I realy Need help, Virtumonde and others !!

[Cyberman]

I have a dual boot system. Vista+XP64 ,it seems that the Vista system is infected by Virtumonde ,I have tried all the usual to disinfect the system. I also reinstaled Vista last week because I totaly lost my Internet connection, This was after a long chat with my isp provider and between us trying to put it right and in the end they told me to re-install but im finding myself with Virtuomonde and others again, please help.

I am also having problems with Microsoft Update, just getting error, and when run i seem to get other viruses, even after my AV found update as a virus and i thaught had fixed it.

Anyway here are the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:22, on 29/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\Windows\system32\qpcxnobu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {3ccf7b92-4c9e-0849-0e64-f8555c5dfc06} - {60cfd5c5-558f-46e0-9480-e9c429b7fcc3} - C:\Windows\system32\mtcuyaxo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\Windows\system32\bYoMCuRI.dll (file missing)
O2 - BHO: (no name) - {E793DDC8-3109-436B-9BCB-D73E3DA5190D} - C:\Windows\system32\urqpPHby.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\bYoMCuRI.dll,#1
O4 - HKLM\..\Run: [509598a4] rundll32.exe "C:\Windows\system32\veudwkge.dll",b
O4 - HKLM\..\Run: [BM53a6ab38] Rundll32.exe "C:\Windows\system32\ixtbgdol.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8167] command /c del "C:\Windows\System32\urqpPHby.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6561] cmd /c del "C:\Windows\System32\urqpPHby.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Darrell\AppData\Local\Temp\vtUMcYpq.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9305 bytes
-----------------------------------------------------------------------

-----------------------------------------------------------------------
ComboFix 08-05-28.4 - Darrell 2008-05-29 10:00:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1265 [GMT 1:00]
Running from: C:\Users\Darrell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\cookies.ini
C:\Windows\system32\eebkwwkl.dll
C:\Windows\System32\egkwduev.ini
C:\Windows\system32\eqrlusfx.dll
C:\Windows\System32\gumrouyu.ini
C:\Windows\system32\ipitdses.dll
C:\Windows\system32\ixtbgdol.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mtcuyaxo.dll
C:\Windows\system32\psbntdxk.ini
C:\Windows\system32\urqpPHby.dll
C:\Windows\system32\veudwkge.dll
C:\Windows\system32\xfjwaxao.dll
C:\Windows\system32\xfsulrqe.ini
C:\Windows\system32\xsdeqbur.dll
C:\Windows\System32\ybHPpqru.ini
C:\Windows\System32\ybHPpqru.ini2

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 09:40 . 2008-05-29 09:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 08:40 . 2008-05-29 08:40 92,160 --a------ C:\Windows\System32\qpcxnobu.dll
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 22:42 . 2008-05-28 22:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 19:29 . 2008-05-28 19:29 1,160 --a------ C:\Windows\mozver.dat
2008-05-28 08:54 . 2008-05-28 09:13 23 --a------ C:\Windows\popcinfot.dat
2008-05-28 08:37 . 2008-05-28 08:37 92,160 --a------ C:\Windows\System32\obfxrdtv.dll
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-27 21:30 . 2008-05-27 21:03 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-27 21:30 . 2008-05-27 21:03 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-27 21:18 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-27 21:18 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-27 21:17 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-27 21:17 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-27 21:17 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-27 21:13 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-27 21:11 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-27 21:05 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-27 21:03 . 2008-05-27 21:32 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-27 20:46 . 2008-05-27 20:46 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 19:46 . 2008-05-27 19:46 0 --a------ C:\Windows\nsreg.dat
2008-05-27 19:40 . 2008-05-27 19:40 <DIR> d-------- C:\Windows\Sun
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\Users\All Users\ALM
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\ProgramData\ALM
2008-05-27 17:15 . 2008-05-27 17:15 <DIR> d-------- C:\Program Files\QuickTime
2008-05-27 17:10 . 2006-09-29 06:56 28,248 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-27 17:01 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-27 17:01 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-27 16:55 . 2008-05-27 22:24 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-27 16:46 . 2008-05-27 16:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 16:29 . 2008-05-27 17:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 16:15 . 2008-05-27 16:15 <DIR> d-------- C:\Program Files\MagicISO
2008-05-27 07:19 . 2008-05-27 07:19 418,480 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-27 07:19 . 2008-05-27 07:19 115,432 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-27 06:53 . 2008-05-27 06:53 92,160 --a------ C:\Windows\System32\daoodekf.dll
2008-05-27 02:05 . 2008-05-27 02:05 <DIR> d-------- C:\Program Files\OpenAL
2008-05-27 01:52 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-27 01:52 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-27 01:52 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-27 01:41 . 2008-05-28 19:07 <DIR> d-------- C:\Program Files\Steam
2008-05-27 01:41 . 2008-05-27 23:45 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-26 20:10 . 2008-05-26 20:10 <DIR> d-------- C:\Program Files\Disney
2008-05-26 19:30 . 2008-05-29 09:14 360 --a------ C:\Windows\wininit.ini
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-26 10:52 . 2008-05-26 10:54 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-05-26 10:34 . 2008-05-26 10:34 94,208 --a------ C:\Windows\DIIUnin.exe
2008-05-26 10:34 . 2008-05-26 10:52 46,731 --a------ C:\Windows\DIIUnin.dat
2008-05-26 10:34 . 2008-05-26 10:34 2,829 --a------ C:\Windows\DIIUnin.pif
2008-05-26 09:56 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-26 09:49 . 2008-05-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 09:44 . 2008-05-26 09:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 09:39 . 2008-05-26 09:39 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-26 09:27 . 2008-05-26 09:27 <DIR> d-------- C:\Program Files\PowerISO
2008-05-26 09:16 . 2008-05-26 18:52 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\Users\All Users\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\ProgramData\Azureus
2008-05-26 09:12 . 2008-05-26 09:13 <DIR> d-------- C:\Program Files\Azureus
2008-05-26 09:01 . 2008-05-27 19:20 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\StumbleUpon
2008-05-26 09:01 . 2008-05-26 09:01 <DIR> d-------- C:\Program Files\StumbleUpon
2008-05-26 08:56 . 2008-05-26 08:57 <DIR> d-------- C:\Program Files\Java
2008-05-26 08:55 . 2008-05-26 08:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-26 01:19 . 2008-05-26 01:19 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 01:17 . 2008-05-26 01:17 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-26 01:16 . 2008-05-26 01:16 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-26 00:56 . 2008-05-26 10:18 249,856 --------- C:\Windows\Setup1.exe
2008-05-26 00:56 . 2008-05-26 10:18 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\Users\All Users\CCP
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\ProgramData\CCP
2008-05-26 00:42 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-23 09:10 . 2008-05-23 00:36 <DIR> d-------- C:\Windows\Panther
2008-05-23 08:46 . 2008-05-27 01:36 <DIR> d-------- C:\Windows.old
2008-05-23 08:12 . 2008-05-23 08:12 <DIR> d-------- C:\Windows\PCHEALTH
2008-05-23 08:12 . 2008-05-27 22:25 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-23 07:34 . 2008-05-23 07:34 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Yahoo!
2008-05-23 02:39 . 2008-05-23 07:23 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-23 02:39 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-05-23 02:39 . 2008-05-23 07:23 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-05-23 02:39 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-23 02:39 . 2008-05-23 07:23 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-05-23 02:36 . 2008-05-23 02:36 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-23 02:36 . 2008-05-23 02:36 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-23 02:36 . 2008-05-23 02:36 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-23 02:36 . 2008-05-23 02:36 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-23 02:36 . 2008-05-23 02:36 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-23 02:36 . 2008-05-23 02:36 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-23 02:36 . 2008-05-23 02:36 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-23 02:36 . 2008-05-23 02:36 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-23 02:36 . 2008-05-23 02:36 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-23 02:36 . 2008-05-23 02:36 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-23 02:34 . 2008-05-28 22:45 <DIR> d--hs---- C:\Windows\Installer
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Users\All Users\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\ProgramData\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Program Files\Symantec
2008-05-23 02:34 . 2008-05-23 07:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 02:34 . 2008-05-23 02:34 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-23 02:29 . 2008-05-23 02:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\ProgramData\NVIDIA
2008-05-23 02:17 . 2008-05-23 02:17 209,775,274 --a------ C:\Windows\MEMORY.DMP
2008-05-23 02:02 . 2008-05-23 02:02 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-23 01:51 . 2008-05-23 01:51 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-23 01:40 . 2008-05-23 01:40 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-23 01:40 . 2008-05-23 01:40 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-23 01:32 . 2008-05-23 01:32 <DIR> d-------- C:\Windows\nvidia icons
2008-05-23 01:31 . 2008-05-02 22:46 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-05-23 01:31 . 2008-05-02 22:46 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-05-23 01:31 . 2008-05-02 22:46 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-05-23 01:28 . 2008-05-23 01:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-23 01:28 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST.EXE
2008-05-23 01:22 . 2008-05-23 01:22 <DIR> d-------- C:\Windows\System32\Macromed
2008-05-23 01:21 . 2008-05-23 01:21 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-23 01:15 . 2008-05-23 01:15 92 --a------ C:\Windows\Lexstat.ini
2008-05-23 01:08 . 2008-05-23 01:18 <DIR> d-------- C:\Program Files\Lexmark 2200 Series

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 21:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-26 08:48 --------- d-----w C:\Program Files\MSBuild
2008-05-02 21:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-15 01:05 118,784 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
2008-05-29 08:40 92160 --a------ C:\Windows\system32\qpcxnobu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
C:\Windows\system32\bYoMCuRI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"MSServer"="C:\Windows\system32\bYoMCuRI.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\bYoMCuRI.dll [ ]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\509598a4]
C:\Windows\system32\eqrlusfx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM53a6ab38]
C:\Windows\system32\xfjwaxao.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\bYoMCuRI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-27 01:43 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E1D1A10-19E9-4FFB-BA7C-13915A912FD4}"= UDP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{1E9A4DF2-FD24-4F6A-94E1-C05360990646}"= TCP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{C93F7871-F726-4F5E-B1AB-9E733A271E25}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{2739C7D7-55FC-435F-9280-AF9316365F7C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{BD0C896B-5FF9-4F5C-A0EC-C1399E81534C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B981C4D2-6EC9-40E1-81E7-198137E0C6FF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{098AF498-243F-4F57-A091-0DAEC9151312}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F814303-8575-4DC6-9236-74A2D4758763}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BA523C6-C6AA-425E-922D-97673970793E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CAE0B778-4458-43C4-AEC0-ADC5C546E254}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F0C8A18-E226-44C5-B313-BA4914224178}"= UDP:3703:Adobe Version Cue CS3 Server
"{4FD8DF8B-E256-4227-9060-46134795362C}"= UDP:3704:Adobe Version Cue CS3 Server
"{0CF7C1EF-3882-4E61-99C1-03A5BCDE5EED}"= UDP:50900:Adobe Version Cue CS3 Server
"{23B6E0E6-DD46-41A1-8AFD-22083D4D36C7}"= UDP:50901:Adobe Version Cue CS3 Server
"{6E8ABFA6-0ED0-44D3-B571-458DC0CA2409}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{81C44303-E4F1-4C3A-BB92-4768224207D1}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{062EE761-22DF-413F-8892-CEE6842D19CC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080528.001\IDSvix86.sys [2008-05-13 00:27]
R2 lxbv_device;lxbv_device;C:\Windows\system32\lxbvcoms.exe [2007-04-25 13:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-27 23:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ipripsvc REG_MULTI_SZ iprip

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 19:00:33 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Darrell.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-28 22:38:24 C:\Windows\Tasks\User_Feed_Synchronization-{2DFB7FA5-F9B8-4B7A-845D-E71F24B802C6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 10:08:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\CISVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\TCPSVCS.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-05-29 10:16:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 09:16:38

Pre-Run: 90,161,430,528 bytes free
Post-Run: 90,421,112,832 bytes free

[Rorschach112]

You shouldn't run these tools unless a helper tells you to


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\qpcxnobu.dll
C:\Windows\System32\obfxrdtv.dll
J:\SETUP.EXE
C:\Windows\system32\eqrlusfx.dll
C:\Windows\system32\xfjwaxao.dll
C:\Windows\system32\bYoMCuRI.dll

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\509598a4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM53a6ab38]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log

[Cyberman]

ComboFix 08-05-28.4 - Darrell 2008-05-29 15:31:44.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1306 [GMT 1:00]
Running from: C:\Users\Darrell\Desktop\ComboFix.exe
Command switches used :: C:\Users\Darrell\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\system32\bYoMCuRI.dll
C:\Windows\system32\eqrlusfx.dll
C:\Windows\System32\obfxrdtv.dll
C:\Windows\System32\qpcxnobu.dll
C:\Windows\system32\xfjwaxao.dll
J:\SETUP.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\obfxrdtv.dll
C:\Windows\System32\qpcxnobu.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 14:07 . 2008-05-29 14:07 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-29 14:07 . 2008-05-29 14:07 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-29 14:07 . 2008-05-29 14:07 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-29 10:19 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 10:19 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-29 09:40 . 2008-05-29 09:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 22:42 . 2008-05-28 22:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 19:29 . 2008-05-28 19:29 1,160 --a------ C:\Windows\mozver.dat
2008-05-28 08:54 . 2008-05-28 09:13 23 --a------ C:\Windows\popcinfot.dat
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-27 21:30 . 2008-05-27 21:03 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-27 21:30 . 2008-05-27 21:03 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-27 21:18 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-27 21:18 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-27 21:17 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-27 21:17 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-27 21:17 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-27 21:13 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-27 21:11 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-27 21:05 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-27 21:03 . 2008-05-27 21:32 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-27 20:46 . 2008-05-27 20:46 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 19:46 . 2008-05-27 19:46 0 --a------ C:\Windows\nsreg.dat
2008-05-27 19:40 . 2008-05-27 19:40 <DIR> d-------- C:\Windows\Sun
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\Users\All Users\ALM
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\ProgramData\ALM
2008-05-27 17:15 . 2008-05-27 17:15 <DIR> d-------- C:\Program Files\QuickTime
2008-05-27 17:10 . 2006-09-29 06:56 28,248 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-27 17:01 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-27 17:01 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-27 16:55 . 2008-05-27 22:24 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-27 16:46 . 2008-05-27 16:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 16:29 . 2008-05-27 17:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 16:15 . 2008-05-27 16:15 <DIR> d-------- C:\Program Files\MagicISO
2008-05-27 07:19 . 2008-05-27 07:19 418,480 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-27 07:19 . 2008-05-27 07:19 115,432 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-27 06:53 . 2008-05-27 06:53 92,160 --a------ C:\Windows\System32\daoodekf.dll
2008-05-27 02:05 . 2008-05-27 02:05 <DIR> d-------- C:\Program Files\OpenAL
2008-05-27 01:52 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-27 01:52 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-27 01:52 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-27 01:41 . 2008-05-28 19:07 <DIR> d-------- C:\Program Files\Steam
2008-05-27 01:41 . 2008-05-27 23:45 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-26 20:10 . 2008-05-26 20:10 <DIR> d-------- C:\Program Files\Disney
2008-05-26 19:30 . 2008-05-29 09:14 360 --a------ C:\Windows\wininit.ini
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-26 10:52 . 2008-05-26 10:54 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-05-26 10:34 . 2008-05-26 10:34 94,208 --a------ C:\Windows\DIIUnin.exe
2008-05-26 10:34 . 2008-05-26 10:52 46,731 --a------ C:\Windows\DIIUnin.dat
2008-05-26 10:34 . 2008-05-26 10:34 2,829 --a------ C:\Windows\DIIUnin.pif
2008-05-26 09:56 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-26 09:49 . 2008-05-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 09:44 . 2008-05-26 09:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 09:39 . 2008-05-26 09:39 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-26 09:27 . 2008-05-26 09:27 <DIR> d-------- C:\Program Files\PowerISO
2008-05-26 09:16 . 2008-05-26 18:52 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\Users\All Users\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\ProgramData\Azureus
2008-05-26 09:12 . 2008-05-26 09:13 <DIR> d-------- C:\Program Files\Azureus
2008-05-26 09:01 . 2008-05-27 19:20 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\StumbleUpon
2008-05-26 09:01 . 2008-05-26 09:01 <DIR> d-------- C:\Program Files\StumbleUpon
2008-05-26 08:56 . 2008-05-26 08:57 <DIR> d-------- C:\Program Files\Java
2008-05-26 08:55 . 2008-05-26 08:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-26 01:19 . 2008-05-26 01:19 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 01:17 . 2008-05-26 01:17 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-26 01:16 . 2008-05-26 01:16 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-26 00:56 . 2008-05-26 10:18 249,856 --------- C:\Windows\Setup1.exe
2008-05-26 00:56 . 2008-05-26 10:18 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\Users\All Users\CCP
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\ProgramData\CCP
2008-05-26 00:42 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-23 09:10 . 2008-05-23 00:36 <DIR> d-------- C:\Windows\Panther
2008-05-23 08:46 . 2008-05-27 01:36 <DIR> d-------- C:\Windows.old
2008-05-23 08:12 . 2008-05-23 08:12 <DIR> d-------- C:\Windows\PCHEALTH
2008-05-23 08:12 . 2008-05-27 22:25 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-23 07:34 . 2008-05-23 07:34 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Yahoo!
2008-05-23 02:39 . 2008-05-23 07:23 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-23 02:39 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-05-23 02:39 . 2008-05-23 07:23 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-05-23 02:39 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-23 02:39 . 2008-05-23 07:23 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-05-23 02:36 . 2008-05-23 02:36 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-23 02:36 . 2008-05-23 02:36 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-23 02:36 . 2008-05-23 02:36 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-23 02:36 . 2008-05-23 02:36 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-23 02:36 . 2008-05-23 02:36 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-23 02:36 . 2008-05-23 02:36 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-23 02:36 . 2008-05-23 02:36 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-23 02:36 . 2008-05-23 02:36 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-23 02:36 . 2008-05-23 02:36 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-23 02:36 . 2008-05-23 02:36 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-23 02:34 . 2008-05-28 22:45 <DIR> d--hs---- C:\Windows\Installer
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Users\All Users\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\ProgramData\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Program Files\Symantec
2008-05-23 02:34 . 2008-05-23 07:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 02:34 . 2008-05-23 02:34 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-23 02:29 . 2008-05-23 02:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\ProgramData\NVIDIA
2008-05-23 02:17 . 2008-05-23 02:17 209,775,274 --a------ C:\Windows\MEMORY.DMP
2008-05-23 02:02 . 2008-05-23 02:02 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-23 01:51 . 2008-05-23 01:51 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-23 01:40 . 2008-05-23 01:40 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-23 01:40 . 2008-05-23 01:40 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-23 01:32 . 2008-05-23 01:32 <DIR> d-------- C:\Windows\nvidia icons
2008-05-23 01:31 . 2008-05-02 22:46 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-05-23 01:31 . 2008-05-02 22:46 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-05-23 01:31 . 2008-05-02 22:46 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-05-23 01:28 . 2008-05-23 01:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-23 01:28 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST.EXE
2008-05-23 01:22 . 2008-05-23 01:22 <DIR> d-------- C:\Windows\System32\Macromed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 21:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-27 20:37 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 20:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-26 08:48 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:05 118,784 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-29_10.16.11.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 09:07:55 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 12:59:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 12:59:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-29 12:59:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 09:08:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 12:59:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 12:59:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 09:08:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 13:00:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-29 08:59:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-29 13:04:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-29 08:59:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-29 13:04:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-29 08:59:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-29 13:04:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-05-24 11:27:16 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-29 08:53:32 107,562 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-29 13:05:43 107,562 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-29 08:53:33 605,356 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-29 13:05:43 605,356 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-27 21:38:52 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-29 12:04:34 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-29 09:09:57 4,916 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3313625179-591908016-612387455-1000_UserData.bin
+ 2008-05-29 13:01:08 4,940 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3313625179-591908016-612387455-1000_UserData.bin
- 2008-05-29 09:09:57 51,744 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 13:01:08 51,776 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 08:49:08 26,686 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 13:01:05 27,116 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-27 21:11:22 102,905,213 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-29 09:18:59 103,342,135 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
C:\Windows\system32\bYoMCuRI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"MSServer"="C:\Windows\system32\bYoMCuRI.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\bYoMCuRI.dll [ ]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-27 01:43 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E1D1A10-19E9-4FFB-BA7C-13915A912FD4}"= UDP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{1E9A4DF2-FD24-4F6A-94E1-C05360990646}"= TCP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{C93F7871-F726-4F5E-B1AB-9E733A271E25}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{2739C7D7-55FC-435F-9280-AF9316365F7C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{BD0C896B-5FF9-4F5C-A0EC-C1399E81534C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B981C4D2-6EC9-40E1-81E7-198137E0C6FF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{098AF498-243F-4F57-A091-0DAEC9151312}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F814303-8575-4DC6-9236-74A2D4758763}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BA523C6-C6AA-425E-922D-97673970793E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CAE0B778-4458-43C4-AEC0-ADC5C546E254}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F0C8A18-E226-44C5-B313-BA4914224178}"= UDP:3703:Adobe Version Cue CS3 Server
"{4FD8DF8B-E256-4227-9060-46134795362C}"= UDP:3704:Adobe Version Cue CS3 Server
"{0CF7C1EF-3882-4E61-99C1-03A5BCDE5EED}"= UDP:50900:Adobe Version Cue CS3 Server
"{23B6E0E6-DD46-41A1-8AFD-22083D4D36C7}"= UDP:50901:Adobe Version Cue CS3 Server
"{6E8ABFA6-0ED0-44D3-B571-458DC0CA2409}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{81C44303-E4F1-4C3A-BB92-4768224207D1}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{062EE761-22DF-413F-8892-CEE6842D19CC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080528.001\IDSvix86.sys [2008-05-13 00:27]
R2 lxbv_device;lxbv_device;C:\Windows\system32\lxbvcoms.exe [2007-04-25 13:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-27 23:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ipripsvc REG_MULTI_SZ iprip

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 19:00:33 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Darrell.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-28 22:38:24 C:\Windows\Tasks\User_Feed_Synchronization-{2DFB7FA5-F9B8-4B7A-845D-E71F24B802C6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 15:37:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

ÛáfsÝòpä´òp [-1989744043] 0x8BE8458B
ÛáfsÝòpä´òp [-1989744043] 0x83E0458D
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 15:40:54
ComboFix-quarantined-files.txt 2008-05-29 14:40:37
ComboFix2.txt 2008-05-29 09:16:54

Pre-Run: 90,536,923,136 bytes free
Post-Run: 90,511,097,856 bytes free

352 --- E O F --- 2008-05-29 14:06:12

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:57, on 29/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\Windows\system32\bYoMCuRI.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\bYoMCuRI.dll,#1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8558 bytes

[Cyberman]

Here are the logs you requested above.

[Rorschach112]

Hello


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\Windows\system32\bYoMCuRI.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\bYoMCuRI.dll,#1


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=-

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Reboot and post a new HijackThis log and tell me how your PC is running

[Cyberman]

Everything seems ok ,Im still worried to run Windows update though...

Here are the logs recieved from above instructions in order.

ComboFix 08-05-28.4 - Darrell 2008-05-29 17:06:13.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1089 [GMT 1:00]
Running from: C:\Users\Darrell\Desktop\ComboFix.exe
Command switches used :: C:\Users\Darrell\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 16:54 . 2008-05-29 16:56 <DIR> d-------- C:\Program Files\Lx_cats
2008-05-29 16:54 . 2005-12-12 06:06 983,121 --a------ C:\Windows\System32\tmp6B8D.tmp
2008-05-29 16:54 . 2007-02-22 01:42 446,464 --a------ C:\Windows\System32\tmp7311.tmp
2008-05-29 16:54 . 2006-12-20 18:01 421,888 --a------ C:\Windows\System32\tmp6978.tmp
2008-05-29 16:54 . 2007-02-22 01:48 131,072 --a------ C:\Windows\System32\tmp6E5C.tmp
2008-05-29 16:53 . 2008-05-29 16:53 <DIR> d-------- C:\Windows\LastGood
2008-05-29 16:52 . 2008-05-29 16:55 <DIR> d-------- C:\Program Files\Lexmark 730 Series
2008-05-29 14:07 . 2008-05-29 14:07 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-29 14:07 . 2008-05-29 14:07 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-29 14:07 . 2008-05-29 14:07 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-29 10:19 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 10:19 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-29 09:40 . 2008-05-29 09:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 22:44 . 2008-05-28 22:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 22:42 . 2008-05-28 22:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 19:29 . 2008-05-28 19:29 1,160 --a------ C:\Windows\mozver.dat
2008-05-28 08:54 . 2008-05-28 09:13 23 --a------ C:\Windows\popcinfot.dat
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-27 22:25 . 2008-05-27 22:25 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-27 21:30 . 2008-05-27 21:03 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-27 21:30 . 2008-05-27 21:03 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-27 21:18 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-27 21:18 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-27 21:17 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-27 21:17 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-27 21:17 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-27 21:13 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-27 21:11 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-27 21:05 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-27 21:03 . 2008-05-27 21:32 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-27 20:46 . 2008-05-27 20:46 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-27 19:46 . 2008-05-27 19:46 0 --a------ C:\Windows\nsreg.dat
2008-05-27 19:40 . 2008-05-27 19:40 <DIR> d-------- C:\Windows\Sun
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\Users\All Users\ALM
2008-05-27 17:38 . 2008-05-27 17:38 <DIR> d-------- C:\ProgramData\ALM
2008-05-27 17:15 . 2008-05-27 17:15 <DIR> d-------- C:\Program Files\QuickTime
2008-05-27 17:10 . 2006-09-29 06:56 28,248 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-27 17:01 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-27 17:01 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-27 16:55 . 2008-05-27 22:24 <DIR> d-------- C:\Users\All Users\Adobe
2008-05-27 16:46 . 2008-05-27 16:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-27 16:32 . 2008-05-27 16:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 16:29 . 2008-05-27 17:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-27 16:15 . 2008-05-27 16:15 <DIR> d-------- C:\Program Files\MagicISO
2008-05-27 07:19 . 2008-05-27 07:19 418,480 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-27 07:19 . 2008-05-27 07:19 115,432 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-27 06:53 . 2008-05-27 06:53 92,160 --a------ C:\Windows\System32\daoodekf.dll
2008-05-27 02:05 . 2008-05-27 02:05 <DIR> d-------- C:\Program Files\OpenAL
2008-05-27 01:52 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-05-27 01:52 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-05-27 01:52 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-05-27 01:41 . 2008-05-28 19:07 <DIR> d-------- C:\Program Files\Steam
2008-05-27 01:41 . 2008-05-27 23:45 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-26 20:10 . 2008-05-26 20:10 <DIR> d-------- C:\Program Files\Disney
2008-05-26 19:30 . 2008-05-29 09:14 360 --a------ C:\Windows\wininit.ini
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:44 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-26 19:04 . 2008-05-26 19:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-26 12:46 . 2008-05-26 12:46 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-26 10:52 . 2008-05-26 10:54 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-05-26 10:34 . 2008-05-26 10:34 94,208 --a------ C:\Windows\DIIUnin.exe
2008-05-26 10:34 . 2008-05-26 10:52 46,731 --a------ C:\Windows\DIIUnin.dat
2008-05-26 10:34 . 2008-05-26 10:34 2,829 --a------ C:\Windows\DIIUnin.pif
2008-05-26 09:56 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-26 09:49 . 2008-05-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 09:44 . 2008-05-26 09:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 09:39 . 2008-05-26 09:39 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-05-26 09:36 . 2008-05-26 09:58 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-05-26 09:27 . 2008-05-26 09:27 <DIR> d-------- C:\Program Files\PowerISO
2008-05-26 09:16 . 2008-05-26 18:52 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\Users\All Users\Azureus
2008-05-26 09:16 . 2008-05-26 09:16 <DIR> d-------- C:\ProgramData\Azureus
2008-05-26 09:12 . 2008-05-26 09:13 <DIR> d-------- C:\Program Files\Azureus
2008-05-26 09:01 . 2008-05-27 19:20 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\StumbleUpon
2008-05-26 09:01 . 2008-05-26 09:01 <DIR> d-------- C:\Program Files\StumbleUpon
2008-05-26 08:56 . 2008-05-26 08:57 <DIR> d-------- C:\Program Files\Java
2008-05-26 08:55 . 2008-05-26 08:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-26 01:19 . 2008-05-26 01:19 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-05-26 01:17 . 2008-05-26 01:17 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-26 01:16 . 2008-05-26 01:16 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-26 00:56 . 2008-05-26 10:18 249,856 --------- C:\Windows\Setup1.exe
2008-05-26 00:56 . 2008-05-26 10:18 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\Users\All Users\CCP
2008-05-26 00:42 . 2008-05-26 00:42 <DIR> d-------- C:\ProgramData\CCP
2008-05-26 00:42 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-23 09:10 . 2008-05-23 00:36 <DIR> d-------- C:\Windows\Panther
2008-05-23 08:46 . 2008-05-27 01:36 <DIR> d-------- C:\Windows.old
2008-05-23 08:12 . 2008-05-23 08:12 <DIR> d-------- C:\Windows\PCHEALTH
2008-05-23 08:12 . 2008-05-27 22:25 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-23 07:34 . 2008-05-23 07:34 <DIR> d-------- C:\Users\Darrell\AppData\Roaming\Yahoo!
2008-05-23 02:39 . 2008-05-23 07:23 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-23 02:39 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-05-23 02:39 . 2008-05-23 07:23 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-05-23 02:39 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-23 02:39 . 2008-05-23 07:23 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-05-23 02:36 . 2008-05-23 02:36 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-23 02:36 . 2008-05-23 02:36 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-23 02:36 . 2008-05-23 02:36 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-23 02:36 . 2008-05-23 02:36 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-23 02:36 . 2008-05-23 02:36 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-23 02:36 . 2008-05-23 02:36 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-23 02:36 . 2008-05-23 02:36 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-23 02:36 . 2008-05-23 02:36 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-23 02:36 . 2008-05-23 02:36 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-23 02:36 . 2008-05-23 02:36 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-23 02:34 . 2008-05-28 22:45 <DIR> d--hs---- C:\Windows\Installer
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Users\All Users\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\ProgramData\Symantec
2008-05-23 02:34 . 2008-05-27 01:52 <DIR> d-------- C:\Program Files\Symantec
2008-05-23 02:34 . 2008-05-23 07:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-23 02:34 . 2008-05-23 02:34 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-23 02:33 . 2008-05-23 07:14 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-23 02:29 . 2008-05-23 02:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-05-23 02:21 . 2008-05-23 02:21 <DIR> d-------- C:\ProgramData\NVIDIA
2008-05-23 02:17 . 2008-05-23 02:17 209,775,274 --a------ C:\Windows\MEMORY.DMP
2008-05-23 02:02 . 2008-05-23 02:02 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-23 01:51 . 2008-05-23 01:51 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-23 01:40 . 2008-05-23 01:40 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-23 01:40 . 2008-05-23 01:40 826,880 --a------ C:\Windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 21:20 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 21:08 --------- d-----w C:\Program Files\Windows Calendar
2008-05-27 20:37 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 20:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-26 08:48 --------- d-----w C:\Program Files\MSBuild
2008-04-15 01:05 118,784 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-29_15.40.17.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 21:17:01 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-05-29 15:53:23 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-05-27 21:17:01 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-05-29 15:53:16 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-05-27 21:17:01 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-05-29 15:53:23 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-05-29 12:59:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 15:54:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 15:54:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 13:00:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 15:54:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-29 13:04:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-29 15:44:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-29 13:04:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-29 15:44:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-29 13:04:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-29 15:44:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-12-12 05:06:04 343,086 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\common\english\wavs.exe
+ 2006-04-27 02:37:24 159,744 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\common\lxcfsk0.dll
+ 2005-12-12 05:06:14 204,800 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\common\lxcfsk1.dll
+ 2005-12-12 05:06:16 245,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\common\lxcfsk2.dll
+ 2007-02-22 00:49:22 36,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcfcur.dll
+ 2007-02-22 00:49:30 106,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcfinsr.dll
+ 2007-02-22 00:48:48 131,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcfjswr.dll
+ 2007-02-22 00:48:56 212,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcflpar.dll
+ 2007-02-22 00:49:14 110,592 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcfprpr.dll
+ 2007-02-22 00:49:04 98,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcfpswr.dll
+ 2007-02-22 00:49:38 90,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\english\lxcfupdr.dll
+ 2005-04-27 09:06:34 430,080 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lexedf.dll
+ 2007-01-23 21:48:26 106,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfasnc.dll
+ 2007-01-22 02:19:52 69,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcfg.dll
+ 2007-01-22 08:49:34 344,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcoin.dll
+ 2006-12-20 16:54:54 684,032 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcomc.dll
+ 2006-12-20 17:01:04 421,888 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcomm.dll
+ 2007-02-23 11:27:50 537,520 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcoms.exe
+ 2007-01-23 21:42:56 385,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcomx.dll
+ 2007-02-22 00:44:08 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcu.dll
+ 2007-02-22 00:44:20 86,016 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfcub.dll
+ 2007-01-30 05:22:24 160,768 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfdr5c.dll
+ 2005-12-13 14:52:00 122,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfdrec.dll
+ 2006-08-03 15:59:08 114,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfflib.dll
+ 2005-12-12 05:06:14 983,121 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfgf.dll
+ 2006-08-03 15:59:10 479,232 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfhpec.dll
+ 2006-08-03 15:59:12 573,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfhpeh.dll
+ 2006-08-03 15:59:12 147,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfhpep.dll
+ 2006-12-20 16:58:02 397,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfiesc.dll
+ 2007-02-23 11:27:54 385,968 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfih.exe
+ 2006-12-20 16:47:32 413,696 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfinpa.dll
+ 2007-02-22 00:44:04 155,648 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfins.dll
+ 2007-02-22 00:44:28 200,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfinsb.dll
+ 2007-02-22 00:42:38 114,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfjsw.dll
+ 2007-02-22 00:44:38 466,944 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfjswb.dll
+ 2007-02-23 11:28:06 213,936 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfjswx.exe
+ 2006-12-20 16:59:24 585,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcflmpm.dll
+ 2007-02-22 00:43:56 1,126,400 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcflpa.dll
+ 2007-02-22 00:44:56 4,939,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcflpab.dll
+ 2007-01-30 05:22:48 118,272 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfpp5c.dll
+ 2006-12-20 16:55:40 94,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfpplc.dll
+ 2007-01-23 21:43:08 344,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfppx.dll
+ 2006-12-20 16:54:20 163,840 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfprox.dll
+ 2007-02-22 00:43:44 749,568 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfprp.dll
+ 2007-02-22 00:45:22 3,473,408 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfprpb.dll
+ 2007-02-22 00:42:44 393,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfpsw.dll
+ 2007-02-22 00:45:32 860,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfpswb.dll
+ 2007-02-23 11:28:04 189,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfpswx.exe
+ 2005-09-14 08:39:02 282,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfretv.dll
+ 2006-12-20 17:06:58 1,224,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfserv.dll
+ 2007-02-23 11:27:24 62,384 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfserv.exe
+ 2005-09-14 08:39:10 73,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcftime.dll
+ 2007-02-23 11:27:42 58,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcftime.exe
+ 2005-12-13 15:19:00 180,224 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcftsfw.dll
+ 2007-01-30 05:23:38 119,296 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfui5c.dll
+ 2005-09-14 08:39:18 303,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfuldr.dll
+ 2007-02-22 00:44:12 65,536 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfupd.dll
+ 2007-02-22 00:45:38 126,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfupdb.dll
+ 2007-02-23 11:27:36 58,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfupld.exe
+ 2006-12-20 16:46:50 991,232 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfusb1.dll
+ 2007-02-22 00:42:22 446,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfutil.dll
+ 2007-02-23 11:27:30 58,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfview.exe
+ 2005-08-18 05:26:46 40,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\lxcfprc.inf_042bd70d\i386\lxcfvs.dll
+ 2007-01-22 02:19:52 69,632 ----a-w C:\Windows\System32\lxcfcfg.dll
+ 2007-02-23 11:27:46 381,872 ----a-w C:\Windows\System32\lxcfcfg.exe
+ 2007-01-22 08:49:34 344,064 ----a-w C:\Windows\System32\lxcfcoin.dll
+ 2006-12-20 16:54:54 684,032 ----a-w C:\Windows\System32\lxcfcomc.dll
+ 2006-12-20 17:01:04 421,888 ----a-w C:\Windows\System32\lxcfcomm.dll
+ 2007-02-23 11:27:50 537,520 ----a-w C:\Windows\System32\lxcfcoms.exe
+ 2007-02-22 00:44:08 73,728 ----a-w C:\Windows\System32\lxcfcu.dll
+ 2007-02-22 00:44:20 86,016 ----a-w C:\Windows\System32\lxcfcub.dll
+ 2007-02-22 00:49:22 36,864 ----a-w C:\Windows\System32\lxcfcur.dll
+ 2005-12-12 05:06:14 983,121 ----a-w C:\Windows\System32\lxcfgf.dll
+ 2006-12-20 16:42:36 696,320 ----a-w C:\Windows\System32\lxcfhbn3.dll
+ 2006-12-20 16:43:28 323,584 ----a-w C:\Windows\System32\lxcfhcp.dll
+ 2006-12-20 16:58:02 397,312 ----a-w C:\Windows\System32\lxcfiesc.dll
+ 2007-02-23 11:27:54 385,968 ----a-w C:\Windows\System32\lxcfih.exe
+ 2006-12-20 16:47:32 413,696 ----a-w C:\Windows\System32\lxcfinpa.dll
+ 2007-02-22 00:44:04 155,648 ----a-w C:\Windows\System32\lxcfins.dll
+ 2007-02-22 00:44:28 200,704 ----a-w C:\Windows\System32\lxcfinsb.dll
+ 2007-02-22 00:49:30 106,496 ----a-w C:\Windows\System32\lxcfinsr.dll
+ 2006-12-20 16:58:24 274,432 ----a-w C:\Windows\System32\lxcfinst.dll
+ 2007-02-22 00:48:48 131,072 ----a-w C:\Windows\System32\lxcfjswr.dll
+ 2006-12-20 16:59:24 585,728 ----a-w C:\Windows\System32\lxcflmpm.dll
+ 2006-12-20 17:08:24 643,072 ----a-w C:\Windows\System32\lxcfpmui.dll
+ 2006-12-20 16:55:40 94,208 ----a-w C:\Windows\System32\lxcfpplc.dll
+ 2006-12-20 16:54:20 163,840 ----a-w C:\Windows\System32\lxcfprox.dll
+ 2006-12-20 17:06:58 1,224,704 ----a-w C:\Windows\System32\lxcfserv.dll
+ 2006-12-20 16:46:50 991,232 ----a-w C:\Windows\System32\lxcfusb1.dll
+ 2007-02-22 00:42:22 446,464 ----a-w C:\Windows\System32\lxcfutil.dll
+ 2005-08-18 05:26:46 40,960 ----a-w C:\Windows\System32\lxcfvs.dll
+ 2007-01-23 21:48:26 106,496 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfasnc.dll
+ 2007-01-22 02:19:52 69,632 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfcfg.dll
+ 2007-01-23 21:42:56 385,024 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfcomx.dll
+ 2007-02-22 00:44:08 73,728 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfcu.dll
+ 2007-02-22 00:44:20 86,016 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfcub.dll
+ 2007-02-22 00:49:22 36,864 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfcur.dll
+ 2007-01-30 05:22:24 160,768 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfdr5c.dll
+ 2005-12-13 14:52:00 122,880 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfdrec.dll
+ 2006-08-03 15:59:08 114,688 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfflib.dll
+ 2005-12-12 05:06:14 983,121 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfgf.dll
+ 2006-08-03 15:59:10 479,232 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfhpec.dll
+ 2006-08-03 15:59:12 573,440 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfhpeh.dll
+ 2006-08-03 15:59:12 147,456 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfhpep.dll
+ 2007-02-22 00:44:04 155,648 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfins.dll
+ 2007-02-22 00:44:28 200,704 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfinsb.dll
+ 2007-02-22 00:49:30 106,496 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfinsr.dll
+ 2007-02-22 00:42:38 114,688 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfjsw.dll
+ 2007-02-22 00:44:38 466,944 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfjswb.dll
+ 2007-02-22 00:48:48 131,072 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfjswr.dll
+ 2007-02-23 11:28:06 213,936 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfjswx.exe
+ 2007-02-22 00:43:56 1,126,400 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcflpa.dll
+ 2007-02-22 00:44:56 4,939,776 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcflpab.dll
+ 2007-02-22 00:48:56 212,992 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcflpar.dll
+ 2007-01-23 21:43:08 344,064 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfppx.dll
+ 2007-02-22 00:43:44 749,568 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfprp.dll
+ 2007-02-22 00:45:22 3,473,408 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfprpb.dll
+ 2007-02-22 00:49:14 110,592 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfprpr.dll
+ 2007-02-22 00:42:44 393,216 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfpsw.dll
+ 2007-02-22 00:45:32 860,160 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswb.dll
+ 2007-02-22 00:49:04 98,304 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswr.dll
+ 2007-02-23 11:28:04 189,360 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe
+ 2005-09-14 08:39:02 282,624 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfretv.dll
+ 2007-02-23 11:27:24 62,384 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfserv.exe
+ 2006-04-27 02:37:24 159,744 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfsk0.dll
+ 2005-12-12 05:06:14 204,800 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfsk1.dll
+ 2005-12-12 05:06:16 245,760 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfsk2.dll
+ 2005-09-14 08:39:10 73,728 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcftime.dll
+ 2007-02-23 11:27:42 58,288 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcftime.exe
+ 2005-12-13 15:19:00 180,224 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcftsfw.dll
+ 2007-01-30 05:23:38 119,296 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfui5c.dll
+ 2005-09-14 08:39:18 303,104 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfuldr.dll
+ 2007-02-22 00:44:12 65,536 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfupd.dll
+ 2007-02-22 00:45:38 126,976 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfupdb.dll
+ 2007-02-22 00:49:38 90,112 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfupdr.dll
+ 2007-02-23 11:27:36 58,288 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfupld.exe
+ 2007-02-22 00:42:22 446,464 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfutil.dll
+ 2007-02-23 11:27:30 58,288 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\lxcfview.exe
+ 2007-01-30 05:22:48 118,272 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\lxcfpp5c.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"LXCFCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 09:39 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-27 01:43 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E1D1A10-19E9-4FFB-BA7C-13915A912FD4}"= UDP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{1E9A4DF2-FD24-4F6A-94E1-C05360990646}"= TCP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{C93F7871-F726-4F5E-B1AB-9E733A271E25}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{2739C7D7-55FC-435F-9280-AF9316365F7C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbvpswx.exe:Printer Status Window
"{BD0C896B-5FF9-4F5C-A0EC-C1399E81534C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B981C4D2-6EC9-40E1-81E7-198137E0C6FF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{098AF498-243F-4F57-A091-0DAEC9151312}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1F814303-8575-4DC6-9236-74A2D4758763}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BA523C6-C6AA-425E-922D-97673970793E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CAE0B778-4458-43C4-AEC0-ADC5C546E254}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F0C8A18-E226-44C5-B313-BA4914224178}"= UDP:3703:Adobe Version Cue CS3 Server
"{4FD8DF8B-E256-4227-9060-46134795362C}"= UDP:3704:Adobe Version Cue CS3 Server
"{0CF7C1EF-3882-4E61-99C1-03A5BCDE5EED}"= UDP:50900:Adobe Version Cue CS3 Server
"{23B6E0E6-DD46-41A1-8AFD-22083D4D36C7}"= UDP:50901:Adobe Version Cue CS3 Server
"{6E8ABFA6-0ED0-44D3-B571-458DC0CA2409}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{81C44303-E4F1-4C3A-BB92-4768224207D1}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{062EE761-22DF-413F-8892-CEE6842D19CC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8BED11CA-C6BB-49DE-8F03-CCCA54909EC0}"= Disabled:UDP:135:TCP Port 135
"{9100D4FC-C296-4940-92CC-5FCB1FB57689}"= Disabled:UDP:5000:TCP Port 5000
"{D66E1284-9B27-4377-A1FD-DD9203719991}"= Disabled:UDP:5001:TCP Port 5001
"{07A749D7-3527-4710-B086-98704277DC2C}"= Disabled:UDP:5002:TCP Port 5002
"{7C030E48-257A-4DFC-BC34-3B92713607AA}"= Disabled:UDP:5003:TCP Port 5003
"{4772808C-30C2-4BFA-A970-8473BB96A269}"= Disabled:UDP:5004:TCP Port 5004
"{BC5CB42E-1639-4F88-9936-A45F2B361F7C}"= Disabled:UDP:5005:TCP Port 5005
"{428C930E-0E42-497F-947C-7A70B76817CC}"= Disabled:UDP:5006:TCP Port 5006
"{0EC73E94-017C-46C8-9656-3AB259AB000A}"= Disabled:UDP:5007:TCP Port 5007
"{2599AD56-1B06-4A08-8C03-6F6FE0EBF294}"= Disabled:UDP:5008:TCP Port 5008
"{F7C1E9C4-7A3B-4413-A65F-981A3E24A324}"= Disabled:UDP:5009:TCP Port 5009
"{31543AAF-B1D9-47A2-8868-05E21584CCE2}"= Disabled:UDP:5010:TCP Port 5010
"{C078F1C2-FE0D-43B6-BD99-8956D2C16E89}"= Disabled:UDP:5011:TCP Port 5011
"{D8B078FB-A882-4125-A0A5-B4390DDBE986}"= Disabled:UDP:5012:TCP Port 5012
"{6430E74E-DA29-427C-8772-D2AFBE8B02A3}"= Disabled:UDP:5013:TCP Port 5013
"{425914FD-907C-4B12-96AE-9A9489E64E72}"= Disabled:UDP:5014:TCP Port 5014
"{268FD18E-12F5-4263-9CE0-46088DF03ED6}"= Disabled:UDP:5015:TCP Port 5015
"{38D4AEC1-A671-497C-9A05-1A886B01BE9D}"= Disabled:UDP:5016:TCP Port 5016
"{4D615263-491B-4685-9B7C-8D868D47D8EA}"= Disabled:UDP:5017:TCP Port 5017
"{16B15E29-1DDA-410D-B6CC-AE9535F9C0CE}"= Disabled:UDP:5018:TCP Port 5018
"{54858E75-CA12-4CAE-8FA0-82592D25240C}"= Disabled:UDP:5019:TCP Port 5019
"{85E4A9EB-26C3-484B-87BC-F9C196F7A665}"= Disabled:UDP:5020:TCP Port 5020
"{16B107BD-94A6-4C22-8C56-927DCC251DD4}"= UDP:C:\Windows\System32\lxcfcoms.exe:730 Series Server
"{520884E7-391C-4F49-9091-4D726F98AACA}"= TCP:C:\Windows\System32\lxcfcoms.exe:730 Series Server
"{FC70C0E0-79A3-46BE-8E6F-850FFAE9A7B5}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe:730 Series Printer Status
"{50245172-0837-45E3-B983-9665CD541587}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxcfpswx.exe:730 Series Printer Status

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080528.001\IDSvix86.sys [2008-05-13 00:27]
R2 lxbv_device;lxbv_device;C:\Windows\system32\lxbvcoms.exe [2007-04-25 13:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-27 23:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ipripsvc REG_MULTI_SZ iprip

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 19:00:33 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Darrell.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-28 22:38:24 C:\Windows\Tasks\User_Feed_Synchronization-{2DFB7FA5-F9B8-4B7A-845D-E71F24B802C6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 17:09:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 17:11:09
ComboFix-quarantined-files.txt 2008-05-29 16:10:17
ComboFix2.txt 2008-05-29 14:40:55
ComboFix3.txt 2008-05-29 09:16:54

Pre-Run: 88,810,721,280 bytes free
Post-Run: 88,778,665,984 bytes free

459 --- E O F --- 2008-05-29 14:06:12
------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.12
Database version: 799

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 464063
Time elapsed: 2 hour(s), 24 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{28f85800-2969-4966-8894-eda174875e71} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Windows\System32\veudwkge.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\xfjwaxao.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E80C6196-DF8D-4DD7-99E8-45EF23C283F4}\RP26\A0005102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E80C6196-DF8D-4DD7-99E8-45EF23C283F4}\RP26\A0005104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\temp\AVI Divx MPEG to DVD Convertor\AVI DivX MPEG to DVD Converter & Burner Pro\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:02, on 29/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8514 bytes

[Cyberman]

Just tested Update, everything working fine now muchos thankies

[Rorschach112]

Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\tmp6B8D.tmp
C:\Windows\System32\tmp7311.tmp
C:\Windows\System32\tmp6978.tmp
C:\Windows\System32\tmp6E5C.tmp
C:\Windows\System32\daoodekf.dll

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[Rorschach112]

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.