Nexon
2008-04-23 03:54 . 2008-04-23 03:55 <DIR> d-------- C:\Program Files\Unlocker
2008-04-22 23:53 . 2008-04-22 23:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\.clamwin
2008-04-22 23:52 . 2008-04-22 23:52 <DIR> d-------- C:\Program Files\ClamWin
2008-04-22 23:52 . 2008-04-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
2008-04-22 23:41 . 2003-03-03 12:24 33,792 --a------ C:\WINDOWS\ieuninst.exe
2008-04-22 23:31 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-22 23:28 . 2008-05-01 01:30 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 16:54 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-27 15:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 22:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-07 01:24 --------- d-----w C:\Program Files\Symantec
2008-05-07 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-27 17:10 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-04-26 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 20:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59 126976]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2005-10-24 02:01 659456]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-30 09:10 70816]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 22:11 139264]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37 53248]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-05-30 09:10 77824]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03 155648]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29 59072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 21:19:08 53248]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 22:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40 233472]
Norton Personal Firewall.lnk - C:\Program Files\Norton Personal Firewall\nisfirst.exe [2002-11-15 12:48:14 644744]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 01:09:13 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 09:15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-30 9:22:24 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-05-30 14:22:16
ComboFix2.txt 2008-04-27 00:07:41

Pre-Run: 89,633,525,760 bytes free
Post-Run: 89,530,494,976 bytes free

258 --- E O F --- 2008-05-16 08:24:27

[Rorschach112]

Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Click here to use the F-Secure Online Scanner

• Then click the Start Scanning button below.
• You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
• Click the Full System Scan button.
• It will start to download scanner components and databases. This can take a while.
• The main scan will start.
• Once the scan finished scanning, click the Automatic cleaning (recommended) button
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
• The cleaning can take a while, so please be patient.
• Then click the Show report button and copy and paste what's present under results in your next reply.

[slash_tbh]

after the online scan logs

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-31 19:51
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 818915
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 83325
Number of viruses found: 9
Number of infected objects: 106
Number of suspicious objects: 0
Duration of the scan process: 01:42:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\call256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chat256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chat512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatsync\1b\1b15fff6be787699.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\chatsync\ad\ad1a83814214b550.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\index2.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\user1024.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\user32768.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\slash_the_hedgie\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe Infected: Trojan-PSW.Win32.Mapler.ak skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_73c.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4201.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC028.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCEB7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Nexon\MapleStory\localhost.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\Nexon\MapleStory\MapleCrusade.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip/Technitium MAC Address Changer 4.0.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip ZIP: infected - 1 skipped
C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\Program Files\Mozilla Firefox\MapleCrusade.exe Infected: Trojan-PSW.Win32.Mapler.ah skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\123062.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\138109.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\143578.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14860000.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14904984.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14905640.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14937703.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14975250.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\14983906.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15107187.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15134828.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15145296.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\15175031.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\158328.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\161437.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\171187.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\199953.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\201640.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\203781.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\235187.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\247046.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29857656.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\29967421.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\33264984.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\379484.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\44558593.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\47829906.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\47905937.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\catchme2008-05-30_ 91136.71.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\QooBox\Quarantine\catchme2008-05-30_ 91136.71.zip/mdelk.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\QooBox\Quarantine\catchme2008-05-30_ 91136.71.zip ZIP: infected - 2 skipped
C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP137\A0007296.exe Infected: Trojan-PSW.Win32.Mapler.ah skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP143\A0007420.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP145\A0008184.exe/MapleCrusade.exe Infected: Trojan-PSW.Win32.Mapler.ah skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP145\A0008184.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP145\A0008186.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP155\A0009210.exe Infected: Trojan-PSW.Win32.Mapler.aj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010257.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010259.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010261.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010262.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010407.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010420.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010435.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010482.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010485.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP159\A0010514.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160\A0010575.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160\A0010597.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP160\A0010598.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161\A0010617.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161\A0010618.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP161\A0010650.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162\A0010667.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162\A0010668.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP162\A0010698.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163\A0010729.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163\A0010730.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP163\A0010756.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164\A0010777.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164\A0010778.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP164\A0010804.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010825.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010826.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010852.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0010874.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0011140.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP165\A0012118.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012129.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012130.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012131.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012132.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012133.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012134.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012135.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012136.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012138.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012144.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012147.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012148.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012151.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012164.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012166.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012167.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012173.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012174.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012175.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012180.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012181.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012182.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012183.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012190.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012198.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012209.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012222.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0012223.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0013118.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP167\A0013211.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP168\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BFBEE614-CCD7-4859-AC56-57C67DD8E049}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Rorschach112]

Post the F-Secure log

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe
C:\Nexon\MapleStory\localhost.exe
C:\Nexon\MapleStory\MapleCrusade.exe
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Mozilla Firefox\MapleCrusade.exe

Folder::
C:\WINDOWS\system32\drivers\downld
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip

DirLook::
C:\Program Files\eMule\Incoming

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"=-

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[slash_tbh]

Oh sorry! i thought you meant for me to pick of one of those two scanners. i didn't do the F-secure. i'll post it after i do the scan, not sure if you want me to do the combo fix yet.

[Rorschach112]

Do the ComboFix, then go do the F-Secure scan

[slash_tbh]

ComboFix 08-05-29.1 - Owner 2008-06-01 16:33:28.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.306 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe
C:\Nexon\MapleStory\localhost.exe
C:\Nexon\MapleStory\MapleCrusade.exe
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Mozilla Firefox\MapleCrusade.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktop\Gaming Stuffs\OdinMS\MapleStory\OdinMS.exe
C:\Nexon\MapleStory\localhost.exe
C:\Nexon\MapleStory\MapleCrusade.exe
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip\
c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
C:\Program Files\Mozilla Firefox\MapleCrusade.exe
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-29 03:44 . 2008-05-29 03:52 <DIR> d-------- C:\Soldat
2008-05-29 03:26 . 2008-05-29 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 01:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 01:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 10:06 . 2008-05-27 10:16 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-27 09:58 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-05-27 09:58 . 2008-05-27 09:58 1,347 --a------ C:\WINDOWS\ST6UNST.001
2008-05-27 09:57 . 2008-05-27 10:16 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-27 09:57 . 2008-05-27 09:57 342 --a------ C:\WINDOWS\ST6UNST.000
2008-05-16 03:40 . 2008-05-17 17:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-05-16 03:40 . 2008-05-12 20:53 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-16 03:40 . 2008-05-12 20:53 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-16 03:39 . 2008-05-16 03:40 <DIR> d-------- C:\Program Files\DivX
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-05-14 09:18 . 2008-05-14 09:18 <DIR> d-------- C:\Program Files\FLV Player
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-13 13:51 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-12 20:53 . 2008-05-12 20:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 20:53 . 2008-05-12 20:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-12 20:53 . 2008-05-12 20:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 20:51 . 2008-05-12 20:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 20:51 . 2008-05-12 20:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 20:49 . 2008-05-12 20:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-12 20:49 . 2008-05-12 20:49 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-12 20:49 . 2008-05-12 20:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 20:49 . 2008-05-12 20:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 03:57 . 2008-05-12 16:33 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-07 04:20 . 2008-05-07 04:20 <DIR> d-------- C:\Logs
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\system32\{E7022AC0-C745-4CB7-8691-2A3DED902CA6}.dat
2008-05-06 20:25 . 2008-05-06 20:25 32 --ahs---- C:\WINDOWS\{BECC9981-C01D-4114-9BFF-6F1F16D4E9D9}.dat
2008-05-06 20:22 . 2008-05-06 20:27 <DIR> d-------- C:\Program Files\Norton Personal Firewall
2008-05-06 20:22 . 2008-05-06 20:22 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-05-06 20:04 . 2008-05-08 04:00 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-02 01:37 . 2008-06-01 16:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-02 01:37 . 2008-05-02 01:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-02 01:06 . 2008-06-01 16:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-02 01:06 . 2008-05-02 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-01 03:45 . 2008-05-01 03:45 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-01 03:45 . 2003-07-20 13:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-01 03:45 . 2005-01-04 04:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-01 01:31 . 2008-05-28 19:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Hamachi
2008-05-01 01:30 . 2008-05-01 01:30 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 23:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:49 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-28 07:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 16:54 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-27 15:22 --------- d-----w C:\Program Files\eMule
2008-05-27 15:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 22:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-12 07:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-07 01:24 --------- d-----w C:\Program Files\Symantec
2008-05-07 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-01 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-30 21:40 --------- d-----w C:\Program Files\InterActual
2008-04-29 03:26 --------- d-----w C:\Program Files\SpywareGuard
2008-04-27 17:10 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-04-27 14:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-27 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 14:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-04-26 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 21:59 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-25 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 10:12 --------- d-----w C:\Program Files\Safer Networking
2008-04-24 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 19:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 14:10 --------- d-----w C:\Program Files\BitLord
2008-04-23 11:40 0 ----a-r C:\logwmemory.bin
2008-04-23 11:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Soldat
2008-04-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-04-23 11:30 --------- d-----w C:\Program Files\Viewpoint
2008-04-23 11:30 --------- d-----w C:\Program Files\AIM6
2008-04-23 11:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2008-04-23 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-23 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-23 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-23 11:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-23 11:12 --------- d-----w C:\Program Files\Winamp
2008-04-23 10:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nexon
2008-04-23 08:55 --------- d-----w C:\Program Files\Unlocker
2008-04-23 04:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\.clamwin
2008-04-23 04:52 --------- d-----w C:\Program Files\ClamWin
2008-04-23 01:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-04-23 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-23 00:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-23 00:21 3,884 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-23 00:14 4,158 --sha-r C:\WINDOWS\system32\drivers\HP_DQ174A-ABA A410N_YC_Pavi_QMXK349_E41NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.02_T031031_WXH1_L409_M504_J123_7Intel_8Celeron_92.8_111063044_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2008-04-23 00:10 --------- d-----w C:\Program Files\ArcSoft
2008-04-23 00:09 --------- d-----w C:\Program Files\Multimedia Card Reader
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\eMule\Incoming ----

2008-05-27 10:22 667521 --a------ C:\Program Files\eMule\Incoming\Technitium MAC Address Changer 4.0.zip
2008-05-18 05:04 16896 --ahs---- C:\Program Files\eMule\Incoming\Thumbs.db
2008-05-17 19:56 215022644 --a------ C:\Program Files\eMule\Incoming\Animal Sex - Zoofilia Dog Brutal.avi
2008-05-16 22:02 65376256 --a------ C:\Program Files\eMule\Incoming\Animal - Dog - Caes Do Sexo (Excellent Fuck And Cum Inside Cunt).avi
2008-05-16 21:35 8614900 --a------ C:\Program Files\eMule\Incoming\Zoo Animal Sex - Teenage Girl Fucked By Her Dog - 1.mpeg
2008-05-14 18:13 44847900 --a------ C:\Program Files\eMule\Incoming\Petlust Animal Beastiality - Black Pony Horse Fucks Woman Hard Doggie Style (4m18S).mpg


((((((((((((((((((((((((((((( snapshot@2008-05-30_ 9.19.28.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 02:45:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
- 2008-05-30 14:14:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 21:37:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-08-14 02:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
- 2004-08-04 07:56:41 35,328 ------w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 23:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 23:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2006-09-07 01:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 22:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23f7ceac0c43a07ec2743f7a\idndl.dll
2006-06-29 08:05 26112 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013373.dll

C:\23f7ceac0c43a07ec2743f7a\normaliz.dll
2006-06-29 08:05 23552 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013372.dll

C:\23f7ceac0c43a07ec2743f7a\spmsg.dll
2006-05-25 10:29 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013371.dll

C:\23f7ceac0c43a07ec2743f7a\spuninst.exe
2006-05-25 10:29 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013370.exe

C:\23f7ceac0c43a07ec2743f7a\spupdsvc.exe
2006-05-25 10:29 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013369.exe

C:\23f7ceac0c43a07ec2743f7a\update\spcustom.dll
2006-05-25 10:29 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013367.dll

C:\23f7ceac0c43a07ec2743f7a\update\update.exe
2006-05-25 10:29 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013365.exe

C:\23f7ceac0c43a07ec2743f7a\update\updspapi.dll
2006-05-25 10:29 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP172\A0013366.dll

C:\721b268685871161c33d36\nlsdl.dll
2006-06-28 17:59 24576 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013354.dll

C:\721b268685871161c33d36\spmsg.dll
2006-05-24 12:32 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013353.dll

C:\721b268685871161c33d36\spuninst.exe
2006-05-24 12:32 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013352.exe

C:\721b268685871161c33d36\spupdsvc.exe
2006-05-24 12:32 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013351.exe

C:\721b268685871161c33d36\update\spcustom.dll
2006-05-24 12:32 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013349.dll

C:\721b268685871161c33d36\update\update.exe
2006-05-24 12:32 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013347.exe

C:\721b268685871161c33d36\update\updspapi.dll
2006-05-24 12:32 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP171\A0013348.dll

C:\8996d1c1c61811f28a5b\SP2GDR\xmllite.dll
2006-07-14 10:51 121856 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013329.dll

C:\8996d1c1c61811f28a5b\SP2QFE\xmllite.dll
2006-07-14 10:52 121856 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013328.dll

C:\8996d1c1c61811f28a5b\spmsg.dll
2005-10-12 18:12 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013327.dll

C:\8996d1c1c61811f28a5b\spuninst.exe
2005-10-12 18:12 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013334.exe

C:\8996d1c1c61811f28a5b\update\spcustom.dll
2005-10-12 18:12 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013324.dll

C:\8996d1c1c61811f28a5b\update\update.exe
2005-10-12 18:12 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013335.exe

C:\8996d1c1c61811f28a5b\update\updspapi.dll
2005-10-12 18:12 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP170\A0013330.dll

C:\Combo-Fix\Combobatch.bat
2000-08-31 08:00 7414 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013496.bat
2008-06-01 16:36 7504 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013505.bat

C:\Combo-Fix\Comspec.bat
2000-08-31 08:00 149 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013483.bat

C:\Combo-Fix\Disclaimer.bat
{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP166\A0012127.batC:\WINDOWS\inf\_000000_.tmp.dll
2008-03-27 22:49 705 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP168\A0013282.dll

2008-06-01 16:36 65096 C:\Combo-Fix\Lang.bat
2000-08-31 08:00 65098 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013497.bat

C:\Combo-Fix\List-C.bat
2000-08-31 08:00 200169 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013495.bat

C:\Combo-Fix\restore_pt.vbs
2000-08-31 08:00 232 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP174\A0013489.vbs

C:\dfafd4ba2f6f078ef441921851170327\admparse.dll
2007-08-13 18:39 71680 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013465.dll

C:\dfafd4ba2f6f078ef441921851170327\advpack.dll
2007-08-13 18:39 123904 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013464.dll

C:\dfafd4ba2f6f078ef441921851170327\browseui.dll
2006-09-23 13:12 1022976 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013463.dll

C:\dfafd4ba2f6f078ef441921851170327\corpol.dll
2007-08-13 18:42 17408 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013462.dll

C:\dfafd4ba2f6f078ef441921851170327\custsat.dll
2007-08-13 18:54 33792 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013461.dll

C:\dfafd4ba2f6f078ef441921851170327\dxtmsft.dll
2007-08-13 18:35 346624 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013460.dll

C:\dfafd4ba2f6f078ef441921851170327\dxtrans.dll
2007-08-13 18:35 214528 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013459.dll

C:\dfafd4ba2f6f078ef441921851170327\extmgr.dll
2007-08-13 18:54 131584 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013458.dll

C:\dfafd4ba2f6f078ef441921851170327\hmmapi.dll
2007-08-13 18:18 60416 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013457.dll

C:\dfafd4ba2f6f078ef441921851170327\icardie.dll
2007-08-13 18:36 61952 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013456.dll

C:\dfafd4ba2f6f078ef441921851170327\ie4uinit.exe
2007-08-13 18:39 54784 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013418.exe

C:\dfafd4ba2f6f078ef441921851170327\ieakeng.dll
2007-08-13 18:39 152064 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013455.dll

C:\dfafd4ba2f6f078ef441921851170327\ieaksie.dll
2007-08-13 18:39 229376 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013454.dll

C:\dfafd4ba2f6f078ef441921851170327\ieakui.dll
2007-08-13 17:56 161792 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013453.dll

C:\dfafd4ba2f6f078ef441921851170327\ieapfltr.dll
2007-07-11 12:27 383488 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013452.dll

C:\dfafd4ba2f6f078ef441921851170327\iedkcs32.dll
2007-08-13 18:39 382976 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013451.dll

C:\dfafd4ba2f6f078ef441921851170327\iedw.exe
2007-08-13 18:44 69120 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013417.exe

C:\dfafd4ba2f6f078ef441921851170327\ieencode.dll
2007-08-13 18:45 78336 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013450.dll

C:\dfafd4ba2f6f078ef441921851170327\ieframe.dll
2007-08-13 18:54 6049280 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013449.dll

C:\dfafd4ba2f6f078ef441921851170327\iepeers.dll
2007-08-13 18:54 191488 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013448.dll

C:\dfafd4ba2f6f078ef441921851170327\ieproxy.dll
2007-08-13 18:54 287744 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013447.dll

C:\dfafd4ba2f6f078ef441921851170327\iernonce.dll
2007-08-13 18:39 43008 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013446.dll

C:\dfafd4ba2f6f078ef441921851170327\iertutil.dll
2007-08-13 18:34 266752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013445.dll

C:\dfafd4ba2f6f078ef441921851170327\iesetup.dll
2007-08-13 18:39 55296 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013444.dll

C:\dfafd4ba2f6f078ef441921851170327\ieudinit.exe
2007-08-13 18:39 13312 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013416.exe

C:\dfafd4ba2f6f078ef441921851170327\ieui.dll
2007-08-13 18:54 180736 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013443.dll

C:\dfafd4ba2f6f078ef441921851170327\iexplore.exe
2007-08-13 18:43 622080 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013415.exe

C:\dfafd4ba2f6f078ef441921851170327\imgutil.dll
2007-08-13 18:36 36352 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013442.dll

C:\dfafd4ba2f6f078ef441921851170327\inseng.dll
2007-08-13 18:39 92672 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013441.dll

C:\dfafd4ba2f6f078ef441921851170327\jscript.dll
2007-08-13 18:38 491520 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013440.dll

C:\dfafd4ba2f6f078ef441921851170327\jsproxy.dll
2007-08-13 18:54 27136 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013439.dll

C:\dfafd4ba2f6f078ef441921851170327\licmgr10.dll
2007-08-13 18:44 40960 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013438.dll

C:\dfafd4ba2f6f078ef441921851170327\msfeeds.dll
2007-08-13 18:54 458752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013437.dll

C:\dfafd4ba2f6f078ef441921851170327\msfeedsbs.dll
2007-08-13 18:54 50688 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013436.dll

C:\dfafd4ba2f6f078ef441921851170327\msfeedssync.exe
2007-08-13 18:36 12288 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013414.exe

C:\dfafd4ba2f6f078ef441921851170327\mshta.exe
2007-08-13 18:32 45568 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013413.exe

C:\dfafd4ba2f6f078ef441921851170327\mshtml.dll
2007-08-13 18:54 3578368 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013435.dll

C:\dfafd4ba2f6f078ef441921851170327\mshtmled.dll
2007-08-13 18:54 475648 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013434.dll

C:\dfafd4ba2f6f078ef441921851170327\mshtmler.dll
2007-08-13 18:01 48128 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013433.dll

C:\dfafd4ba2f6f078ef441921851170327\msls31.dll
2007-08-13 18:54 156160 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013432.dll

C:\dfafd4ba2f6f078ef441921851170327\msrating.dll
2007-08-13 18:44 192000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013431.dll

C:\dfafd4ba2f6f078ef441921851170327\mstime.dll
2007-08-13 18:54 670720 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013430.dll

C:\dfafd4ba2f6f078ef441921851170327\occache.dll
2007-08-13 18:44 101376 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013429.dll

C:\dfafd4ba2f6f078ef441921851170327\pngfilt.dll
2007-08-13 18:36 44544 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013428.dll

C:\dfafd4ba2f6f078ef441921851170327\shdocvw.dll
2006-09-23 13:12 1497088 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013427.dll

C:\dfafd4ba2f6f078ef441921851170327\shlwapi.dll
2006-09-23 13:12 474112 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013426.dll

C:\dfafd4ba2f6f078ef441921851170327\spmsg.dll
2006-09-06 17:43 14048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013425.dll

C:\dfafd4ba2f6f078ef441921851170327\spuninst.exe
2006-09-06 17:43 213216 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013412.exe

C:\dfafd4ba2f6f078ef441921851170327\spupdsvc.exe
2006-09-06 17:43 22752 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013411.exe

C:\dfafd4ba2f6f078ef441921851170327\update\idndl.exe
2006-09-06 17:42 589672 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013395.exe

C:\dfafd4ba2f6f078ef441921851170327\update\iecustom.dll
2007-08-13 18:54 32960 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013398.dll

C:\dfafd4ba2f6f078ef441921851170327\update\iereseticons.exe
2007-08-13 18:52 66048 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013394.exe

C:\dfafd4ba2f6f078ef441921851170327\update\iesetup.exe
2007-08-13 18:54 1084096 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013393.exe

C:\dfafd4ba2f6f078ef441921851170327\update\legitlibm.dll
2007-02-12 16:10 635696 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013397.dll

C:\dfafd4ba2f6f078ef441921851170327\update\nlsdl.exe
2006-09-06 17:42 498016 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013392.exe

C:\dfafd4ba2f6f078ef441921851170327\update\update.exe
2006-09-06 17:43 716000 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013391.exe

C:\dfafd4ba2f6f078ef441921851170327\update\updspapi.dll
2006-09-06 17:43 371424 {CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP173\A0013396.dll

C:\dfafd4ba2f6f078ef441921851170327\update\xmllitesetup.exe
{CD53596A-5812-49DB-AF84-A
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 20:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59 126976]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 23:58 151597]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 21:19 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-30 09:10 70816]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 22:11 139264]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37 53248]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-05-30 09:10 77824]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 00:10 15872]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03 155648]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29 59072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52 557056]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 22:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40 233472]
Norton Personal Firewall.lnk - C:\Program Files\Norton Personal Firewall\nisfirst.exe [2002-11-15 12:48:14 644744]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40 16384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 16:38:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-06-01 16:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 21:43:45
ComboFix2.txt 2008-05-30 14:22:25
ComboFix3.txt 2008-04-27 00:07:41

Pre-Run: 89,606,701,056 bytes free
Post-Run: 89,592,696,832 bytes free

428 --- E O F --- 2008-05-31 08:07:19

[Rorschach112]

Ok post the F-Secure and a new HijackThis log