Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Virtumonde - can't shake it

  1. #11
    Junior Member
    Join Date
    Feb 2010
    Posts
    15

    Default ComboFix run... again

    Ok. When I went to shut down the machine, I saw that it had some Windows Updates to run. So THAT must be what caused it to re-boot.

    So I installed the updates, rebooted, turned off the anti-virus stuff again and ran ComboFix again...

    It asked to update ComboFix, and I let it do it this time.

    ComboFix 10-02-19.04 - Todd 02/19/2010 21:22:23.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1537 [GMT -8:00]
    Running from: c:\documents and settings\Todd\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100219-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
    .

    2010-02-20 04:05 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-02-20 04:05 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-19 01:47 . 2010-02-19 01:47 -------- d-----w- C:\rsit
    2010-02-12 04:45 . 2010-02-12 04:45 -------- d-----w- c:\program files\Trend Micro
    2010-02-12 04:44 . 2010-02-12 04:44 -------- d-----w- c:\windows\ERDNT-2010-2-11
    2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\documents and settings\Todd\Application Data\MSN6
    2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-20 05:17 . 2009-08-06 04:45 -------- d-----w- c:\documents and settings\Todd\Application Data\Dropbox
    2010-02-19 04:31 . 2007-03-15 03:42 6482 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
    2010-02-17 03:23 . 2009-09-19 04:08 -------- d-----w- c:\program files\KeePass
    2010-02-09 06:21 . 2006-09-01 17:23 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-01-31 04:54 . 2004-05-22 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-31 04:46 . 2005-10-03 00:28 -------- d-----w- c:\program files\QuickTime
    2010-01-31 01:21 . 2005-02-04 03:17 -------- d-----w- c:\program files\Ulead Systems
    2010-01-28 03:45 . 2009-04-17 01:01 -------- d-----w- c:\documents and settings\Todd\Application Data\FileZilla
    2010-01-18 04:31 . 2010-01-16 05:02 -------- d-----w- c:\program files\Dragon Age
    2010-01-16 05:34 . 2010-01-16 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
    2010-01-16 05:25 . 2010-01-16 05:25 -------- d-----w- c:\program files\AGEIA Technologies
    2010-01-16 05:25 . 2007-01-31 04:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-16 05:24 . 2010-01-16 05:02 -------- d-----w- c:\program files\Common Files\BioWare
    2010-01-16 03:11 . 2009-08-29 03:31 89854 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\Uninstall.exe
    2010-01-05 10:00 . 2004-02-07 01:05 832512 ------w- c:\windows\system32\wininet.dll
    2010-01-05 10:00 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2001-08-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-31 00:48 . 2009-12-31 00:48 21968784 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\update\Dropbox.exe
    2009-12-31 00:48 . 2009-12-31 00:48 21968784 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    2009-12-16 18:43 . 2004-05-20 02:46 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 07:08 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-13 05:25 . 2008-01-26 21:32 92232 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-09 01:19 . 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll
    2009-12-06 18:14 . 2009-12-06 18:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-12-04 18:22 . 2001-08-23 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-11-27 17:11 . 2004-05-22 21:55 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 17:11 . 2004-05-22 21:55 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 16:07 . 2001-08-23 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2004-05-20 02:46 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2004-05-20 02:46 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-24 23:54 . 2009-04-16 00:16 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2009-11-24 23:51 . 2009-04-16 00:16 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-11-24 23:50 . 2009-04-16 00:16 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-11-24 23:50 . 2009-04-16 00:16 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-11-24 23:50 . 2009-04-16 00:16 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-11-24 23:49 . 2009-04-16 00:16 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-11-24 23:48 . 2009-04-16 00:16 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-11-24 23:47 . 2009-04-16 00:16 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-11-24 23:47 . 2009-04-16 00:16 97480 ----a-w- c:\windows\system32\AvastSS.scr
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\fokitape.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\gefesohi.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\jujijano.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\larihisu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\lenoruta.dll
    1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\liwoduki.dll
    1601-01-01 00:03 . 1601-01-01 00:03 93696 --sha-w- c:\windows\system32\nilokuke.dll
    1601-01-01 00:03 . 1601-01-01 00:03 26624 --sha-w- c:\windows\system32\ralasife.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\rokesoza.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\vatoteju.dll
    1601-01-01 00:03 . 1601-01-01 00:03 53760 --sha-w- c:\windows\system32\vuleralo.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\vuzofafu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\yawiziga.dll
    1601-01-01 00:03 . 1601-01-01 00:03 45568 --sha-w- c:\windows\system32\zayezeru.dll
    1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\zehekilo.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1169776]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1945960]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-17 149024]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "IBWin Background process"="c:\ibackup for windows\IBackground_955.exe" [2009-11-25 38376]
    "IBWin Monitor"="c:\ibackup for windows\IBMonitor.exe" [2009-11-25 1893864]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Todd\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Todd\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Todd\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]
    hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave6"=audpci40.dll
    "midi6"=audpci40.dll
    "mixer6"=audpci40.dll
    "aux3"=audpci40.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    2004-12-03 02:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2005-08-07 22:10 16384 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2005-08-07 22:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-04-20 23:50 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-04-19 20:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2007-04-19 20:26 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    2003-06-24 04:12 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2003-06-25 07:18 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-05-02 01:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-11 11:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2003-03-21 13:34 47104 ----a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 09:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "DVD-RAM_Service"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "IDriverT"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Games\\Age of Mythology\\aom.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Games\\Age of Mythology\\aomx.exe"=
    "c:\\Games\\AOEIII\\age3.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "d:\\Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
    "d:\\Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "d:\\Games\\Company of Heroes\\RelicCOH.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Games\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
    "c:\\IBackup for Windows\\ibackup_ssl_sch_955.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\IBackup for Windows\\ibackup_int_955.exe"=
    "c:\\IBackup for Windows\\ibackup_ssl_int_955.exe"=
    "c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
    "c:\\Documents and Settings\\Todd\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "192:UDP"= 192:UDP:AirPort Express -admin (udp)
    "9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)
    "3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
    "3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp
    "9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)

    R0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [1/23/2003 7:26 AM 9826]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/15/2009 4:16 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/15/2009 4:16 PM 20560]
    R2 IBackupWeb;IBackupWeb;c:\ibackup for windows\IBackupWebM.exe [11/24/2009 5:10 PM 54760]
    R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [1/9/2010 6:01 PM 285952]
    S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/15/2010 9:14 PM 25832]
    S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [7/30/2005 10:11 AM 37120]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-02-12 c:\windows\Tasks\backup_to_terastation.job
    - c:\bat\backup_to_terastation.bat [2009-01-16 13:20]

    2004-07-31 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745085266987.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 17:56]

    2010-02-20 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-22 20:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: turbotax.com
    TCP: {CF9E89FE-2C6B-4AC7-9DE9-0A9D36964A69} = 83.149.115.157,4.2.2.1,10.0.3.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\x7om95rw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-19 21:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    IBWin Monitor = "c:\ibackup for windows\IBMonitor.exe" Min?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(944)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'explorer.exe'(2768)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-02-19 21:32:56
    ComboFix-quarantined-files.txt 2010-02-20 05:32
    ComboFix2.txt 2010-02-20 04:41

    Pre-Run: 57,775,595,520 bytes free
    Post-Run: 57,732,481,024 bytes free

    - - End Of File - - C7E9969DE4353C791470C4A9FF70BA69

  2. #12
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    While it was running (I was out of the room) it either logged me out or rebooted my machine. When I walked back in, it was at the "pick a user" Windows XP selection screen.

    I picked the same user I always do, and it loaded windows like normal and appeared to resume activity. It had a "Preparing Log report. Do not run any programs until ComboFix has finished" message.

    I waited, and eventually the log file was created.

    So I think it ran ok, and here is the log...

    Ok. When I went to shut down the machine, I saw that it had some Windows Updates to run. So THAT must be what caused it to re-boot.
    I don't think these Windows Updates caused your computer to reboot the first time you ran ComboFix.

    The reason being that ComboFix normally reboots your computer during its run. Both runs of ComboFix look like they ran just fine.



    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      http://forums.spybot.info/showpost.php?p=360485&postcount=11
      
      KILLALL::
      
      Collect::
      
      c:\windows\system32\fokitape.dll
      c:\windows\system32\gefesohi.dll
      c:\windows\system32\jujijano.dll
      c:\windows\system32\larihisu.dll
      c:\windows\system32\lenoruta.dll
      c:\windows\system32\liwoduki.dll
      c:\windows\system32\nilokuke.dll
      
      File::
      
      c:\windows\system32\ralasife.dll
      c:\windows\system32\rokesoza.dll
      c:\windows\system32\vatoteju.dll
      c:\windows\system32\vuleralo.dll
      c:\windows\system32\vuzofafu.dll
      c:\windows\system32\yawiziga.dll
      c:\windows\system32\zayezeru.dll
      c:\windows\system32\zehekilo.dll
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







      Note: This CFScript is for use on theo124's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Please Note:

    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. ComboFix is capturing a file/files to submit for analysis.

    Ensure you are connected to the internet and click OK on the message box.


    Please let me know if the file was successfully submitted. Thanks.

    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
    2. A fresh RSIT Log taken after Step 1 has been completed.
    Malware Removal University Master
    Member of ASAP & UNITE

  3. #13
    Junior Member
    Join Date
    Feb 2010
    Posts
    15

    Default ComboFix run with script

    I turned on the machine, disabled Avast! as you directed earlier, and dragged the script file over the ComboFix icon.

    It wanted to update ComboFix again, so I let it.

    It ran fine and appeared to take action on the script file (as you can see from the log file), but it never brought up a dialogue box where I needed to hit ok. So I'm not sure if the files were ever uploaded anywhere...

    Then I disabled Avast! again, and ran RSIT. It gave an error the first time...
    Error #5 - Invalid procedure call or argument.
    It appeared to run fine, but I ran it again and there was no error the second time. The log files were identical except run run times, etc.

    ComboFix 10-02-20.01 - Todd 02/20/2010 10:28:02.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1495 [GMT -8:00]
    Running from: c:\documents and settings\Todd\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Todd\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1368 [VPS 100220-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\system32\ralasife.dll"
    "c:\windows\system32\rokesoza.dll"
    "c:\windows\system32\vatoteju.dll"
    "c:\windows\system32\vuleralo.dll"
    "c:\windows\system32\vuzofafu.dll"
    "c:\windows\system32\yawiziga.dll"
    "c:\windows\system32\zayezeru.dll"
    "c:\windows\system32\zehekilo.dll"

    file zipped: c:\windows\system32\fokitape.dll
    file zipped: c:\windows\system32\gefesohi.dll
    file zipped: c:\windows\system32\jujijano.dll
    file zipped: c:\windows\system32\larihisu.dll
    file zipped: c:\windows\system32\lenoruta.dll
    file zipped: c:\windows\system32\liwoduki.dll
    file zipped: c:\windows\system32\nilokuke.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\fokitape.dll
    c:\windows\system32\gefesohi.dll
    c:\windows\system32\jujijano.dll
    c:\windows\system32\larihisu.dll
    c:\windows\system32\lenoruta.dll
    c:\windows\system32\liwoduki.dll
    c:\windows\system32\nilokuke.dll
    c:\windows\system32\ralasife.dll
    c:\windows\system32\rokesoza.dll
    c:\windows\system32\vatoteju.dll
    c:\windows\system32\vuleralo.dll
    c:\windows\system32\vuzofafu.dll
    c:\windows\system32\yawiziga.dll
    c:\windows\system32\zayezeru.dll
    c:\windows\system32\zehekilo.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
    .

    2010-02-20 04:05 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-02-20 04:05 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-19 01:47 . 2010-02-19 01:47 -------- d-----w- C:\rsit
    2010-02-12 04:45 . 2010-02-12 04:45 -------- d-----w- c:\program files\Trend Micro
    2010-02-12 04:44 . 2010-02-12 04:44 -------- d-----w- c:\windows\ERDNT-2010-2-11
    2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\documents and settings\Todd\Application Data\MSN6
    2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-20 18:40 . 2009-08-06 04:45 -------- d-----w- c:\documents and settings\Todd\Application Data\Dropbox
    2010-02-19 04:31 . 2007-03-15 03:42 6482 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
    2010-02-17 03:23 . 2009-09-19 04:08 -------- d-----w- c:\program files\KeePass
    2010-02-09 06:21 . 2006-09-01 17:23 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-01-31 04:54 . 2004-05-22 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-31 04:46 . 2005-10-03 00:28 -------- d-----w- c:\program files\QuickTime
    2010-01-31 01:21 . 2005-02-04 03:17 -------- d-----w- c:\program files\Ulead Systems
    2010-01-28 03:45 . 2009-04-17 01:01 -------- d-----w- c:\documents and settings\Todd\Application Data\FileZilla
    2010-01-18 04:31 . 2010-01-16 05:02 -------- d-----w- c:\program files\Dragon Age
    2010-01-16 05:34 . 2010-01-16 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
    2010-01-16 05:25 . 2010-01-16 05:25 -------- d-----w- c:\program files\AGEIA Technologies
    2010-01-16 05:25 . 2007-01-31 04:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-16 05:24 . 2010-01-16 05:02 -------- d-----w- c:\program files\Common Files\BioWare
    2010-01-16 03:11 . 2009-08-29 03:31 89854 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\Uninstall.exe
    2010-01-05 10:00 . 2004-02-07 01:05 832512 ------w- c:\windows\system32\wininet.dll
    2010-01-05 10:00 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2001-08-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-31 00:48 . 2009-12-31 00:48 21968784 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\update\Dropbox.exe
    2009-12-31 00:48 . 2009-12-31 00:48 21968784 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    2009-12-16 18:43 . 2004-05-20 02:46 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 07:08 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-13 05:25 . 2008-01-26 21:32 92232 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-09 01:19 . 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll
    2009-12-06 18:14 . 2009-12-06 18:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-12-04 18:22 . 2001-08-23 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-11-27 17:11 . 2004-05-22 21:55 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 17:11 . 2004-05-22 21:55 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 16:07 . 2001-08-23 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2004-05-20 02:46 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2004-05-20 02:46 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-24 23:54 . 2009-04-16 00:16 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2009-11-24 23:51 . 2009-04-16 00:16 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-11-24 23:50 . 2009-04-16 00:16 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-11-24 23:50 . 2009-04-16 00:16 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-11-24 23:50 . 2009-04-16 00:16 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-11-24 23:49 . 2009-04-16 00:16 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-11-24 23:48 . 2009-04-16 00:16 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-11-24 23:47 . 2009-04-16 00:16 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-11-24 23:47 . 2009-04-16 00:16 97480 ----a-w- c:\windows\system32\AvastSS.scr
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1169776]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1945960]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-17 149024]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "IBWin Background process"="c:\ibackup for windows\IBackground_955.exe" [2009-11-25 38376]
    "IBWin Monitor"="c:\ibackup for windows\IBMonitor.exe" [2009-11-25 1893864]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Todd\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Todd\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Todd\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]
    hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave6"=audpci40.dll
    "midi6"=audpci40.dll
    "mixer6"=audpci40.dll
    "aux3"=audpci40.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    2004-12-03 02:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2005-08-07 22:10 16384 ----a-w- c:\windows\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    2005-08-07 22:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-04-20 23:50 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-04-19 20:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2007-04-19 20:26 86016 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-19 20:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    2003-06-24 04:12 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2003-06-25 07:18 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-05-02 01:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    2002-04-11 11:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2003-03-21 13:34 47104 ----a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 09:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "UleadBurningHelper"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "DVD-RAM_Service"=2 (0x2)
    "Creative Service for CDROM Access"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "IDriverT"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Games\\Age of Mythology\\aom.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Games\\Age of Mythology\\aomx.exe"=
    "c:\\Games\\AOEIII\\age3.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "d:\\Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
    "d:\\Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "d:\\Games\\Company of Heroes\\RelicCOH.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Games\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
    "c:\\IBackup for Windows\\ibackup_ssl_sch_955.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\IBackup for Windows\\ibackup_int_955.exe"=
    "c:\\IBackup for Windows\\ibackup_ssl_int_955.exe"=
    "c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
    "c:\\Documents and Settings\\Todd\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "192:UDP"= 192:UDP:AirPort Express -admin (udp)
    "9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)
    "3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
    "3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp
    "9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)

    R0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [1/23/2003 7:26 AM 9826]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/15/2009 4:16 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/15/2009 4:16 PM 20560]
    R2 IBackupWeb;IBackupWeb;c:\ibackup for windows\IBackupWebM.exe [11/24/2009 5:10 PM 54760]
    R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
    R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [1/9/2010 6:01 PM 285952]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1/15/2010 9:14 PM 25832]
    S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [7/30/2005 10:11 AM 37120]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-02-12 c:\windows\Tasks\backup_to_terastation.job
    - c:\bat\backup_to_terastation.bat [2009-01-16 13:20]

    2004-07-31 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745085266987.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 17:56]

    2010-02-20 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-22 20:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = 127.0.0.1;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: turbotax.com
    TCP: {CF9E89FE-2C6B-4AC7-9DE9-0A9D36964A69} = 83.149.115.157,4.2.2.1,10.0.3.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\x7om95rw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-20 10:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    IBWin Monitor = "c:\ibackup for windows\IBMonitor.exe" Min?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(948)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'explorer.exe'(2824)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Todd\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\ibackup for windows\IBWin Service_955.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\windows\system32\nvsvc32.exe
    c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    c:\windows\System32\MsPMSPSv.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\windows\System32\HPZipm12.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-02-20 10:47:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-20 18:47
    ComboFix2.txt 2010-02-20 05:32
    ComboFix3.txt 2010-02-20 04:41

    Pre-Run: 57,742,135,296 bytes free
    Post-Run: 57,696,661,504 bytes free

    - - End Of File - - 132C7F6DE62C0BC79AAC7A090A731836

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Todd at 2010-02-20 10:53:19
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 55 GB (47%) free of 118 GB
    Total RAM: 2047 MB (72% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:53:26 AM, on 2/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\IBackup for Windows\IBackupWebM.exe
    C:\IBackup for Windows\IBWin Service_955.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\IBackup for Windows\IBackground_955.exe
    C:\IBackup for Windows\IBMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Todd\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Todd.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IBWin Background process] "C:\IBackup for Windows\IBackground_955.exe"
    O4 - HKLM\..\Run: [IBWin Monitor] "C:\IBackup for Windows\IBMonitor.exe" Min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Dropbox.lnk = C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla..._installer.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF9E89FE-2C6B-4AC7-9DE9-0A9D36964A69}: NameServer = 83.149.115.157,4.2.2.1,10.0.3.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBackupWeb - Pro-Softnet - C:\IBackup for Windows\IBackupWebM.exe
    O23 - Service: IBWin Service - Pro Softnet Corporation - C:\IBackup for Windows\IBWin Service_955.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8735 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\backup_to_terastation.job
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1085266987.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    UberButton Class - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 181352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
    YahooTaggedBM Class - C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 115832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-16 1169776]
    "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-16 1945960]
    "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-16 149024]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
    "IBWin Background process"=C:\IBackup for Windows\IBackground_955.exe [2009-11-24 38376]
    "IBWin Monitor"=C:\IBackup for Windows\IBMonitor.exe [2009-11-24 1893864]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    C:\WINDOWS\CTHELPER.EXE [2005-08-07 16384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    C:\WINDOWS\system32\CTXFIHLP.EXE [2005-08-07 18944]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2004-04-20 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-06-23 319488]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-06-24 868352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2003-03-21 47104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2008-03-18 972064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3
    "UleadBurningHelper"=2
    "iPod Service"=3
    "gusvc"=3
    "DVD-RAM_Service"=2
    "Creative Service for CDROM Access"=2
    "Bonjour Service"=2
    "Apple Mobile Device"=2
    "IDriverT"=3

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Dropbox.lnk - C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

    C:\Documents and Settings\Todd\Start Menu\Programs\Startup
    Dropbox.lnk - C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-28 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    relog_ap

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Games\Age of Mythology\aom.exe"="C:\Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Games\Age of Mythology\aomx.exe"="C:\Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
    "C:\Games\AOEIII\age3.exe"="C:\Games\AOEIII\age3.exe:*:Enabled:Age of Empires 3"
    "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
    "D:\Games\Supreme Commander\bin\SupremeCommander.exe"="D:\Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
    "D:\Games\GPGNet\GPG.Multiplayer.Client.exe"="D:\Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "D:\Games\Company of Heroes\RelicCOH.exe"="D:\Games\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "D:\Games\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="D:\Games\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
    "C:\IBackup for Windows\ibackup_ssl_sch_955.exe"="C:\IBackup for Windows\ibackup_ssl_sch_955.exe:*:Enabled:ibackup_ssl_sch_955"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\IBackup for Windows\ibackup_int_955.exe"="C:\IBackup for Windows\ibackup_int_955.exe:*:Enabled:ibackup_int_955"
    "C:\IBackup for Windows\ibackup_ssl_int_955.exe"="C:\IBackup for Windows\ibackup_ssl_int_955.exe:*:Enabled:ibackup_ssl_int_955"
    "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe:*:Enabled:ashDisp"
    "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer"
    "C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2010-02-20 10:49:32 ----SHD---- C:\RECYCLER
    2010-02-20 10:47:33 ----A---- C:\ComboFix.txt
    2010-02-19 21:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
    2010-02-19 21:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
    2010-02-19 21:10:43 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-02-19 21:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
    2010-02-19 21:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
    2010-02-19 21:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
    2010-02-19 21:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
    2010-02-19 21:09:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
    2010-02-19 21:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\zip.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\SWXCACLS.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\SWSC.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\SWREG.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\sed.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\PEV.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\NIRCMD.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\MBR.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\grep.exe
    2010-02-19 19:50:10 ----D---- C:\Qoobox
    2010-02-18 17:47:26 ----D---- C:\rsit
    2010-02-11 20:45:05 ----D---- C:\Program Files\Trend Micro
    2010-02-11 20:44:26 ----D---- C:\WINDOWS\ERDNT-2010-2-11
    2010-01-30 20:58:22 ----D---- C:\Documents and Settings\Todd\Application Data\MSN6
    2010-01-30 20:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6

    ======List of files/folders modified in the last 1 months======

    2010-02-20 10:52:35 ----D---- C:\WINDOWS\Prefetch
    2010-02-20 10:50:43 ----D---- C:\Documents and Settings\Todd\Application Data\Dropbox
    2010-02-20 10:47:36 ----D---- C:\WINDOWS\Temp
    2010-02-20 10:47:36 ----D---- C:\WINDOWS\system32\drivers
    2010-02-20 10:45:49 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-02-20 10:39:53 ----N---- C:\WINDOWS\system.ini
    2010-02-20 10:39:53 ----D---- C:\WINDOWS
    2010-02-20 10:35:02 ----D---- C:\WINDOWS\system32
    2010-02-20 10:33:07 ----D---- C:\WINDOWS\AppPatch
    2010-02-20 10:33:02 ----D---- C:\Program Files\Common Files
    2010-02-20 10:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-02-19 21:12:50 ----HD---- C:\WINDOWS\inf
    2010-02-19 21:12:46 ----HD---- C:\WINDOWS\$hf_mig$
    2010-02-19 21:12:44 ----A---- C:\WINDOWS\imsins.BAK
    2010-02-19 21:12:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-02-19 20:40:05 ----D---- C:\WINDOWS\ERDNT
    2010-02-19 20:00:12 ----D---- C:\WINDOWS\system32\config
    2010-02-19 19:50:47 ----SHD---- C:\System Volume Information
    2010-02-19 19:50:47 ----D---- C:\WINDOWS\system32\Restore
    2010-02-19 15:17:24 ----RD---- C:\My Dropbox
    2010-02-18 14:00:09 ----SD---- C:\WINDOWS\Tasks
    2010-02-17 21:09:21 ----D---- C:\WINDOWS\system32\NtmsData
    2010-02-16 19:23:16 ----D---- C:\Program Files\KeePass
    2010-02-11 20:45:39 ----D---- C:\Program Files\Mozilla Firefox
    2010-02-11 20:45:05 ----RD---- C:\Program Files
    2010-02-11 13:37:23 ----D---- C:\IBackup for Windows
    2010-02-10 22:24:22 ----A---- C:\WINDOWS\WININIT.INI
    2010-02-10 21:16:07 ----D---- C:\Games
    2010-02-08 22:21:26 ----D---- C:\Program Files\Mozilla Thunderbird
    2010-02-02 21:03:55 ----D---- C:\downloads
    2010-01-30 21:12:13 ----N---- C:\WINDOWS\win.ini
    2010-01-30 21:12:13 ----A---- C:\WINDOWS\pagesuit.ini
    2010-01-30 20:54:51 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-01-30 20:54:48 ----SHD---- C:\WINDOWS\Installer
    2010-01-30 20:46:47 ----D---- C:\Program Files\QuickTime
    2010-01-30 17:26:01 ----A---- C:\WINDOWS\Winamp.ini
    2010-01-30 17:21:07 ----D---- C:\Program Files\Ulead Systems
    2010-01-27 19:45:09 ----D---- C:\Documents and Settings\Todd\Application Data\FileZilla
    2010-01-23 12:40:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-01-22 17:28:10 ----D---- C:\WINDOWS\system32\en-us
    2010-01-22 17:28:10 ----D---- C:\Program Files\Internet Explorer
    2010-01-22 17:27:41 ----D---- C:\WINDOWS\ie7updates
    2010-01-21 19:41:34 ----A---- C:\WINDOWS\QTW.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
    R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
    R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
    R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-06-24 259328]
    R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-06-24 146560]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
    R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-23 90416]
    R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-06-24 118409]
    R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-06-24 213120]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
    R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-08-24 32768]
    R2 WBHWDOCT;WBHWDOCT; C:\WINDOWS\system32\drivers\WBHWDOCT.sys [2001-06-15 5006]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-03-21 701676]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
    R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-07 501760]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-07 439424]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-07 7168]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-07 142848]
    R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-06-24 21993]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-07 77824]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 1093632]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960]
    R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
    R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512]
    R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys [2009-04-07 285952]
    R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-05-23 28352]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-07 114688]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-09-14 166400]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
    S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120]
    S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\System32\DRIVERS\HidBatt.sys [2008-04-13 20352]
    S3 mbr;mbr; \??\C:\DOCUME~1\Todd\LOCALS~1\Temp\mbr.sys []
    S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-06-24 22745]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-09-14 15360]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
    R2 IBackupWeb;IBackupWeb; C:\IBackup for Windows\IBackupWebM.exe [2009-03-25 54760]
    R2 IBWin Service;IBWin Service; C:\IBackup for Windows\IBWin Service_955.exe [2009-11-24 128488]
    R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-01-19 4149248]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
    R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920]
    S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 lmab_device;lmab_device; C:\WINDOWS\system32\LMabcoms.exe [2004-03-19 421888]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
    S4 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-22 106496]
    S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-03-18 20480]
    S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------

  4. #14
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    It ran fine and appeared to take action on the script file (as you can see from the log file), but it never brought up a dialogue box where I needed to hit ok. So I'm not sure if the files were ever uploaded anywhere...
    Ok. We'll have to manually upload the .zip file that ComboFix created.

    Go to the C:\Qoobox\Quarantine folder and locate the [4]Submit@Date_Time.zip file. That's the file you'll be uploading.

    Once that's done, please visit the site below and follow the instructions for uploading the [4]Submit@Date_Time.zip

    http://www.bleepingcomputer.com/subm....php?channel=4

    In the Link to topic where this file was requested box, put a link back to this thread.


    Let me know if the file was successfully uploaded.
    Malware Removal University Master
    Member of ASAP & UNITE

  5. #15
    Junior Member
    Join Date
    Feb 2010
    Posts
    15

    Default File submitted to Bleeping Computer

    Yes, I submitted it.

  6. #16
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Yes, I submitted it.



    Step # 1 Update Java

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u18.
    • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Remove the following old versions of Java:

    • Java 2 Runtime Environment, SE v1.4.1_02

    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • From your desktop double-click on the download to install the newest version.




    Step # 2: Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    Step # 3 Download and Run Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.


    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


    Post the MalwareBytes' Log in your next post/reply.
    Malware Removal University Master
    Member of ASAP & UNITE

  7. #17
    Junior Member
    Join Date
    Feb 2010
    Posts
    15

    Default Updated Java, ran ATF cleaner and MBAM

    I removed old Java (the one you said and "Java Web Start".
    Then rebooted.
    Then installed new version.

    Ran ATF cleaner

    Ran MBAM (I forgot to dis-able Avast!)

    Here is the log.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3772
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    2/21/2010 2:42:29 PM
    mbam-log-2010-02-21 (14-42-29).txt

    Scan type: Quick Scan
    Objects scanned: 128614
    Time elapsed: 26 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf9e89fe-2c6b-4ac7-9de9-0a9d36964a69}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,10.0.3.1 -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  8. #18
    Junior Member
    Join Date
    Feb 2010
    Posts
    15

    Default ran MBAM again

    I rebooted, turned Avast! off and then ran MBAM again.
    This time it ran in only 6 minutes instead of 25!!

    It came up clean - did not find anything...

    Malwarebytes' Anti-Malware 1.44
    Database version: 3772
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    2/21/2010 2:56:34 PM
    mbam-log-2010-02-21 (14-56-34).txt

    Scan type: Quick Scan
    Objects scanned: 128611
    Time elapsed: 5 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  9. #19
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1 Update Adobe Acrobat Reader

    There is a newer version of Adobe Acrobat Reader available. (See Note below)

    • First, go to Add/Remove Programs and uninstall Adobe Reader 7.0.9.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts


    Note: Adobe 9.3.1 is a large program and if you prefer a smaller program you can get Foxit 3.1.4 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

    If you decide to install Foxit 3.1.4 instead of Adobe, do the following during Foxit's Setup/Installation process:

    Uncheck the following boxes:

    I accept the License Terms and want to install Foxit Toolbar

    Make Ask.com my default search

    Create desktop, quick launch and start menu icon to eBay


    Step # 2: Run Kaspersky Online Scan

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.



    In your next post/reply, I need to see the following:

    1. Kaspersky Log
    2. A fresh RSIT Log
    3. How is your computer doing, any problems?
    Malware Removal University Master
    Member of ASAP & UNITE

  10. #20
    Junior Member
    Join Date
    Feb 2010
    Posts
    15

    Default Run spybot (oops), Kaspersky, RSIT

    After the runs on the week-end, I was feeling over-confident and ran Spybot again (the way I initially found this infection). It found 1 registry infection (virtumonde again and I had it "fix" it.
    Sorry for going off on my own like that. I won't do that again. But I want you to know what I did just in case it matters.

    I removed Adobe Acrobat, installed Foxit and started Kaspersky. It was WAY slow, and then I noticed that I had not de-activated my Avast! So I rebooted, deactivated Avast! and ran Kaspersky. Then I ran HSIT. Logs follow. The machine seems snappier, but I have still not dared to click on links in a web browser (this is when it was taking me to spurious advertising sites). I'm afraid it could re-infect me. Should I try using the browser like normal again?
    Logs follow...

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, February 23, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, February 23, 2010 05:27:31
    Records in database: 3635063
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    B:\
    C:\
    D:\
    F:\
    G:\
    M:\
    P:\
    R:\
    T:\
    W:\
    X:\
    Z:\

    Scan statistics:
    Objects scanned: 273662
    Threats found: 15
    Infected objects found: 30
    Suspicious objects found: 9
    Scan duration: 06:18:40


    File name / Threat / Threats count
    C:\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
    C:\Documents and Settings\Todd\.jpi_cache\file\1.0\Show.class-1633e53c-2cf62983.class Infected: Trojan-Downloader.Java.Agent.ab 1
    C:\Documents and Settings\Todd\Application Data\Mozilla\Profiles\default\o48a2da7.slt\Mail\pop.pacbell.yahoo.com\Inbox Suspicious: Exploit.HTML.Iframe.FileDownload 1
    C:\Documents and Settings\Todd\Application Data\Mozilla\Profiles\default\o48a2da7.slt\Mail\pop.pacbell.yahoo.com\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
    C:\Documents and Settings\Todd\Application Data\Mozilla\Profiles\default\o48a2da7.slt\Mail\pop.pacbell.yahoo.com\Trash Suspicious: Exploit.HTML.Iframe.FileDownload 1
    C:\Documents and Settings\Todd\Application Data\Mozilla\Profiles\default\o48a2da7.slt\Mail\pop.pacbell.yahoo.com\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 2
    C:\Documents and Settings\Todd\Application Data\Thunderbird\Profiles\8ge6qlr6.default\Mail\pop.pacbell.yahoo.com\Inbox Suspicious: Exploit.HTML.Iframe.FileDownload 1
    C:\Documents and Settings\Todd\Application Data\Thunderbird\Profiles\8ge6qlr6.default\Mail\pop.pacbell.yahoo.com\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
    C:\Documents and Settings\Todd\Application Data\Thunderbird\Profiles\8ge6qlr6.default\Mail\pop.pacbell.yahoo.com\Trash Infected: Trojan.Win32.Sasfis.tub 1
    C:\downloads\Hank\Accessories\Test\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
    C:\downloads\Hank\Accessories\Test\Other\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    C:\downloads\Hank\Accessories\Test\XDEBUG\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    C:\Program Files\Accessories\Test\Debug\Ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    C:\Program Files\Accessories\Test\Keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
    C:\Program Files\Accessories\Test\Keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
    C:\Program Files\Accessories\Test\NIRSoft\System\ActiveXhelper.exe Infected: not-a-virus:PSWTool.Win32.IEPassView.l 1
    C:\Program Files\Accessories\Test\NIRSoft\System\OpenedFilesView.exe Infected: not-a-virus:PSWTool.Win32.IEPassView.q 1
    C:\Program Files\Accessories\Test\NIRSoft\System\OutlookNK2View.exe Infected: not-a-virus:PSWTool.Win32.IEPassView.o 1
    C:\Program Files\Accessories\Test\NIRSoft\System\ProductKeys.exe Infected: not-a-virus:PSWTool.Win32.Dialupass.dp 1
    C:\Program Files\Accessories\Test\ProductKey.exe Infected: not-a-virus:PSWTool.Win32.Dialupass.dp 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mubodigi.dll.vir Infected: Packed.Win32.Tdss.c 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rokesoza.dll.vir Infected: Packed.Win32.TDSS.aa 1
    C:\System Volume Information\_restore{2FA926F7-8108-46F3-85A4-09D1FC9E2490}\RP1\A0000093.dll Infected: Packed.Win32.Tdss.c 1
    C:\System Volume Information\_restore{2FA926F7-8108-46F3-85A4-09D1FC9E2490}\RP2\A0000589.dll Infected: Packed.Win32.TDSS.aa 1
    D:\downloads\Hank\ESSENTIAL\Test\Revelation.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 1
    T:\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
    T:\downloads\Hank\Accessories\Test\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
    T:\downloads\Hank\Accessories\Test\Other\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    T:\downloads\Hank\Accessories\Test\XDEBUG\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    X:\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k 1
    X:\downloads\Hank\Accessories\Test\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
    X:\downloads\Hank\Accessories\Test\Other\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
    X:\downloads\Hank\Accessories\Test\XDEBUG\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1

    Selected area has been scanned.


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Todd at 2010-02-23 06:13:59
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 54 GB (46%) free of 118 GB
    Total RAM: 2047 MB (75% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:12 AM, on 2/23/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\IBackup for Windows\IBackupWebM.exe
    C:\IBackup for Windows\IBWin Service_955.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\IBackup for Windows\IBackground_955.exe
    C:\IBackup for Windows\IBMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Todd\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Todd.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [IBWin Background process] "C:\IBackup for Windows\IBackground_955.exe"
    O4 - HKLM\..\Run: [IBWin Monitor] "C:\IBackup for Windows\IBMonitor.exe" Min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Dropbox.lnk = C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla..._installer.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBackupWeb - Pro-Softnet - C:\IBackup for Windows\IBackupWebM.exe
    O23 - Service: IBWin Service - Pro Softnet Corporation - C:\IBackup for Windows\IBWin Service_955.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 9056 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\backup_to_terastation.job
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1085266987.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    UberButton Class - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 181352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
    YahooTaggedBM Class - C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 115832]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-21 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-21 79648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-16 1169776]
    "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-16 1945960]
    "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-16 149024]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
    "IBWin Background process"=C:\IBackup for Windows\IBackground_955.exe [2009-11-24 38376]
    "IBWin Monitor"=C:\IBackup for Windows\IBMonitor.exe [2009-11-24 1893864]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    C:\WINDOWS\CTHELPER.EXE [2005-08-07 16384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
    C:\WINDOWS\system32\CTXFIHLP.EXE [2005-08-07 18944]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2004-04-20 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-06-23 319488]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-06-24 868352]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2003-03-21 47104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2008-03-18 972064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3
    "UleadBurningHelper"=2
    "iPod Service"=3
    "gusvc"=3
    "DVD-RAM_Service"=2
    "Creative Service for CDROM Access"=2
    "Bonjour Service"=2
    "Apple Mobile Device"=2
    "IDriverT"=3

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Dropbox.lnk - C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

    C:\Documents and Settings\Todd\Start Menu\Programs\Startup
    Dropbox.lnk - C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-28 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    relog_ap

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Games\Age of Mythology\aom.exe"="C:\Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\Games\Age of Mythology\aomx.exe"="C:\Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
    "C:\Games\AOEIII\age3.exe"="C:\Games\AOEIII\age3.exe:*:Enabled:Age of Empires 3"
    "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
    "D:\Games\Supreme Commander\bin\SupremeCommander.exe"="D:\Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
    "D:\Games\GPGNet\GPG.Multiplayer.Client.exe"="D:\Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "D:\Games\Company of Heroes\RelicCOH.exe"="D:\Games\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "D:\Games\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="D:\Games\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
    "C:\IBackup for Windows\ibackup_ssl_sch_955.exe"="C:\IBackup for Windows\ibackup_ssl_sch_955.exe:*:Enabled:ibackup_ssl_sch_955"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\IBackup for Windows\ibackup_int_955.exe"="C:\IBackup for Windows\ibackup_int_955.exe:*:Enabled:ibackup_int_955"
    "C:\IBackup for Windows\ibackup_ssl_int_955.exe"="C:\IBackup for Windows\ibackup_ssl_int_955.exe:*:Enabled:ibackup_ssl_int_955"
    "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe:*:Enabled:ashDisp"
    "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer"
    "C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Todd\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2010-02-22 19:32:30 ----D---- C:\WINDOWS\Sun
    2010-02-22 19:28:57 ----D---- C:\Documents and Settings\Todd\Application Data\Foxit
    2010-02-22 19:28:18 ----D---- C:\Program Files\Foxit Software
    2010-02-22 19:26:02 ----SHD---- C:\Config.Msi
    2010-02-21 13:10:49 ----D---- C:\Documents and Settings\Todd\Application Data\Malwarebytes
    2010-02-21 13:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-02-21 13:10:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-02-21 13:06:25 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
    2010-02-21 13:06:22 ----D---- C:\Program Files\Common Files\Java
    2010-02-21 13:06:03 ----A---- C:\WINDOWS\system32\javaws.exe
    2010-02-21 13:06:03 ----A---- C:\WINDOWS\system32\javaw.exe
    2010-02-21 13:06:03 ----A---- C:\WINDOWS\system32\java.exe
    2010-02-21 13:06:03 ----A---- C:\WINDOWS\system32\deploytk.dll
    2010-02-21 13:05:14 ----D---- C:\Documents and Settings\Todd\Application Data\Sun
    2010-02-20 10:49:32 ----SHD---- C:\RECYCLER
    2010-02-20 10:47:33 ----A---- C:\ComboFix.txt
    2010-02-19 21:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
    2010-02-19 21:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
    2010-02-19 21:10:43 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-02-19 21:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
    2010-02-19 21:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
    2010-02-19 21:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
    2010-02-19 21:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
    2010-02-19 21:09:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
    2010-02-19 21:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\zip.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\SWXCACLS.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\SWSC.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\SWREG.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\sed.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\PEV.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\NIRCMD.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\MBR.exe
    2010-02-19 19:50:47 ----A---- C:\WINDOWS\grep.exe
    2010-02-19 19:50:10 ----D---- C:\Qoobox
    2010-02-18 17:47:26 ----D---- C:\rsit
    2010-02-11 20:45:05 ----D---- C:\Program Files\Trend Micro
    2010-02-11 20:44:26 ----D---- C:\WINDOWS\ERDNT-2010-2-11
    2010-01-30 20:58:22 ----D---- C:\Documents and Settings\Todd\Application Data\MSN6
    2010-01-30 20:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6

    ======List of files/folders modified in the last 1 months======

    2010-02-23 06:14:07 ----D---- C:\WINDOWS\Prefetch
    2010-02-23 06:13:39 ----D---- C:\Documents and Settings\Todd\Application Data\Dropbox
    2010-02-23 05:54:26 ----D---- C:\WINDOWS\Temp
    2010-02-22 21:45:24 ----D---- C:\Program Files\Mozilla Firefox
    2010-02-22 21:41:02 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-02-22 19:32:30 ----D---- C:\WINDOWS
    2010-02-22 19:28:18 ----RD---- C:\Program Files
    2010-02-22 19:26:15 ----SHD---- C:\WINDOWS\Installer
    2010-02-22 19:24:51 ----RD---- C:\My Dropbox
    2010-02-21 18:09:07 ----D---- C:\WINDOWS\system32
    2010-02-21 13:10:45 ----D---- C:\WINDOWS\system32\drivers
    2010-02-21 13:06:22 ----D---- C:\Program Files\Common Files
    2010-02-21 13:05:45 ----D---- C:\Program Files\Java
    2010-02-20 20:24:19 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-02-20 10:56:52 ----D---- C:\vslick
    2010-02-20 10:39:53 ----N---- C:\WINDOWS\system.ini
    2010-02-20 10:33:07 ----D---- C:\WINDOWS\AppPatch
    2010-02-19 21:12:50 ----HD---- C:\WINDOWS\inf
    2010-02-19 21:12:46 ----HD---- C:\WINDOWS\$hf_mig$
    2010-02-19 21:12:44 ----A---- C:\WINDOWS\imsins.BAK
    2010-02-19 21:12:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-02-19 20:40:05 ----D---- C:\WINDOWS\ERDNT
    2010-02-19 20:00:12 ----D---- C:\WINDOWS\system32\config
    2010-02-19 19:50:47 ----SHD---- C:\System Volume Information
    2010-02-19 19:50:47 ----D---- C:\WINDOWS\system32\Restore
    2010-02-18 14:00:09 ----SD---- C:\WINDOWS\Tasks
    2010-02-17 21:09:21 ----D---- C:\WINDOWS\system32\NtmsData
    2010-02-16 19:23:16 ----D---- C:\Program Files\KeePass
    2010-02-11 13:37:23 ----D---- C:\IBackup for Windows
    2010-02-10 22:24:22 ----A---- C:\WINDOWS\WININIT.INI
    2010-02-10 21:16:07 ----D---- C:\Games
    2010-02-08 22:21:26 ----D---- C:\Program Files\Mozilla Thunderbird
    2010-02-02 21:03:55 ----D---- C:\downloads
    2010-01-30 21:12:13 ----N---- C:\WINDOWS\win.ini
    2010-01-30 21:12:13 ----A---- C:\WINDOWS\pagesuit.ini
    2010-01-30 20:54:51 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-01-30 20:46:47 ----D---- C:\Program Files\QuickTime
    2010-01-30 17:26:01 ----A---- C:\WINDOWS\Winamp.ini
    2010-01-30 17:21:07 ----D---- C:\Program Files\Ulead Systems
    2010-01-27 19:45:09 ----D---- C:\Documents and Settings\Todd\Application Data\FileZilla

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
    R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
    R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
    R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-06-24 259328]
    R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-06-24 146560]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
    R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-23 90416]
    R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-06-24 118409]
    R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-06-24 213120]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
    R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-08-24 32768]
    R2 WBHWDOCT;WBHWDOCT; C:\WINDOWS\system32\drivers\WBHWDOCT.sys [2001-06-15 5006]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-03-21 701676]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-07 501760]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-07 439424]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-07 7168]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-07 142848]
    R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-06-24 21993]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-07 77824]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 1093632]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960]
    R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
    R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512]
    R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys [2009-04-07 285952]
    R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-05-23 28352]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-07 114688]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-09-14 166400]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
    S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120]
    S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\System32\DRIVERS\HidBatt.sys [2008-04-13 20352]
    S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-06-24 22745]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-09-14 15360]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
    R2 IBackupWeb;IBackupWeb; C:\IBackup for Windows\IBackupWebM.exe [2009-03-25 54760]
    R2 IBWin Service;IBWin Service; C:\IBackup for Windows\IBWin Service_955.exe [2009-11-24 128488]
    R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-21 153376]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
    R2 SqueezeMySQL;SqueezeMySQL; C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-01-19 4149248]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
    R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920]
    S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 lmab_device;lmab_device; C:\WINDOWS\system32\LMabcoms.exe [2004-03-19 421888]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-11-09 65536]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
    S4 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-22 106496]
    S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-03-18 20480]
    S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •