HijackThis log - new infection

[ZNoEvil]

I got hit with a drive-by download via Firefox 3.5 last night and in my panic ran all the anti- software I have installed: Spybot, AVG, Spysweeper. They found quite a lot of infections and I tried cleaning them all. Now when I boot into Windows I get the dialog asking me what program to use to open command.com. I then tried Safe Mode which is still working, and that's what I'm using right now.

I then came on this website, went through the instructions, and ran Hijack This. Here's the log. Thanks so much for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:36 AM, on 7/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpySweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beginnersoccer.com/WebSiteManager/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\msxitso.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msffbvqf.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDL\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDL\GrabPro.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Samsung PanelMgr] "C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\AcroRead\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3186] "cmd.exe" /c del "C:\WINDOWS\system32\UACxjgfjwyktlemplkin.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3702] "command.com" /c del "C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9702] "cmd.exe" /c del "C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1848] "command.com" /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3147] "cmd.exe" /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5" -"http://www.iwon.com/home/modules/launchGame/games/includes/blockDotGameIFrame.jhtml?categoryId=3&gameId=551&browser=FF"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8042] "command.com" /c del "C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5756] "cmd.exe" /c del "C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3335] "command.com" /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7388] "cmd.exe" /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7400] "command.com" /c del "C:\WINDOWS\system32\drivers\UACarscpxrlxbqjoepfb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1707] "cmd.exe" /c del "C:\WINDOWS\system32\drivers\UACarscpxrlxbqjoepfb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7486] "command.com" /c del "C:\WINDOWS\system32\drivers\UACarscpxrlxbqjoepfb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6783] "cmd.exe" /c del "C:\WINDOWS\system32\drivers\UACarscpxrlxbqjoepfb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1581] "command.com" /c del "C:\WINDOWS\system32\UACbbmqhrifwuvrbdwyw.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6710] "cmd.exe" /c del "C:\WINDOWS\system32\UACbbmqhrifwuvrbdwyw.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7578] "command.com" /c del "C:\WINDOWS\system32\uacinit.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6757] "cmd.exe" /c del "C:\WINDOWS\system32\uacinit.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9123] "command.com" /c del "C:\WINDOWS\system32\uacinit.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8837] "cmd.exe" /c del "C:\WINDOWS\system32\uacinit.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7019] "command.com" /c del "C:\WINDOWS\system32\UACovybhmtvpjwcpxmqs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2701] "cmd.exe" /c del "C:\WINDOWS\system32\UACovybhmtvpjwcpxmqs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3871] "command.com" /c del "C:\WINDOWS\system32\UACrsklvmphwekxidvbu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6720] "cmd.exe" /c del "C:\WINDOWS\system32\UACrsklvmphwekxidvbu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4589] "command.com" /c del "C:\WINDOWS\system32\UACtjettiqxhklvmhatm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5498] "cmd.exe" /c del "C:\WINDOWS\system32\UACtjettiqxhklvmhatm.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4862] "command.com" /c del "C:\WINDOWS\system32\UACxjgfjwyktlemplkin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8530] "cmd.exe" /c del "C:\WINDOWS\system32\UACxjgfjwyktlemplkin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5711] "command.com" /c del "C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3917] "cmd.exe" /c del "C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9116] "command.com" /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8433] "cmd.exe" /c del "C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mslnimh.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0992 -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0992 -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: Explorer.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: KeyText.lnk = C:\Program Files\KeyText\KeyText.exe
O4 - Startup: NotePro.lnk = C:\Program Files\NoteTab\NoteTab.exe
O4 - Global Startup: Mozy.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: RSIGuard.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214611352327
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\SpySweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\SpySweeper\WRConsumerService.exe

--
End of file - 11882 bytes

[ZNoEvil]

Sorry, don't mean to bump thread, but I'm wondering if I should be running Safe Mode with Networking for now, as I'm doing while waiting for help. I get a couple of errors/strange behaviors in standard mode and that was after fixing an issue with "command.com" not being properly handled.

[pskelley]

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions.

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.

I never suggest running in Safe Mode with Networking, while you may get online you have absolutely no protection. In your case, you have a rootkit infection and who knows what else. I suggest you stay offline except when troubleshooting this issue until you are clean.
Post all logs while running in Normal Mode.

If you wish to continue, we will do so like this.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
http://www.bleepingcomputer.com/forums/topic114351.html
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

When the tool is finished, it will produce a report for you. Post that report and a new HJT log

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

Thanks

[ZNoEvil]

Thanks for helping!

Here's the ComboFix log.

ComboFix 09-07-14.08 - tyl2 07/15/2009 23:34.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1599 [GMT -4:00]
Running from: c:\storage\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\Installer\4d7ee34.msi
c:\windows\Installer\95775.msp
c:\windows\Installer\95781.msp
c:\windows\Installer\9578d.msp
c:\windows\msa.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\hjgruimqfvbwxe.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\hjgruidyyjkngn.dll
c:\windows\system32\hjgruinobuptxu.dat
c:\windows\system32\hjgruitwkgneyg.dat
c:\windows\system32\hjgruiwqqttpxe.dll
c:\windows\system32\Install.txt
c:\windows\system32\mscervd.exe
c:\windows\system32\mscev.exe
c:\windows\system32\mscewny.exe
c:\windows\system32\mscfhs.exe
c:\windows\system32\mscgsx.exe
c:\windows\system32\mschu.exe
c:\windows\system32\msckd.exe
c:\windows\system32\msckit.exe
c:\windows\system32\mscklcrg.exe
c:\windows\system32\msclxe.exe
c:\windows\system32\mscmo.exe
c:\windows\system32\mscmq.exe
c:\windows\system32\mscnc.exe
c:\windows\system32\mscnihbz.exe
c:\windows\system32\mscnx.exe
c:\windows\system32\mscpy.exe
c:\windows\system32\mscqx.exe
c:\windows\system32\mscrtoud.exe
c:\windows\system32\mscslt.exe
c:\windows\system32\mscsm.exe
c:\windows\system32\mscteo.exe
c:\windows\system32\mscuwxa.exe
c:\windows\system32\mscuxtph.exe
c:\windows\system32\mscvmmf.exe
c:\windows\system32\mscvz.exe
c:\windows\system32\mscwle.exe
c:\windows\system32\mscwptw.exe
c:\windows\system32\mscxkv.exe
c:\windows\system32\mscyqr.exe
c:\windows\system32\mscyy.exe
c:\windows\system32\mscyyb.exe
c:\windows\system32\msdczp.exe
c:\windows\system32\msddjyn.exe
c:\windows\system32\msddo.exe
c:\windows\system32\msdegaj.exe
c:\windows\system32\msdehz.exe
c:\windows\system32\msden.exe
c:\windows\system32\msdeqw.exe
c:\windows\system32\msdfaa.exe
c:\windows\system32\msdfff.exe
c:\windows\system32\msdffkio.exe
c:\windows\system32\msdik.exe
c:\windows\system32\msdjhfi.exe
c:\windows\system32\msdjvvm.exe
c:\windows\system32\msdjy.exe
c:\windows\system32\msdjzz.exe
c:\windows\system32\msdkawm.exe
c:\windows\system32\msdkee.exe
c:\windows\system32\msdlnrm.exe
c:\windows\system32\msdlt.exe
c:\windows\system32\msdlvmwr.exe
c:\windows\system32\msdmplfc.exe
c:\windows\system32\msdntec.exe
c:\windows\system32\msdow.exe
c:\windows\system32\msdrfvj.exe
c:\windows\system32\msdrfy.exe
c:\windows\system32\msdrlqp.exe
c:\windows\system32\msdrmh.exe
c:\windows\system32\msdruphz.exe
c:\windows\system32\msdtccxh.exe
c:\windows\system32\msdtdjpi.exe
c:\windows\system32\msdtepb.exe
c:\windows\system32\msdud.exe
c:\windows\system32\msdvkgb.exe
c:\windows\system32\msdwhjw.exe
c:\windows\system32\msdwi.exe
c:\windows\system32\msdxay.exe
c:\windows\system32\msdxvdg.exe
c:\windows\system32\msdzrk.exe
c:\windows\system32\msecf.exe
c:\windows\system32\msefqqb.exe
c:\windows\system32\msefwfb.exe
c:\windows\system32\msefzias.exe
c:\windows\system32\msego.exe
c:\windows\system32\msehn.exe
c:\windows\system32\mseitad.exe
c:\windows\system32\msejdj.exe
c:\windows\system32\msejy.exe
c:\windows\system32\mselecxx.exe
c:\windows\system32\msemeyxl.exe
c:\windows\system32\mseoqlx.exe
c:\windows\system32\mseor.exe
c:\windows\system32\msepl.exe
c:\windows\system32\mseqmv.exe
c:\windows\system32\mserdh.exe
c:\windows\system32\msesojbz.exe
c:\windows\system32\msetop.exe
c:\windows\system32\mseuhoee.exe
c:\windows\system32\mseurjei.exe
c:\windows\system32\msevm.exe
c:\windows\system32\msevv.exe
c:\windows\system32\msewll.exe
c:\windows\system32\msexgbq.exe
c:\windows\system32\msexonp.exe
c:\windows\system32\mseyo.exe
c:\windows\system32\mseyth.exe
c:\windows\system32\msfaz.exe
c:\windows\system32\msfcdqzr.exe
c:\windows\system32\msfceitx.exe
c:\windows\system32\msfcg.exe
c:\windows\system32\msfcyxu.exe
c:\windows\system32\msfdgch.exe
c:\windows\system32\msffpdum.exe
c:\windows\system32\msfhkty.exe
c:\windows\system32\msfiqjts.exe
c:\windows\system32\msfiv.exe
c:\windows\system32\msfizpm.exe
c:\windows\system32\msfjt.exe
c:\windows\system32\msfkra.exe
c:\windows\system32\msflank.exe
c:\windows\system32\msflcqn.exe
c:\windows\system32\msflekia.exe
c:\windows\system32\msfmlj.exe
c:\windows\system32\msfnqu.exe
c:\windows\system32\msfntrqe.exe
c:\windows\system32\msfnty.exe
c:\windows\system32\msfpdr.exe
c:\windows\system32\msfqimq.exe
c:\windows\system32\msfrlq.exe
c:\windows\system32\msfrtiq.exe
c:\windows\system32\msfskh.exe
c:\windows\system32\msfstt.exe
c:\windows\system32\msftd.exe
c:\windows\system32\msftln.exe
c:\windows\system32\msfuly.exe
c:\windows\system32\msfvmzb.exe
c:\windows\system32\msfvyjr.exe
c:\windows\system32\msfweow.exe
c:\windows\system32\msfwkcey.exe
c:\windows\system32\msgadvft.exe
c:\windows\system32\msgaf.exe
c:\windows\system32\msgafls.exe
c:\windows\system32\msgct.exe
c:\windows\system32\msgcviw.exe
c:\windows\system32\msgddhp.exe
c:\windows\system32\msgdic.exe
c:\windows\system32\msgeu.exe
c:\windows\system32\msgexy.exe
c:\windows\system32\msgflfv.exe
c:\windows\system32\msghmu.exe
c:\windows\system32\msghwbz.exe
c:\windows\system32\msgief.exe
c:\windows\system32\msgimlx.exe
c:\windows\system32\msgmcsd.exe
c:\windows\system32\msgmk.exe
c:\windows\system32\msgorred.exe
c:\windows\system32\msgtsr.exe
c:\windows\system32\msgtujyx.exe
c:\windows\system32\msgty.exe
c:\windows\system32\msguril.exe
c:\windows\system32\msgurjhp.exe
c:\windows\system32\msgvcb.exe
c:\windows\system32\msgwzvz.exe
c:\windows\system32\msgxwrs.exe
c:\windows\system32\msgydwd.exe
c:\windows\system32\msgyzva.exe
c:\windows\system32\msgzb.exe
c:\windows\system32\msgzr.exe
c:\windows\system32\mshax.exe
c:\windows\system32\mshaxrct.exe
c:\windows\system32\mshazc.exe
c:\windows\system32\mshbsqk.exe
c:\windows\system32\mshbsw.exe
c:\windows\system32\mshdbkys.exe
c:\windows\system32\mshhbgcp.exe
c:\windows\system32\mshjukv.exe
c:\windows\system32\mshlhyw.exe
c:\windows\system32\mshll.exe
c:\windows\system32\mshllc.exe
c:\windows\system32\mshltucp.exe
c:\windows\system32\mshlwb.exe
c:\windows\system32\mshna.exe
c:\windows\system32\mshnxa.exe
c:\windows\system32\mshoie.exe
c:\windows\system32\mshoq.exe
c:\windows\system32\mshppn.exe
c:\windows\system32\mshpw.exe
c:\windows\system32\mshqdt.exe
c:\windows\system32\mshrd.exe
c:\windows\system32\mshrg.exe
c:\windows\system32\mshrhlpg.exe
c:\windows\system32\mshrrhql.exe
c:\windows\system32\mshrxbdr.exe
c:\windows\system32\mshrz.exe
c:\windows\system32\mshumn.exe
c:\windows\system32\mshvlky.exe
c:\windows\system32\mshvlmnx.exe
c:\windows\system32\mshvy.exe
c:\windows\system32\mshwar.exe
c:\windows\system32\mshwsi.exe
c:\windows\system32\mshxxhg.exe
c:\windows\system32\mshzwj.exe
c:\windows\system32\msibncwq.exe
c:\windows\system32\msibs.exe
c:\windows\system32\msibyhqe.exe
c:\windows\system32\msicep.exe
c:\windows\system32\msicjv.exe
c:\windows\system32\msieiw.exe
c:\windows\system32\msienpws.exe
c:\windows\system32\msife.exe
c:\windows\system32\msifs.exe
c:\windows\system32\msihhy.exe
c:\windows\system32\msihwrzj.exe
c:\windows\system32\msiiku.exe
c:\windows\system32\msiiv.exe
c:\windows\system32\msijw.exe
c:\windows\system32\msimb.exe
c:\windows\system32\msimjf.exe
c:\windows\system32\msimr.exe
c:\windows\system32\msimuf.exe
c:\windows\system32\msiolf.exe
c:\windows\system32\msiph.exe
c:\windows\system32\msisjn.exe
c:\windows\system32\msitr.exe
c:\windows\system32\msituimb.exe
c:\windows\system32\msiwqt.exe
c:\windows\system32\msiye.exe
c:\windows\system32\msjab.exe
c:\windows\system32\msjbrfg.exe
c:\windows\system32\msjcmaa.exe
c:\windows\system32\msjcxlem.exe
c:\windows\system32\msjdo.exe
c:\windows\system32\msjgsvj.exe
c:\windows\system32\msjhmtnm.exe
c:\windows\system32\msjhocbm.exe
c:\windows\system32\msjiahvz.exe
c:\windows\system32\msjiw.exe
c:\windows\system32\msjiz.exe
c:\windows\system32\msjjg.exe
c:\windows\system32\msjksia.exe
c:\windows\system32\msjljwp.exe
c:\windows\system32\msjmen.exe
c:\windows\system32\msjmfso.exe
c:\windows\system32\msjmq.exe
c:\windows\system32\msjncb.exe
c:\windows\system32\msjngtbp.exe
c:\windows\system32\msjnqne.exe
c:\windows\system32\msjnzp.exe
c:\windows\system32\msjpdgle.exe
c:\windows\system32\msjqg.exe
c:\windows\system32\msjrrh.exe
c:\windows\system32\msjurp.exe
c:\windows\system32\msjviuof.exe
c:\windows\system32\msjwfcix.exe
c:\windows\system32\msjxnnr.exe
c:\windows\system32\msjxt.exe
c:\windows\system32\msjxtb.exe
c:\windows\system32\msjzntpr.exe
c:\windows\system32\mskbnx.exe
c:\windows\system32\mskdsw.exe
c:\windows\system32\mskdvt.exe
c:\windows\system32\mskebeb.exe
c:\windows\system32\mskgu.exe
c:\windows\system32\mskibbfp.exe
c:\windows\system32\mskiukmu.exe
c:\windows\system32\mskjmz.exe
c:\windows\system32\mskjw.exe
c:\windows\system32\mskkaz.exe
c:\windows\system32\mskkvjtf.exe
c:\windows\system32\msklhu.exe
c:\windows\system32\msklm.exe
c:\windows\system32\mskmlq.exe
c:\windows\system32\mskpiwgf.exe
c:\windows\system32\mskrtsib.exe
c:\windows\system32\msktg.exe
c:\windows\system32\msktgvv.exe
c:\windows\system32\msktj.exe
c:\windows\system32\msktroa.exe
c:\windows\system32\mskugvim.exe
c:\windows\system32\mskuhpih.exe
c:\windows\system32\mskvgjxx.exe
c:\windows\system32\mskxo.exe
c:\windows\system32\mskxwpe.exe
c:\windows\system32\mskyi.exe
c:\windows\system32\mslduetq.exe
c:\windows\system32\msldye.exe
c:\windows\system32\mslepz.exe
c:\windows\system32\mslfyo.exe
c:\windows\system32\mslgy.exe
c:\windows\system32\msliixgv.exe
c:\windows\system32\msliweg.exe
c:\windows\system32\msljjcb.exe
c:\windows\system32\msljmwa.exe
c:\windows\system32\msljn.exe
c:\windows\system32\mslkb.exe
c:\windows\system32\mslkr.exe
c:\windows\system32\mslljcfw.exe
c:\windows\system32\msllmykf.exe
c:\windows\system32\mslnimh.exe
c:\windows\system32\mslnis.exe
c:\windows\system32\mslnrje.exe
c:\windows\system32\mslrcm.exe
c:\windows\system32\mslsm.exe
c:\windows\system32\mslszbqf.exe
c:\windows\system32\msltdnmg.exe
c:\windows\system32\msltub.exe
c:\windows\system32\msltwdko.exe
c:\windows\system32\msluqn.exe
c:\windows\system32\mslvi.exe
c:\windows\system32\mslwam.exe
c:\windows\system32\mslymo.exe
c:\windows\system32\mslzaz.exe
c:\windows\system32\mslzxzcd.exe
c:\windows\system32\msmafn.exe
c:\windows\system32\msmainko.exe
c:\windows\system32\msmall.exe
c:\windows\system32\msmbz.exe
c:\windows\system32\msmcoj.exe
c:\windows\system32\msmdpgxv.exe
c:\windows\system32\msmebiro.exe
c:\windows\system32\msmejhh.exe
c:\windows\system32\msmejom.exe
c:\windows\system32\msmey.exe
c:\windows\system32\msmfh.exe
c:\windows\system32\msmgab.exe
c:\windows\system32\msmhqp.exe
c:\windows\system32\msmiltqu.exe
c:\windows\system32\msminl.exe
c:\windows\system32\msmjc.exe
c:\windows\system32\msmjebm.exe
c:\windows\system32\msmlpcxa.exe
c:\windows\system32\msmnb.exe
c:\windows\system32\msmnbu.exe
c:\windows\system32\msmoqgww.exe
c:\windows\system32\msmoxpi.exe
c:\windows\system32\msmrfk.exe
c:\windows\system32\msmrjbmz.exe
c:\windows\system32\msmrk.exe
c:\windows\system32\msmsb.exe
c:\windows\system32\msmsken.exe
c:\windows\system32\msmugpn.exe
c:\windows\system32\msmur.exe
c:\windows\system32\msmuv.exe
c:\windows\system32\msmvrghj.exe
c:\windows\system32\msmyghks.exe
c:\windows\system32\msmyv.exe
c:\windows\system32\msmzdxo.exe
c:\windows\system32\msmzj.exe
c:\windows\system32\msnao.exe
c:\windows\system32\msncav32.dll
c:\windows\system32\msnddhi.exe
c:\windows\system32\msndn.exe
c:\windows\system32\msnew.exe
c:\windows\system32\msnezk.exe
c:\windows\system32\msnfq.exe
c:\windows\system32\msnfqqsi.exe
c:\windows\system32\msnfx.exe
c:\windows\system32\msngl.exe
c:\windows\system32\msnhcf.exe
c:\windows\system32\msnisxh.exe
c:\windows\system32\msnjufp.exe
c:\windows\system32\msnlfd.exe
c:\windows\system32\msnmab.exe
c:\windows\system32\msnmpoh.exe
c:\windows\system32\msnnb.exe
c:\windows\system32\msnnjs.exe
c:\windows\system32\msnog.exe
c:\windows\system32\msnolip.exe
c:\windows\system32\msnqf.exe
c:\windows\system32\msnsxq.exe
c:\windows\system32\msntmhi.exe
c:\windows\system32\msnvhp.exe
c:\windows\system32\msnvn.exe
c:\windows\system32\msnwrf.exe
c:\windows\system32\msnxg.exe
c:\windows\system32\msnxn.exe
c:\windows\system32\msnxnalo.exe
c:\windows\system32\msnxoxv.exe
c:\windows\system32\msnxq.exe
c:\windows\system32\msnya.exe
c:\windows\system32\msoapo.exe
c:\windows\system32\msoaszyx.exe
c:\windows\system32\msobex.exe
c:\windows\system32\msocbwg.exe
c:\windows\system32\msoep.exe
c:\windows\system32\msofikyg.exe
c:\windows\system32\msofmea.exe
c:\windows\system32\msohh.exe
c:\windows\system32\msohqse.exe
c:\windows\system32\msoiqiev.exe
c:\windows\system32\msojea.exe
c:\windows\system32\msokfxzv.exe
c:\windows\system32\msokhy.exe
c:\windows\system32\msolb.exe
c:\windows\system32\msoljom.exe
c:\windows\system32\msonugx.exe
c:\windows\system32\msoocvb.exe
c:\windows\system32\msoof.exe
c:\windows\system32\msoohr.exe
c:\windows\system32\msookb.exe
c:\windows\system32\msoprmwo.exe
c:\windows\system32\msorpuct.exe
c:\windows\system32\msorr.exe
c:\windows\system32\msotdeu.exe
c:\windows\system32\msowlu.exe
c:\windows\system32\msoxonc.exe
c:\windows\system32\msozb.exe
c:\windows\system32\mspbbnr.exe
c:\windows\system32\mspbnokj.exe
c:\windows\system32\mspbwt.exe
c:\windows\system32\mspclp.exe
c:\windows\system32\mspcp.exe
c:\windows\system32\mspdsfxj.exe
c:\windows\system32\mspgpkkg.exe
c:\windows\system32\msphx.exe
c:\windows\system32\mspij.exe
c:\windows\system32\mspjbp.exe
c:\windows\system32\mspkzxv.exe
c:\windows\system32\msplei.exe
c:\windows\system32\msplyoe.exe
c:\windows\system32\mspmfndu.exe
c:\windows\system32\mspmlku.exe
c:\windows\system32\mspmygs.exe
c:\windows\system32\mspnb.exe
c:\windows\system32\mspnczj.exe
c:\windows\system32\mspnjav.exe
c:\windows\system32\mspqijt.exe
c:\windows\system32\mspsiy.exe
c:\windows\system32\mspsjjq.exe
c:\windows\system32\mspsuv.exe
c:\windows\system32\msptr.exe
c:\windows\system32\mspuj.exe
c:\windows\system32\mspvedpu.exe
c:\windows\system32\mspvleb.exe
c:\windows\system32\mspwh.exe
c:\windows\system32\mspwq.exe
c:\windows\system32\mspwwk.exe
c:\windows\system32\mspyrbfz.exe
c:\windows\system32\mspyyjj.exe
c:\windows\system32\msqaln.exe
c:\windows\system32\msqbmt.exe
c:\windows\system32\msqcjm.exe
c:\windows\system32\msqdmo.exe
c:\windows\system32\msqdwty.exe
c:\windows\system32\msqfbwsa.exe
c:\windows\system32\msqgee.exe
c:\windows\system32\msqgz.exe
c:\windows\system32\msqhjc.exe
c:\windows\system32\msqjiih.exe
c:\windows\system32\msqkbcc.exe
c:\windows\system32\msqmwwh.exe
c:\windows\system32\msqnlpj.exe
c:\windows\system32\msqnnrz.exe
c:\windows\system32\msqqn.exe
c:\windows\system32\msqqwrh.exe
c:\windows\system32\msqth.exe
c:\windows\system32\msqtmrvi.exe
c:\windows\system32\msqub.exe
c:\windows\system32\msqugtj.exe
c:\windows\system32\msqurx.exe
c:\windows\system32\msqvuedz.exe
c:\windows\system32\msqwoe.exe
c:\windows\system32\msqwwpkh.exe
c:\windows\system32\msqxn.exe
c:\windows\system32\msqxov.exe
c:\windows\system32\msqyb.exe
c:\windows\system32\msqyen.exe
c:\windows\system32\msqygslt.exe
c:\windows\system32\msqyxz.exe
c:\windows\system32\msrapqgi.exe
c:\windows\system32\msregnpl.exe
c:\windows\system32\msrew.exe
c:\windows\system32\msrfacil.exe
c:\windows\system32\msrgzfaf.exe
c:\windows\system32\msrinvav.exe
c:\windows\system32\msrjg.exe
c:\windows\system32\msrjpgo.exe
c:\windows\system32\msrkxv.exe
c:\windows\system32\msrnmwz.exe
c:\windows\system32\msrodqox.exe
c:\windows\system32\msrokat.exe
c:\windows\system32\msrov.exe
c:\windows\system32\msrpd.exe
c:\windows\system32\msrpqhob.exe
c:\windows\system32\msrpsdy.exe
c:\windows\system32\msrpxnwk.exe
c:\windows\system32\msrqhs.exe
c:\windows\system32\msrqxevm.exe
c:\windows\system32\msrrs.exe
c:\windows\system32\msrsoir.exe
c:\windows\system32\msrsqg.exe
c:\windows\system32\msrtxtc.exe
c:\windows\system32\msruug.exe
c:\windows\system32\msrvcq.exe
c:\windows\system32\msrvmt.exe
c:\windows\system32\msrvskbb.exe
c:\windows\system32\msrvzkhg.exe
c:\windows\system32\msryw.exe
c:\windows\system32\msrzxpq.exe
c:\windows\system32\mssabp.exe
c:\windows\system32\mssaihi.exe
c:\windows\system32\mssbenq.exe
c:\windows\system32\mssbt.exe
c:\windows\system32\mssdlpu.exe
c:\windows\system32\mssdxwbi.exe
c:\windows\system32\mssdywnd.exe
c:\windows\system32\msseuk.exe
c:\windows\system32\mssfoa.exe
c:\windows\system32\mssgmzui.exe
c:\windows\system32\msshon.exe
c:\windows\system32\msshs.exe
c:\windows\system32\mssjawpv.exe
c:\windows\system32\mssjx.exe
c:\windows\system32\mssmlkz.exe
c:\windows\system32\mssnd.exe
c:\windows\system32\mssnjo.exe
c:\windows\system32\mssnyqpz.exe
c:\windows\system32\mssowvwb.exe
c:\windows\system32\msspotbb.exe
c:\windows\system32\msspugmy.exe
c:\windows\system32\mssqmudl.exe
c:\windows\system32\msstusuc.exe
c:\windows\system32\msstxtrf.exe
c:\windows\system32\mssuihti.exe
c:\windows\system32\mssumbsg.exe
c:\windows\system32\mssun.exe
c:\windows\system32\mssvan.exe
c:\windows\system32\mssvlak.exe
c:\windows\system32\msswak.exe
c:\windows\system32\mssyhry.exe
c:\windows\system32\mstbmvna.exe
c:\windows\system32\mstbope.exe
c:\windows\system32\mstcf.exe
c:\windows\system32\mstde.exe
c:\windows\system32\mstegbr.exe
c:\windows\system32\mstfxbwy.exe
c:\windows\system32\mstgfu.exe
c:\windows\system32\mstgo.exe
c:\windows\system32\msthkcqe.exe
c:\windows\system32\msthze.exe
c:\windows\system32\mstiszab.exe
c:\windows\system32\mstjc.exe
c:\windows\system32\mstkslab.exe
c:\windows\system32\mstlhn.exe
c:\windows\system32\mstoa.exe
c:\windows\system32\mstomk.exe
c:\windows\system32\mstoo.exe
c:\windows\system32\mstoz.exe
c:\windows\system32\mstqzj.exe
c:\windows\system32\mstrq.exe
c:\windows\system32\mstrvoz.exe
c:\windows\system32\msttefga.exe
c:\windows\system32\msttrkiy.exe
c:\windows\system32\mstued.exe
c:\windows\system32\mstufep.exe
c:\windows\system32\mstvcu.exe
c:\windows\system32\mstvstec.exe
c:\windows\system32\mstvzzpf.exe
c:\windows\system32\mstza.exe
c:\windows\system32\mstzqpdq.exe
c:\windows\system32\msuafa.exe
c:\windows\system32\msuap.exe
c:\windows\system32\msuaqr.exe
c:\windows\system32\msuazeif.exe
c:\windows\system32\msubiap.exe
c:\windows\system32\msudlfum.exe
c:\windows\system32\msuectn.exe
c:\windows\system32\msuevk.exe
c:\windows\system32\msuft.exe
c:\windows\system32\msuggpo.exe
c:\windows\system32\msugyiej.exe
c:\windows\system32\msuhs.exe
c:\windows\system32\msuiwb.exe
c:\windows\system32\msujclyd.exe
c:\windows\system32\msukoqi.exe
c:\windows\system32\msukrs.exe
c:\windows\system32\msulk.exe
c:\windows\system32\msulsn.exe
c:\windows\system32\msumd.exe
c:\windows\system32\msumvd.exe
c:\windows\system32\msunaxx.exe
c:\windows\system32\msunlx.exe
c:\windows\system32\msuqzu.exe
c:\windows\system32\msurjydz.exe
c:\windows\system32\msurq.exe
c:\windows\system32\msurzadl.exe
c:\windows\system32\msutqbbj.exe
c:\windows\system32\msuxqi.exe
c:\windows\system32\msuyqqkx.exe
c:\windows\system32\msuyyf.exe
c:\windows\system32\msuzeu.exe
c:\windows\system32\msvav.exe
c:\windows\system32\msvbmc.exe
c:\windows\system32\msvbnjez.exe
c:\windows\system32\msvboii.exe
c:\windows\system32\msvccf.exe
c:\windows\system32\msvda.exe
c:\windows\system32\msvdi.exe
c:\windows\system32\msvdle.exe
c:\windows\system32\msveiii.exe
c:\windows\system32\msveyo.exe
c:\windows\system32\msveze.exe
c:\windows\system32\msvfg.exe
c:\windows\system32\msvfkvz.exe
c:\windows\system32\msvglxq.exe
c:\windows\system32\msvhjqiz.exe
c:\windows\system32\msvhszux.exe
c:\windows\system32\msvhtfz.exe
c:\windows\system32\msvhwb.exe
c:\windows\system32\msvjvgt.exe
c:\windows\system32\msvkbklj.exe
c:\windows\system32\msvkirj.exe
c:\windows\system32\msvllrz.exe
c:\windows\system32\msvmrfe.exe
c:\windows\system32\msvmyr.exe
c:\windows\system32\msvndbab.exe
c:\windows\system32\msvpo.exe
c:\windows\system32\msvpq.exe
c:\windows\system32\msvqkzs.exe
c:\windows\system32\msvssp.exe
c:\windows\system32\msvsuxo.exe
c:\windows\system32\msvtx.exe
c:\windows\system32\msvtzpk.exe
c:\windows\system32\msvwvi.exe
c:\windows\system32\msvyjqf.exe
c:\windows\system32\mswak.exe
c:\windows\system32\mswaqhol.exe
c:\windows\system32\mswboks.exe
c:\windows\system32\mswcn.exe
c:\windows\system32\mswdbl.exe
c:\windows\system32\mswdx.exe
c:\windows\system32\mswglhir.exe
c:\windows\system32\mswhad.exe
c:\windows\system32\mswhfmo.exe
c:\windows\system32\mswiq.exe
c:\windows\system32\mswirp.exe
c:\windows\system32\mswiwe.exe
c:\windows\system32\mswjeqq.exe
c:\windows\system32\mswkgzzv.exe
c:\windows\system32\mswkyen.exe
c:\windows\system32\mswlcsy.exe
c:\windows\system32\mswlm.exe
c:\windows\system32\mswmaj.exe
c:\windows\system32\mswmhlv.exe
c:\windows\system32\mswnok.exe
c:\windows\system32\mswoc.exe
c:\windows\system32\mswpcei.exe
c:\windows\system32\mswqewv.exe
c:\windows\system32\mswqkkmk.exe
c:\windows\system32\mswsrp.exe
c:\windows\system32\mswtexd.exe
c:\windows\system32\mswtfbvu.exe
c:\windows\system32\mswtim.exe
c:\windows\system32\mswwkwej.exe
c:\windows\system32\mswwqvp.exe
c:\windows\system32\mswxq.exe
c:\windows\system32\mswyugcq.exe
c:\windows\system32\mswzaksr.exe
c:\windows\system32\msxasxd.exe
c:\windows\system32\msxbd.exe
c:\windows\system32\msxbzdmw.exe
c:\windows\system32\msxchf.exe
c:\windows\system32\msxdk.exe
c:\windows\system32\msxdkp.exe
c:\windows\system32\msxduh.exe
c:\windows\system32\msxelwzt.exe
c:\windows\system32\msxev.exe
c:\windows\system32\msxgctlu.exe
c:\windows\system32\msxgwhsb.exe
c:\windows\system32\msxgyjm.exe
c:\windows\system32\msxgzcs.exe
c:\windows\system32\msxhpcf.exe
c:\windows\system32\msxhvjcw.exe
c:\windows\system32\msxiae.exe
c:\windows\system32\msxitso.exe
c:\windows\system32\msxjft.exe
c:\windows\system32\msxkbv.exe
c:\windows\system32\msxkq.exe
c:\windows\system32\msxlc.exe
c:\windows\system32\msxlh.exe
c:\windows\system32\msxlt.exe
c:\windows\system32\msxmanyl.exe
c:\windows\system32\msxml71.dll
c:\windows\system32\msxmowry.exe
c:\windows\system32\msxnitl.exe
c:\windows\system32\msxnvbjj.exe
c:\windows\system32\msxnzcc.exe
c:\windows\system32\msxpyjo.exe
c:\windows\system32\msxpzcu.exe
c:\windows\system32\msxsidv.exe
c:\windows\system32\msxsvs.exe
c:\windows\system32\msxtenr.exe
c:\windows\system32\msxuoc.exe
c:\windows\system32\msxuwsk.exe
c:\windows\system32\msxvokr.exe
c:\windows\system32\msxww.exe
c:\windows\system32\msxxudc.exe
c:\windows\system32\msxxyoi.exe
c:\windows\system32\msyabawc.exe
c:\windows\system32\msybds.exe
c:\windows\system32\msybm.exe
c:\windows\system32\msycjd.exe
c:\windows\system32\msyean.exe
c:\windows\system32\msyemce.exe
c:\windows\system32\msyewk.exe
c:\windows\system32\msyfed.exe
c:\windows\system32\msyiit.exe
c:\windows\system32\msyisip.exe
c:\windows\system32\msyjzcvo.exe
c:\windows\system32\msyktejv.exe
c:\windows\system32\msyluk.exe
c:\windows\system32\msymbo.exe
c:\windows\system32\msymilg.exe
c:\windows\system32\msynzzsk.exe
c:\windows\system32\msyofzvn.exe
c:\windows\system32\msypl.exe
c:\windows\system32\msyqox.exe
c:\windows\system32\msyqso.exe
c:\windows\system32\msyrich.exe
c:\windows\system32\msysv.exe
c:\windows\system32\msyum.exe
c:\windows\system32\msyvv.exe
c:\windows\system32\msywvla.exe
c:\windows\system32\msyxmfpx.exe
c:\windows\system32\msyxneye.exe
c:\windows\system32\msyxqdi.exe
c:\windows\system32\msyxqnn.exe
c:\windows\system32\msyxr.exe
c:\windows\system32\mszbgk.exe
c:\windows\system32\mszcke.exe
c:\windows\system32\mszcz.exe
c:\windows\system32\mszdf.exe
c:\windows\system32\mszdnv.exe
c:\windows\system32\mszemsn.exe
c:\windows\system32\mszesqgv.exe
c:\windows\system32\mszff.exe
c:\windows\system32\mszfh.exe
c:\windows\system32\mszfn.exe
c:\windows\system32\mszgyps.exe
c:\windows\system32\mszhasx.exe
c:\windows\system32\mszhjla.exe
c:\windows\system32\mszjja.exe
c:\windows\system32\mszkg.exe
c:\windows\system32\mszklxou.exe
c:\windows\system32\mszlr.exe
c:\windows\system32\mszmvuyn.exe
c:\windows\system32\mszoczp.exe
c:\windows\system32\mszple.exe
c:\windows\system32\mszqag.exe
c:\windows\system32\mszswxx.exe
c:\windows\system32\msztwwzr.exe
c:\windows\system32\mszuwe.exe
c:\windows\system32\mszvibn.exe
c:\windows\system32\mszwjmlb.exe
c:\windows\system32\mszzyy.exe
c:\windows\system32\pcmstub.sys
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\UACbbmqhrifwuvrbdwyw.dll
c:\windows\system32\UACovybhmtvpjwcpxmqs.dll
c:\windows\system32\UACrnkvfxwxnssrprrqt.db
c:\windows\system32\wiawow32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiphatfaiq
-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Service_msncache
-------\Service_pcmstub


((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-13 03:43 . 2009-07-13 03:43 164 ----a-w- c:\windows\install.dat
2009-07-12 13:48 . 2009-07-12 13:49 -------- d-----w- c:\program files\ERUNT
2009-07-12 03:39 . 2009-07-12 03:39 40960 --sh--r- c:\windows\system32\flashd32.dll
2009-06-25 02:58 . 2009-06-25 02:58 -------- d--h--w- c:\windows\PIF
2009-06-16 14:36 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 03:41 . 2008-06-28 02:09 -------- d-----w- c:\documents and settings\tyl2\Application Data\RSIGuard
2009-07-16 03:41 . 2008-06-28 17:52 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-16 03:41 . 2008-06-28 17:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-15 12:42 . 2008-06-28 04:39 -------- d-----w- c:\program files\WinAce
2009-07-15 12:37 . 2008-10-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 12:18 . 2009-07-15 12:21 34304 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-15 04:11 . 2009-07-12 03:40 4 ---h--w- c:\windows\Fonts\mlog
2009-07-15 03:57 . 2009-07-15 04:02 19456 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-15 02:20 . 2009-07-15 02:35 32256 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-07-14 23:28 . 2009-07-14 23:28 63750 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_14_19_21_38_small.dmp.zip
2009-07-14 17:45 . 2009-07-14 17:45 65280 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_14_13_34_46_small.dmp.zip
2009-07-14 13:10 . 2009-07-14 17:40 3032576 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-13 12:06 . 2008-08-28 12:51 -------- d-----w- c:\program files\SpySweeper
2009-07-13 03:44 . 2008-08-09 18:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-07-13 03:44 . 2008-08-09 18:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-07-13 03:44 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-07-13 03:37 . 2008-07-19 00:17 -------- d-----w- c:\documents and settings\tyl2\Application Data\Azureus
2009-07-13 03:35 . 2008-07-03 00:44 -------- d-----w- c:\documents and settings\tyl2\Application Data\Orbit
2009-07-12 21:38 . 2009-01-03 03:20 5536 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-12 03:22 . 2009-03-05 06:28 -------- d-----w- c:\program files\ReplayMediaCatcher
2009-07-07 23:20 . 2008-06-28 17:58 -------- d-----w- c:\documents and settings\tyl2\Application Data\dvdcss
2009-07-02 17:24 . 2008-06-28 01:32 -------- d-----w- c:\program files\KeyText
2009-07-02 11:54 . 2008-06-28 00:56 -------- d-----w- c:\program files\Mozilla
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:34 . 2009-06-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-06-15 00:34 . 2008-07-21 01:11 -------- d-----w- c:\program files\TVUPlayer
2009-06-14 02:13 . 2008-10-23 21:07 -------- d-----w- c:\documents and settings\tyl2\Application Data\Shareaza
2009-06-14 02:12 . 2008-10-23 21:07 -------- d-----w- c:\program files\Shareaza
2009-06-13 03:12 . 2008-07-03 00:44 -------- d-----w- c:\program files\OrbitDL
2009-06-12 03:12 . 2009-06-12 03:12 -------- d-----w- c:\program files\MAKEMSI Package Documentation
2009-06-12 03:12 . 2009-06-12 03:12 -------- d-----w- c:\program files\RSIGuard
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 17:48 . 2009-05-31 17:48 64840 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-31 17:44 . 2009-05-31 17:37 -------- d-----w- c:\program files\Picasa3
2009-05-31 17:43 . 2009-05-31 14:16 -------- d-----w- c:\program files\SUPER
2009-05-31 17:38 . 2009-05-31 17:38 -------- d-----w- c:\program files\Google
2009-05-31 16:41 . 2009-05-31 16:41 -------- d-----w- c:\program files\ffdshow
2009-05-31 14:34 . 2009-05-31 14:34 -------- d-----w- c:\program files\MatroskaSplitter
2009-05-31 14:16 . 2009-05-31 14:16 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-31 12:14 . 2009-05-31 11:47 -------- d-----w- c:\documents and settings\kiosk\Application Data\Azureus
2009-05-31 11:28 . 2009-05-31 11:28 -------- d-----w- c:\documents and settings\kiosk\Application Data\vlc
2009-05-22 21:03 . 2009-02-07 15:42 -------- d-----w- c:\program files\mypoints
2009-05-18 12:11 . 2008-10-26 09:12 -------- d-----w- c:\program files\AVG
2009-05-17 17:54 . 2009-02-19 03:36 -------- d-----w- c:\documents and settings\tyl2\Application Data\Move Networks
2009-05-13 19:39 . 2008-08-28 12:51 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-09 03:01 . 2009-02-04 12:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-09 03:01 . 2008-10-26 09:12 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 03:01 . 2008-10-26 09:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-03-28 01:20 . 2009-03-28 01:20 0 ----a-w- c:\program files\Common Files\akkg3.exe
2009-03-28 01:20 . 2009-03-28 01:20 0 ----a-w- c:\program files\Common Files\insta3.exe
2009-03-28 01:19 . 2009-03-28 01:19 0 ----a-w- c:\program files\Common Files\akkg2.exe
2009-03-28 01:19 . 2009-03-28 01:19 0 ----a-w- c:\program files\Common Files\insta2.exe
2009-03-06 04:54 . 2009-03-06 04:54 0 ----a-w- c:\program files\Common Files\akkg1.exe
2009-03-06 04:54 . 2009-03-06 04:54 0 ----a-w- c:\program files\Common Files\insta1.exe
2009-03-06 04:53 . 2009-03-06 04:53 0 ----a-w- c:\program files\Common Files\akkg.exe
2009-03-06 04:53 . 2009-03-06 04:53 0 ----a-w- c:\program files\Common Files\insta.exe
2009-02-01 14:14 . 2006-04-22 19:06 11731 ----a-w- c:\program files\NoteTab.ini
2009-01-02 23:22 . 2006-04-22 19:06 11334 ----a-w- c:\program files\NotePro4.ini
2006-01-08 06:39 . 2007-12-19 04:33 1469033 ----a-w- c:\program files\FLVPlayer+S.exe
2006-05-03 10:06 . 2009-05-31 14:16 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-31 14:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-31 14:16 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-04-06 14:33 2823168 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-04-06 14:33 2823168 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Logitech Utility"="c:\windows\Logi_MwX.Exe" [2003-12-17 19968]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-06-14 16132608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-10-12 439568]

c:\documents and settings\tyl2\Start Menu\Programs\Startup\
Explorer.lnk - c:\windows\explorer.exe [2004-8-4 1033728]
NotePro.lnk - c:\program files\NoteTab\NoteTab.exe [2009-2-1 1057792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RSIGuard.lnk - c:\program files\RSIGuard\RSIGuard.exe [2008-6-5 6926336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{38101905-D80F-4788-96F6-986A8186178A}"= "c:\windows\system32\flashd32.dll" [2009-07-12 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-18 02:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-24 08:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
"AVG8_TRAY"=c:\progra~1\AVG\avgtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\AcroRead\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OrbitDL\\orbitnet.exe"=
"c:\program files\Microsoft\ActiveSync\rapimgr.exe"= c:\program files\Microsoft\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft\ActiveSync\wcescomm.exe"= c:\program files\Microsoft\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft\ActiveSync\WCESMgr.exe"= c:\program files\Microsoft\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\avgupd.exe"=
"c:\\Program Files\\OrbitDL\\orbitdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Ramdisk;Ramdisk [ QSoft ];c:\windows\system32\drivers\ramdisk.sys [10/6/2002 11:26 AM 8192]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/26/2008 5:12 AM 325896]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [9/23/2008 11:48 PM 53752]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/17/2009 12:01 AM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/3/2008 6:18 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\SpySweeper\WRConsumerService.exe [10/26/2008 6:03 AM 1205760]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 7:40 PM 84992]
S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\avgwdsvc.exe [2/4/2009 8:39 AM 298776]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/13/2008 7:19 PM 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [8/13/2008 8:56 AM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [8/13/2008 8:56 AM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [8/13/2008 8:56 AM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [8/13/2008 8:56 AM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [8/13/2008 8:56 AM 98568]
S3 usbwte;usbwte;c:\windows\system32\usbwte.sys [8/4/2004 6:00 AM 2304]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5


.
------- Supplementary Scan -------
.
uStart Page = hxxp://beginnersoccer.com/WebSiteManager/default.aspx
IE: &Download by Orbit - c:\program files\OrbitDL\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\OrbitDL\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\OrbitDL\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\OrbitDL\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\tyl2\Application Data\Mozilla\Firefox\Profiles\default.qle\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_11.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\VLCPlayer\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 23:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1696)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Mozy\mozyshell.dll
c:\program files\RSIGuard\RSIWatch.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\avgrsx.exe
c:\program files\Mozy\mozybackup.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\SpySweeper\SpySweeper.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MICROS~2\ACTIVE~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-16 23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 03:46

Pre-Run: 36,136,067,072 bytes free
Post-Run: 37,348,839,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1081 --- E O F --- 2009-07-15 12:37

Here's the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:18 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SpySweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\avgrsx.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Mozy\mozybackup.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpySweeper\SpySweeper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Microsoft\ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RSIGuard\RSIGuard.exe
C:\Program Files\NoteTab\NoteTab.exe
C:\PROGRA~1\MICROS~2\ACTIVE~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beginnersoccer.com/WebSiteManager/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDL\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDL\GrabPro.dll
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0992 -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0992 -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: Explorer.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: NotePro.lnk = C:\Program Files\NoteTab\NoteTab.exe
O4 - Global Startup: RSIGuard.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\OrbitDL\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214611352327
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\SpySweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\SpySweeper\WRConsumerService.exe

--
End of file - 8376 bytes

[ZNoEvil]

... the uninstall list.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.6
Adobe Shockwave Player
Advanced Privacy Cleaner 1.1
AnswerWorks 5.0 English Runtime
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Auto Gordian Knot 2.48b
Avanquest update
AVG Free 8.5
AVIcodec (remove only)
AviSynth 2.5
Catalyst Control Center - Branding
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Eraser
Eraser
ERUNT 1.1j
ffdshow [rev 2527] [2008-12-19]
FIFA 09
GoToAssist 8.0.0.514
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iDailyDiary Professional 3.52
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java(TM) 6 Update 11
KeyText v2.25
Logitech MouseWare 9.79.1
Logitech QuickCam Driver Package
LogMeIn
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5)
Mozilla Thunderbird (2.0.0.22)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MVision
MyPoints Toolbar
Nero 8 Ultra Edition HD
neroxml
NoteTab Light 5 (Remove only)
Orbit Downloader
PDFCreator
Picasa 3
Realtek High Definition Audio Driver
Recover Files 2.0
Recuva (remove only)
Replay Media Catcher
RSIGuard Stretch Edition
Samsung ML-2510 Series
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shareaza
Sony Ericsson PC Suite 4.010.00
Spy Sweeper
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Startup Cop 1.1
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Switch Off
Timershot Powertoy for Windows XP
Trellian WebPage
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wpaiper
TurboTax 2008 wrapper
TVUPlayer 2.4.5.3
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Service
VC 9.0 Runtime
VC 9.0 Runtime
VCRedistSetup
Video Card Stability Test
VLC media player 0.9.8a
VobSub v2.23 (Remove Only)
Vuze
WinAVI Video Converter
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinISO 5.3
WinPcap 4.0
WinRAR archiver
ZoneAlarm

[pskelley]

You can see you had a very infected computer. It is very important that you read and follow the directions exactly. Here are the directions from the tutorial I posted:

Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop. An image showing this is below.

Here is where you installed Running from: c:\storage\ComboFix.exe ?

Please delete the copy of combofix that is incorrectly installed and install combofix to the Desktop as directed. Run it again and post the log.


Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player ActiveX <<< check this
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/securit...apsb09-01.html

Adobe Reader 8.1.6 <<< out of date and unsafe
http://news.cnet.com/8301-1009_3-100...ml?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04...der_issue.html
http://www.adobe.com/support/securit...apsb09-07.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 3.0 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

Java(TM) 6 Update 11 <<< out of date and unsafe
http://forums.spybot.info/showpost.p...80&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsof...java-15413.php

Mozilla Firefox (3.5) <<< out of date, update from within the program
Open Firefox > click Help > Check for Updates > follow the prompts

Spybot - Search & Destroy 1.5.2.20 <<< uninstall this out of date version, make sure the other installed version is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html

Vuze <<< p2p programs must be uninstalled:
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Thanks

[ZNoEvil]

Uninstalled program you asked for (along with a few others I don't use), and updated the ones you and Secunia PSI pointed out. Firefox 3.5 is already latest though.

Downloaded ComboFix again to correct location and ran. Here's the log.

ComboFix 09-07-14.08 - tyl2 07/16/2009 8:59.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1438 [GMT -4:00]
Running from: c:\documents and settings\tyl2\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 12:49 . 2009-07-16 12:49 -------- d-----w- c:\program files\JRE
2009-07-16 12:40 . 2009-07-16 12:40 -------- d-----w- c:\documents and settings\tyl2\Application Data\Foxit
2009-07-16 12:40 . 2009-07-16 12:40 -------- d-----w- c:\program files\FoxitReader
2009-07-16 12:32 . 2009-07-16 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-16 12:32 . 2009-07-16 12:46 -------- d-----w- c:\program files\NOS
2009-07-16 12:30 . 2009-07-16 12:38 -------- d-----w- c:\program files\Secunia
2009-07-16 04:10 . 2009-07-16 04:15 -------- d-----w- c:\documents and settings\tyl2\Application Data\vlc
2009-07-13 03:43 . 2009-07-13 03:43 164 ----a-w- c:\windows\install.dat
2009-07-12 13:48 . 2009-07-12 13:49 -------- d-----w- c:\program files\ERUNT
2009-07-12 03:39 . 2009-07-12 03:39 40960 --sh--r- c:\windows\system32\flashd32.dll
2009-06-25 02:58 . 2009-06-25 02:58 -------- d--h--w- c:\windows\PIF
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-16 14:36 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 13:04 . 2008-06-28 02:09 -------- d-----w- c:\documents and settings\tyl2\Application Data\RSIGuard
2009-07-16 13:03 . 2008-06-28 17:52 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-16 13:03 . 2008-06-28 17:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-16 12:52 . 2008-06-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 12:51 . 2008-08-28 18:20 -------- d-----w- c:\program files\SpybotSD
2009-07-16 12:49 . 2008-11-23 19:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-16 12:35 . 2008-07-02 23:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-16 12:27 . 2008-07-03 00:44 -------- d-----w- c:\documents and settings\tyl2\Application Data\Orbit
2009-07-16 12:27 . 2008-10-23 21:07 -------- d-----w- c:\program files\Shareaza
2009-07-16 12:24 . 2008-07-19 00:16 -------- d-----w- c:\program files\Vuze
2009-07-16 04:09 . 2008-06-28 02:31 -------- d-----w- c:\program files\VLCPlayer
2009-07-15 12:42 . 2008-06-28 04:39 -------- d-----w- c:\program files\WinAce
2009-07-15 12:37 . 2008-10-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 12:18 . 2009-07-15 12:21 34304 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-15 04:11 . 2009-07-12 03:40 4 ---h--w- c:\windows\Fonts\mlog
2009-07-15 03:57 . 2009-07-15 04:02 19456 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-15 02:20 . 2009-07-15 02:35 32256 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-07-14 23:28 . 2009-07-14 23:28 63750 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_14_19_21_38_small.dmp.zip
2009-07-14 17:45 . 2009-07-14 17:45 65280 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_14_13_34_46_small.dmp.zip
2009-07-14 13:10 . 2009-07-14 17:40 3032576 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-13 12:06 . 2008-08-28 12:51 -------- d-----w- c:\program files\SpySweeper
2009-07-13 03:44 . 2008-08-09 18:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-07-13 03:44 . 2008-08-09 18:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-07-13 03:44 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-07-13 03:37 . 2008-07-19 00:17 -------- d-----w- c:\documents and settings\tyl2\Application Data\Azureus
2009-07-12 21:38 . 2009-01-03 03:20 5536 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-12 03:22 . 2009-03-05 06:28 -------- d-----w- c:\program files\ReplayMediaCatcher
2009-07-07 23:20 . 2008-06-28 17:58 -------- d-----w- c:\documents and settings\tyl2\Application Data\dvdcss
2009-07-02 17:24 . 2008-06-28 01:32 -------- d-----w- c:\program files\KeyText
2009-07-02 11:54 . 2008-06-28 00:56 -------- d-----w- c:\program files\Mozilla
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:34 . 2009-06-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-06-15 00:34 . 2008-07-21 01:11 -------- d-----w- c:\program files\TVUPlayer
2009-06-12 03:12 . 2009-06-12 03:12 -------- d-----w- c:\program files\MAKEMSI Package Documentation
2009-06-12 03:12 . 2009-06-12 03:12 -------- d-----w- c:\program files\RSIGuard
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 17:48 . 2009-05-31 17:48 64840 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-31 17:44 . 2009-05-31 17:37 -------- d-----w- c:\program files\Picasa3
2009-05-31 17:43 . 2009-05-31 14:16 -------- d-----w- c:\program files\SUPER
2009-05-31 17:38 . 2009-05-31 17:38 -------- d-----w- c:\program files\Google
2009-05-31 16:41 . 2009-05-31 16:41 -------- d-----w- c:\program files\ffdshow
2009-05-31 14:34 . 2009-05-31 14:34 -------- d-----w- c:\program files\MatroskaSplitter
2009-05-31 14:16 . 2009-05-31 14:16 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-31 12:14 . 2009-05-31 11:47 -------- d-----w- c:\documents and settings\kiosk\Application Data\Azureus
2009-05-31 11:28 . 2009-05-31 11:28 -------- d-----w- c:\documents and settings\kiosk\Application Data\vlc
2009-05-22 21:03 . 2009-02-07 15:42 -------- d-----w- c:\program files\mypoints
2009-05-18 12:11 . 2008-10-26 09:12 -------- d-----w- c:\program files\AVG
2009-05-17 17:54 . 2009-02-19 03:36 -------- d-----w- c:\documents and settings\tyl2\Application Data\Move Networks
2009-05-13 19:39 . 2008-08-28 12:51 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-09 03:01 . 2009-02-04 12:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-09 03:01 . 2008-10-26 09:12 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 03:01 . 2008-10-26 09:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-03-28 01:20 . 2009-03-28 01:20 0 ----a-w- c:\program files\Common Files\akkg3.exe
2009-03-28 01:20 . 2009-03-28 01:20 0 ----a-w- c:\program files\Common Files\insta3.exe
2009-03-28 01:19 . 2009-03-28 01:19 0 ----a-w- c:\program files\Common Files\akkg2.exe
2009-03-28 01:19 . 2009-03-28 01:19 0 ----a-w- c:\program files\Common Files\insta2.exe
2009-03-06 04:54 . 2009-03-06 04:54 0 ----a-w- c:\program files\Common Files\akkg1.exe
2009-03-06 04:54 . 2009-03-06 04:54 0 ----a-w- c:\program files\Common Files\insta1.exe
2009-03-06 04:53 . 2009-03-06 04:53 0 ----a-w- c:\program files\Common Files\akkg.exe
2009-03-06 04:53 . 2009-03-06 04:53 0 ----a-w- c:\program files\Common Files\insta.exe
2009-02-01 14:14 . 2006-04-22 19:06 11731 ----a-w- c:\program files\NoteTab.ini
2009-01-02 23:22 . 2006-04-22 19:06 11334 ----a-w- c:\program files\NotePro4.ini
2006-01-08 06:39 . 2007-12-19 04:33 1469033 ----a-w- c:\program files\FLVPlayer+S.exe
2006-05-03 10:06 . 2009-05-31 14:16 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-31 14:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-31 14:16 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_03.43.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 13:04 . 2009-07-16 13:04 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2009-07-16 12:56 . 2009-07-16 12:56 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2009-07-16 13:04 . 2009-07-16 13:04 16384 c:\windows\Temp\Perflib_Perfdata_234.dat
+ 2004-08-04 10:00 . 2009-07-16 03:45 64068 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-04-18 02:17 64068 c:\windows\system32\perfc009.dat
+ 2008-06-28 00:06 . 2009-07-16 12:32 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 10:00 . 2009-07-16 03:45 407098 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-04-18 02:17 407098 c:\windows\system32\perfh009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 148888 c:\windows\system32\javaws.exe
- 2008-12-05 00:10 . 2008-11-10 10:43 148888 c:\windows\system32\javaws.exe
- 2008-12-05 00:10 . 2008-11-10 10:43 144792 c:\windows\system32\javaw.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 144792 c:\windows\system32\javaw.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 144792 c:\windows\system32\java.exe
- 2008-12-05 00:10 . 2008-11-10 10:43 144792 c:\windows\system32\java.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 1563648 c:\windows\Installer\33685.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-04-06 14:33 2823168 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-04-06 14:33 2823168 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Logitech Utility"="c:\windows\Logi_MwX.Exe" [2003-12-17 19968]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-06-14 16132608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
"SunJavaUpdateSched"="c:\program files\JRE\bin\jusched.exe" [2009-07-16 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-10-12 439568]

c:\documents and settings\tyl2\Start Menu\Programs\Startup\
Explorer.lnk - c:\windows\explorer.exe [2004-8-4 1033728]
NotePro.lnk - c:\program files\NoteTab\NoteTab.exe [2009-2-1 1057792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RSIGuard.lnk - c:\program files\RSIGuard\RSIGuard.exe [2008-6-5 6926336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{38101905-D80F-4788-96F6-986A8186178A}"= "c:\windows\system32\flashd32.dll" [2009-07-12 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-18 02:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-24 08:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
"AVG8_TRAY"=c:\progra~1\AVG\avgtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\AcroRead\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft\ActiveSync\rapimgr.exe"= c:\program files\Microsoft\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft\ActiveSync\wcescomm.exe"= c:\program files\Microsoft\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft\ActiveSync\WCESMgr.exe"= c:\program files\Microsoft\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Ramdisk;Ramdisk [ QSoft ];c:\windows\system32\drivers\ramdisk.sys [10/6/2002 11:26 AM 8192]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/26/2008 5:12 AM 325896]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [9/23/2008 11:48 PM 53752]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/17/2009 12:01 AM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/3/2008 6:18 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\SpySweeper\WRConsumerService.exe [10/26/2008 6:03 AM 1205760]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 7:40 PM 84992]
S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\avgwdsvc.exe [2/4/2009 8:39 AM 298776]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/13/2008 7:19 PM 13352]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [8/13/2008 8:56 AM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [8/13/2008 8:56 AM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [8/13/2008 8:56 AM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [8/13/2008 8:56 AM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [8/13/2008 8:56 AM 98568]
S3 usbwte;usbwte;c:\windows\system32\usbwte.sys [8/4/2004 6:00 AM 2304]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://beginnersoccer.com/WebSiteManager/default.aspx
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\tyl2\Application Data\Mozilla\Firefox\Profiles\default.qle\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\JRE\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\JRE\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\VLCPlayer\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 09:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3456)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\flashd32.dll
c:\program files\Mozy\mozyshell.dll
c:\program files\RSIGuard\RSIWatch.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\avgrsx.exe
c:\program files\JRE\bin\jqs.exe
c:\program files\Mozy\mozybackup.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MICROS~2\ACTIVE~1\rapimgr.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-16 9:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 13:08
ComboFix2.txt 2009-07-16 03:46

Pre-Run: 37,207,027,712 bytes free
Post-Run: 37,178,519,552 bytes free

326 --- E O F --- 2009-07-15 12:37

[pskelley]

Thanks for the feedback, let's proceed like this.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:

Code:

Folder::
c:\program files\Shareaza
c:\program files\Vuze

Save this as CFScript



Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/art...efetch-XP.html

4) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the report from combofix (CFScript) contents of that file from MBAM & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://thespykiller.co.uk/index.php/topic,5946.0.html

How is the computer running now?

Thanks

[ZNoEvil]

I'm not clear about the logs you want to see, so I first ran CFScript via ComboFix first, then HJT. Here are logs.

ComboFix 09-07-14.08 - tyl2 07/16/2009 13:37.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1513 [GMT -4:00]
Running from: c:\documents and settings\tyl2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tyl2\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shareaza
c:\program files\Shareaza\WMHelper.log
c:\program files\Vuze
c:\program files\Vuze\IRC_log.htm
c:\program files\Vuze\plugins\azemp\azemp_2.0.30.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.30.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.zip
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.jar
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.30
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.34
c:\program files\Vuze\plugins\azemp\plugin.properties_2.1.02
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.zip
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.17
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.5

.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 12:49 . 2009-07-16 12:49 -------- d-----w- c:\program files\JRE
2009-07-16 12:40 . 2009-07-16 12:40 -------- d-----w- c:\documents and settings\tyl2\Application Data\Foxit
2009-07-16 12:40 . 2009-07-16 12:40 -------- d-----w- c:\program files\FoxitReader
2009-07-16 12:32 . 2009-07-16 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-16 12:32 . 2009-07-16 12:46 -------- d-----w- c:\program files\NOS
2009-07-16 12:30 . 2009-07-16 12:38 -------- d-----w- c:\program files\Secunia
2009-07-16 04:10 . 2009-07-16 04:15 -------- d-----w- c:\documents and settings\tyl2\Application Data\vlc
2009-07-13 03:43 . 2009-07-13 03:43 164 ----a-w- c:\windows\install.dat
2009-07-12 13:48 . 2009-07-12 13:49 -------- d-----w- c:\program files\ERUNT
2009-07-12 03:39 . 2009-07-12 03:39 40960 --sh--r- c:\windows\system32\flashd32.dll
2009-06-25 02:58 . 2009-06-25 02:58 -------- d--h--w- c:\windows\PIF
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:25 . 2008-06-28 02:09 -------- d-----w- c:\documents and settings\tyl2\Application Data\RSIGuard
2009-07-16 17:25 . 2008-06-28 17:52 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-16 17:25 . 2008-06-28 17:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-16 12:52 . 2008-06-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 12:51 . 2008-08-28 18:20 -------- d-----w- c:\program files\SpybotSD
2009-07-16 12:49 . 2008-11-23 19:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-16 12:35 . 2008-07-02 23:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-16 12:27 . 2008-07-03 00:44 -------- d-----w- c:\documents and settings\tyl2\Application Data\Orbit
2009-07-16 04:09 . 2008-06-28 02:31 -------- d-----w- c:\program files\VLCPlayer
2009-07-15 12:42 . 2008-06-28 04:39 -------- d-----w- c:\program files\WinAce
2009-07-15 12:37 . 2008-10-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 12:18 . 2009-07-15 12:21 34304 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-15 04:11 . 2009-07-12 03:40 4 ---h--w- c:\windows\Fonts\mlog
2009-07-15 03:57 . 2009-07-15 04:02 19456 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-15 02:20 . 2009-07-15 02:35 32256 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-07-14 23:28 . 2009-07-14 23:28 63750 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_14_19_21_38_small.dmp.zip
2009-07-14 17:45 . 2009-07-14 17:45 65280 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_14_13_34_46_small.dmp.zip
2009-07-14 13:10 . 2009-07-14 17:40 3032576 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-13 12:06 . 2008-08-28 12:51 -------- d-----w- c:\program files\SpySweeper
2009-07-13 03:44 . 2008-08-09 18:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-07-13 03:44 . 2008-08-09 18:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-07-13 03:44 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-07-13 03:37 . 2008-07-19 00:17 -------- d-----w- c:\documents and settings\tyl2\Application Data\Azureus
2009-07-12 21:38 . 2009-01-03 03:20 5536 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-12 03:22 . 2009-03-05 06:28 -------- d-----w- c:\program files\ReplayMediaCatcher
2009-07-07 23:20 . 2008-06-28 17:58 -------- d-----w- c:\documents and settings\tyl2\Application Data\dvdcss
2009-07-02 17:24 . 2008-06-28 01:32 -------- d-----w- c:\program files\KeyText
2009-07-02 11:54 . 2008-06-28 00:56 -------- d-----w- c:\program files\Mozilla
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:34 . 2009-06-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-06-15 00:34 . 2008-07-21 01:11 -------- d-----w- c:\program files\TVUPlayer
2009-06-12 03:12 . 2009-06-12 03:12 -------- d-----w- c:\program files\MAKEMSI Package Documentation
2009-06-12 03:12 . 2009-06-12 03:12 -------- d-----w- c:\program files\RSIGuard
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 17:48 . 2009-05-31 17:48 64840 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-31 17:44 . 2009-05-31 17:37 -------- d-----w- c:\program files\Picasa3
2009-05-31 17:43 . 2009-05-31 14:16 -------- d-----w- c:\program files\SUPER
2009-05-31 17:38 . 2009-05-31 17:38 -------- d-----w- c:\program files\Google
2009-05-31 16:41 . 2009-05-31 16:41 -------- d-----w- c:\program files\ffdshow
2009-05-31 14:34 . 2009-05-31 14:34 -------- d-----w- c:\program files\MatroskaSplitter
2009-05-31 14:16 . 2009-05-31 14:16 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-31 12:14 . 2009-05-31 11:47 -------- d-----w- c:\documents and settings\kiosk\Application Data\Azureus
2009-05-31 11:28 . 2009-05-31 11:28 -------- d-----w- c:\documents and settings\kiosk\Application Data\vlc
2009-05-22 21:03 . 2009-02-07 15:42 -------- d-----w- c:\program files\mypoints
2009-05-18 12:11 . 2008-10-26 09:12 -------- d-----w- c:\program files\AVG
2009-05-17 17:54 . 2009-02-19 03:36 -------- d-----w- c:\documents and settings\tyl2\Application Data\Move Networks
2009-05-13 19:39 . 2008-08-28 12:51 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-09 03:01 . 2009-02-04 12:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-09 03:01 . 2008-10-26 09:12 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-09 03:01 . 2008-10-26 09:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-03-28 01:20 . 2009-03-28 01:20 0 ----a-w- c:\program files\Common Files\akkg3.exe
2009-03-28 01:20 . 2009-03-28 01:20 0 ----a-w- c:\program files\Common Files\insta3.exe
2009-03-28 01:19 . 2009-03-28 01:19 0 ----a-w- c:\program files\Common Files\akkg2.exe
2009-03-28 01:19 . 2009-03-28 01:19 0 ----a-w- c:\program files\Common Files\insta2.exe
2009-03-06 04:54 . 2009-03-06 04:54 0 ----a-w- c:\program files\Common Files\akkg1.exe
2009-03-06 04:54 . 2009-03-06 04:54 0 ----a-w- c:\program files\Common Files\insta1.exe
2009-03-06 04:53 . 2009-03-06 04:53 0 ----a-w- c:\program files\Common Files\akkg.exe
2009-03-06 04:53 . 2009-03-06 04:53 0 ----a-w- c:\program files\Common Files\insta.exe
2009-02-01 14:14 . 2006-04-22 19:06 11731 ----a-w- c:\program files\NoteTab.ini
2009-01-02 23:22 . 2006-04-22 19:06 11334 ----a-w- c:\program files\NotePro4.ini
2006-01-08 06:39 . 2007-12-19 04:33 1469033 ----a-w- c:\program files\FLVPlayer+S.exe
2006-05-03 10:06 . 2009-05-31 14:16 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-31 14:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-31 14:16 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_03.43.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 17:25 . 2009-07-16 17:25 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2009-07-16 17:25 . 2009-07-16 17:25 16384 c:\windows\Temp\Perflib_Perfdata_14c.dat
+ 2004-08-04 10:00 . 2009-07-16 03:45 64068 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-04-18 02:17 64068 c:\windows\system32\perfc009.dat
+ 2008-06-28 00:06 . 2009-07-16 12:32 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 10:00 . 2009-07-16 03:45 407098 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-04-18 02:17 407098 c:\windows\system32\perfh009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 148888 c:\windows\system32\javaws.exe
- 2008-12-05 00:10 . 2008-11-10 10:43 148888 c:\windows\system32\javaws.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 144792 c:\windows\system32\javaw.exe
- 2008-12-05 00:10 . 2008-11-10 10:43 144792 c:\windows\system32\javaw.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 144792 c:\windows\system32\java.exe
- 2008-12-05 00:10 . 2008-11-10 10:43 144792 c:\windows\system32\java.exe
+ 2009-07-16 12:49 . 2009-07-16 12:49 1563648 c:\windows\Installer\33685.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-04-06 14:33 2823168 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-04-06 14:33 2823168 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Logitech Utility"="c:\windows\Logi_MwX.Exe" [2003-12-17 19968]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-06-14 16132608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
"SunJavaUpdateSched"="c:\program files\JRE\bin\jusched.exe" [2009-07-16 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-10-12 439568]

c:\documents and settings\tyl2\Start Menu\Programs\Startup\
Explorer.lnk - c:\windows\explorer.exe [2004-8-4 1033728]
NotePro.lnk - c:\program files\NoteTab\NoteTab.exe [2009-2-1 1057792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RSIGuard.lnk - c:\program files\RSIGuard\RSIGuard.exe [2008-6-5 6926336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{38101905-D80F-4788-96F6-986A8186178A}"= "c:\windows\system32\flashd32.dll" [2009-07-12 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-18 02:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-09 03:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-24 08:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft\ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
"AVG8_TRAY"=c:\progra~1\AVG\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft\ActiveSync\rapimgr.exe"= c:\program files\Microsoft\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft\ActiveSync\wcescomm.exe"= c:\program files\Microsoft\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft\ActiveSync\WCESMgr.exe"= c:\program files\Microsoft\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Ramdisk;Ramdisk [ QSoft ];c:\windows\system32\drivers\ramdisk.sys [10/6/2002 11:26 AM 8192]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/26/2008 5:12 AM 325896]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [9/23/2008 11:48 PM 53752]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/17/2009 12:01 AM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/3/2008 6:18 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\SpySweeper\WRConsumerService.exe [10/26/2008 6:03 AM 1205760]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 7:40 PM 84992]
S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\avgwdsvc.exe [2/4/2009 8:39 AM 298776]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/13/2008 7:19 PM 13352]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [8/13/2008 8:56 AM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [8/13/2008 8:56 AM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [8/13/2008 8:56 AM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [8/13/2008 8:56 AM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [8/13/2008 8:56 AM 98568]
S3 usbwte;usbwte;c:\windows\system32\usbwte.sys [8/4/2004 6:00 AM 2304]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://beginnersoccer.com/WebSiteManager/default.aspx
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\tyl2\Application Data\Mozilla\Firefox\Profiles\default.qle\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\JRE\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\JRE\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\VLCPlayer\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-07-16 13:41
ComboFix-quarantined-files.txt 2009-07-16 17:41
ComboFix2.txt 2009-07-16 13:08
ComboFix3.txt 2009-07-16 03:46

Pre-Run: 37,176,037,376 bytes free
Post-Run: 37,142,183,936 bytes free

322 --- E O F --- 2009-07-15 12:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:43 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SpySweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\avgrsx.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\JRE\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\JRE\bin\jusched.exe
C:\Program Files\Microsoft\ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RSIGuard\RSIGuard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozy\mozybackup.exe
C:\PROGRA~1\MICROS~2\ACTIVE~1\rapimgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpySweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Documents and Settings\tyl2\Desktop\ATF-Cleaner.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beginnersoccer.com/WebSiteManager/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\JRE\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\JRE\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\JRE\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0992 -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0992 -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: Explorer.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: NotePro.lnk = C:\Program Files\NoteTab\NoteTab.exe
O4 - Global Startup: RSIGuard.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214611352327
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\JRE\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\SpySweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\SpySweeper\WRConsumerService.exe

--
End of file - 7759 bytes

[pskelley]

Thanks, once MBAM is complete, post that log and then a fresh HJT log. Please let me know how the compter runs at that point.