Help..Spybot/AVG anyother antivirus/spyware that i download will not open "error mSG"

Good. Now, let's see if you're able to create a few logs.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Attach the file to your post as an attachment.
 
here are the two logs from the DDS , and also the attached Win32kDiag.txt :)





DDS (Ver_09-07-30.01) - NTFSx86
Run by mike at 14:40:20.81 on Fri 09/11/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_06
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.980 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\mike\Desktop\yup.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\motupe~1.lnk - c:\windows\installer\{faaf4f08-107f-42b4-b01c-b5bacb65e7d3}\_B46567FF76B580C507E5B5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\ds97wq52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-14 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-5-14 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-14 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-5-14 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-25 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-12 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-8 33792]
R3 mfwagsif;MOTU Audio GSIF;c:\windows\system32\drivers\mfwagsif.sys [2007-1-4 21752]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2007-1-4 25336]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2007-1-4 58104]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2007-1-4 23288]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2007-1-4 233720]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-6-19 2048]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-14 908056]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\system32\drivers\akMPC4kU.sys [2008-1-4 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-23 84832]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-7-22 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-7-22 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_vista\AVGIDSShim.sys [2009-7-22 29136]
S3 RDID1045;Roland FANTOM-X;c:\windows\system32\drivers\Rdwm1045.sys [2008-3-26 56832]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2008-4-19 33736]

=============== Created Last 30 ================

2009-09-11 12:45 <DIR> --d----- C:\$RECYCLE.BIN
2009-09-11 11:47 <DIR> --d----- C:\32788R22FWJFW.2.tmp
2009-09-11 08:30 230,912 a------- c:\windows\PEV.exe
2009-09-11 08:30 161,792 a------- c:\windows\SWREG.exe
2009-09-11 08:30 98,816 a------- c:\windows\sed.exe
2009-09-11 07:59 <DIR> --d----- C:\32788R22FWJFW.1.tmp
2009-09-09 23:15 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 13:16 20 a------- c:\windows\system32\SYSTEM
2009-09-09 11:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-08 23:39 <DIR> --d----- c:\programdata\Sunbelt
2009-09-08 23:39 <DIR> --d----- c:\progra~2\Sunbelt
2009-09-07 14:54 <DIR> --d----- c:\program files\Sunbelt Software
2009-09-06 19:42 <DIR> --d----- c:\users\mike\appdata\roaming\Malwarebytes
2009-09-06 19:41 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 19:41 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-06 19:41 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-06 19:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-06 19:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 18:49 <DIR> --d----- c:\program files\Panda Security
2009-09-04 14:23 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-04 13:48 <DIR> --d----- c:\programdata\PC Tools
2009-09-04 13:48 <DIR> --d----- c:\progra~2\PC Tools
2009-09-02 17:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 17:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 16:47 <DIR> --d----- c:\program files\Free Audio Pack
2009-08-26 03:02 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 17:24 1,388,544 a------- c:\windows\system32\temp.012
2009-08-25 17:24 73,785 a------- c:\windows\system32\temp.011
2009-08-25 17:23 <DIR> --d----- c:\program files\4Musics WAV to MP3 Converter
2009-08-14 09:59 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-14 09:59 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-14 09:59 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 09:59 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-14 09:59 270,848 a------- c:\windows\system32\schannel.dll
2009-08-14 09:59 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 09:59 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 09:59 9,728 a------- c:\windows\system32\lsass.exe

==================== Find3M ====================

2009-09-09 12:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-09 12:19 86,016 a------- c:\windows\inf\infstor.dat
2009-09-09 12:19 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-14 10:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 09:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 09:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 07:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 07:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 07:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 07:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 07:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 07:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 07:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-03 09:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-03 09:19 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 17:23 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 17:23 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-18 09:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 09:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 02:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 07:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 12:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 12:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 12:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 12:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-30 19:03 233,472 a------- c:\windows\system32\REX Shared Library.dll
2009-06-15 08:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 08:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 08:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 05:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-07-19 13:39 174 a--sh--- c:\program files\desktop.ini
2008-07-19 13:02 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:40:37.88 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2007 12:19:49 AM
System Uptime: 9/11/2009 1:31:41 PM (1 hours ago)

Motherboard: ECS | | Nettle2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket M2 | 2100/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 146.637 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.007 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 149 GiB total, 11.383 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP824: 9/2/2009 3:00:25 AM - Windows Update
RP834: 9/3/2009 5:02:56 AM - Scheduled Checkpoint
RP836: 9/3/2009 1:29:28 PM - Windows Update
RP838: 9/4/2009 3:00:29 AM - Windows Update
RP840: 9/5/2009 1:49:24 AM - Scheduled Checkpoint
RP842: 9/5/2009 3:00:13 AM - Windows Update
RP844: 9/6/2009 3:00:43 AM - Windows Update
RP846: 9/7/2009 3:00:48 AM - Windows Update
RP848: 9/7/2009 2:53:30 PM - Installed CounterSpy.
RP850: 9/7/2009 11:11:29 PM - Installed CounterSpy.
RP852: 9/7/2009 11:15:15 PM - Installed CounterSpy.
RP854: 9/7/2009 11:17:56 PM - Installed CounterSpy.
RP856: 9/7/2009 11:21:28 PM - Installed CounterSpy.
RP858: 9/7/2009 11:26:13 PM - Installed CounterSpy.
RP860: 9/8/2009 3:00:25 AM - Windows Update
RP862: 9/8/2009 1:10:15 PM - Windows Update
RP864: 9/8/2009 11:40:35 PM - Installed CounterSpy.
RP866: 9/8/2009 11:43:16 PM - Installed CounterSpy.
RP868: 9/9/2009 3:00:31 AM - Windows Update
RP870: 9/9/2009 6:16:10 AM - Installed CounterSpy.
RP872: 9/9/2009 9:02:47 AM - Installed CounterSpy.
RP874: 9/9/2009 12:16:25 PM - Removed Apple Mobile Device Support
RP876: 9/9/2009 3:05:19 PM - Installed CounterSpy.
RP878: 9/9/2009 3:13:43 PM - Windows Update
RP880: 9/10/2009 3:00:26 AM - Windows Update
RP882: 9/10/2009 6:05:52 PM - Scheduled Checkpoint
RP884: 9/11/2009 1:24:52 AM - Windows Update
RP886: 9/11/2009 3:00:21 AM - Windows Update
RP888: 9/11/2009 8:25:00 AM - Avg8 Update
RP890: 9/11/2009 8:26:33 AM - Avg8 Update
RP892: 9/11/2009 11:50:21 AM - Removed AVG Identity Protection.

==== Installed Programs ======================


4Musics WAV to MP3 Converter 4.3
abgx360 v1.0.1
Ace MP3 To WAV Converter
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 9
AIM 6
aksys
Aksys S56
Antares Auto-Tune v4.39
Antares Autotune VST RTAS TDM v5.08
Apple Software Update
AutoUpdate
AVG 8.5
AVG Identity Protection
burst! v3.1.0
Cakewalk VST Adapter 4.4.4.0
CSi STARTER-Sonar 4
dBpoweramp DSP Effects
dBpoweramp Music Converter
deskPDF 2.5 Professional Edition
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Docudesk GPL Ghostscript 8.15
DreamStation DXi2
EarMaster Pro 5
Enhanced Multimedia Keyboard Solution
Free Mp3 Wma Converter V 1.8.0
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
ImgBurn
iPrep v008.8
iTunes
iZotope Trash
J2SE Runtime Environment 5.0 Update 6
Java DB 10.3.1.4
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 6
KORG Legacy Collection - DIGITAL EDITION RTAS
KORG Legacy Collection - DIGITAL EDITION VST
Korg Legacy Collection v1.1.10
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Melodyne 3.1
Melodyne 3.2 Demo
Melodyne plugin
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
mIRC
Mixed In Key 2.5
MOTU FireWire Audio
MOTU FireWire/USB Audio Installer
MOTU USB MIDI Installer
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
neroxml
NVIDIA Drivers
OJOsoft MP3 Converter
OJOsoft WAV to MP3 Converter
Platform
Princeton Digital 2016 Plate Reverb VST
PSSWCORE
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
Reason 4.0
reFX Nexus 1.3.9
Registry Mechanic 8.0
Rhapsody
Rhapsody Player Engine
Roland FANTOM-X Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SmartSoft Video Converter
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
SONAR 5 Producer Edition
SONAR 7 Producer Edition
Spybot - Search & Destroy
Steinberg Hypersonic 2
Studio Manager
Sylenth1 v1.21
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VIA Platform Device Manager
Viewpoint Media Player
Wav2MP3 Wizard v3.2 (Build 354)
Waves Mercury Complete VST DX RTAS v1.01
Winamp
WinRAR archiver
WinZip 11.1
Xbox Backup Creator
Xilisoft Video Converter 3
Xilisoft Video Editor
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar
Yamaha MOTIF ES6/7/8 Voice Editor
YAMAHA Studio Manager

==== Event Viewer Messages From Past Week ========

9/11/2009 12:41:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: VClone
9/11/2009 12:40:58 PM, Error: Service Control Manager [7000] - The PLFlash DeviceIoControl Service service failed to start due to the following error: The system cannot find the file specified.
9/11/2009 12:40:58 PM, Error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the file specified.
9/11/2009 12:38:48 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPON~3.tmp' was corrupted and it has been recovered. Some data might have been lost.
9/11/2009 12:37:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/11/2009 12:37:57 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/11/2009 1:35:34 PM, Error: EventLog [6008] - The previous system shutdown at 1:13:38 PM on 9/11/2009 was unexpected.
9/11/2009 1:09:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
9/11/2009 1:09:17 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
 
Hi,

Run a full scan with Malwarebytes' Anti-Malware (have its definitions updated) and let it delete its findings. Post back its report.
 
hi blade, here is my log from the scan off of malware bytes.. it found 3 things. I clicked on Removed which prompted me to reboot. Still have the issue of my antiviral Avg and Spybot not working/disabled. Going to run another scan with malware bytes & post it up when its finished :)








Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 6.0.6001 Service Pack 1

9/11/2009 6:39:20 PM
mbam-log-2009-09-11 (18-39-08).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 430467
Time elapsed: 3 hour(s), 25 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Windows\System32\cngaudit.dll.vir (Trojan.Sirefef) -> No action taken.
F:\Program Files\Antares\AutoTuneDX\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Users\mike\Desktop\sVCHOST.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
 
here is the latest scan now with no viruses.. however spybot wont load or my anti viral still



Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 6.0.6001 Service Pack 1

9/11/2009 10:27:04 PM
mbam-log-2009-09-11 (22-27-04).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 430396
Time elapsed: 2 hour(s), 19 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Burst
Bittornado
Limewire
uTorrent


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:

however spybot wont load or my anti viral still
Click to expand...
Download this to same folder with Spybot. Then drag 'n' drop Spybot .exe file to it to release file lock. Then copy Inherit.exe to same folder with your antivirus program and repeat same thing for its .exe file.


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
c:\users\mike\AppData\Roaming\uTorrent
c:\program files\LimeWire
c:\program files\utorrent
c:\program files\bittornado
c:\program files\burst
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1C001340-DAA4-47E6-B50B-BA230216E23F}"=-
"{C743F804-8F36-4FFD-A740-4C47EA5768DA}"=-
"TCP Query User{A0A673E7-3B5C-411F-AF5A-0CBA4CA254F8}c:\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{4C0E1E8C-17F4-44EE-AED6-B1629E4B56CF}c:\\program files\\utorrent\\utorrent.exe"=-
"TCP Query User{D3F0A7AA-E9A6-4064-AEE3-3C3045435127}c:\\program files\\bittornado\\btdownloadgui.exe"=-
"UDP Query User{B0FFC4EE-D8AC-4E8B-8435-CC41C2599459}c:\\program files\\bittornado\\btdownloadgui.exe"=-
"TCP Query User{ED570B89-E50D-4073-854A-3285FFFF5B34}c:\\program files\\bittornado\\btdownloadgui.exe"=-
"UDP Query User{C7DBF1B4-49E9-4093-95E1-2B2FB60E5EBE}c:\\program files\\bittornado\\btdownloadgui.exe"=-
"TCP Query User{5FF4D97E-84F9-4AFB-ABD2-45BF3B5394DF}c:\\program files\\burst\\core-new1.1.3\\btdownloadheadless.exe"=-
"UDP Query User{AC2E0008-8D39-475B-9945-15A0EC16A5E0}c:\\program files\\burst\\core-new1.1.3\\btdownloadheadless.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

________________

Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 and 9.1.3 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.



Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
tried to drag and drop the file with spybot.exe and also my avg anti viral.. i got a pop up prompt that said "OK!". However still not able to run both programs

.exe files i download still disappear off of my desktop.


here's the latest scan from combofix :


ComboFix 09-09-12.07 - mike 09/12/2009 17:44.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1191 [GMT -7:00]
Running from: c:\users\mike\Desktop\SnaPPLe.exe
Command switches used :: c:\users\mike\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 01:06 . 2009-09-13 01:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-13 01:06 . 2009-09-13 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 00:40 . 2009-09-13 00:40 -------- d-----w- C:\SnaPPLe
2009-09-11 19:51 . 2009-09-13 01:06 -------- d-----w- c:\users\mike\AppData\Local\temp
2009-09-11 18:47 . 2009-09-11 18:48 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-09-11 14:59 . 2009-09-11 15:01 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-09-10 06:15 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 18:09 . 2009-09-09 18:16 -------- d-----w- c:\program files\Trend Micro
2009-09-09 06:39 . 2009-09-09 06:39 -------- d-----w- c:\programdata\Sunbelt
2009-09-07 21:54 . 2009-09-08 06:26 -------- d-----w- c:\program files\Sunbelt Software
2009-09-07 02:42 . 2009-09-07 02:42 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2009-09-07 02:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 02:41 . 2009-09-07 02:41 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 02:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 02:41 . 2009-09-11 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 01:49 . 2009-09-09 21:46 -------- d-----w- c:\program files\Panda Security
2009-09-04 20:48 . 2009-09-09 21:41 -------- d-----w- c:\programdata\PC Tools
2009-09-03 00:45 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 00:45 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 10:02 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 00:23 . 2009-08-26 00:23 -------- d-----w- c:\program files\4Musics WAV to MP3 Converter
2009-08-19 18:36 . 2009-08-20 01:30 -------- d-----w- c:\users\mike\AppData\Roaming\Winamp
2009-08-19 18:36 . 2009-08-19 18:37 -------- d-----w- c:\program files\Winamp
2009-08-14 16:59 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 16:59 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 16:59 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 16:59 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 16:59 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 16:59 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 16:59 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 16:59 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 20:55 . 2008-04-13 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-12 20:51 . 2008-04-13 20:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-12 18:36 . 2007-09-09 20:55 -------- d-----w- c:\program files\LimeWire
2009-09-10 17:59 . 2007-09-09 19:12 -------- d-----w- c:\users\mike\AppData\Roaming\mIRC
2009-09-10 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 19:15 . 2008-03-03 19:13 -------- d-----w- c:\users\mike\AppData\Roaming\uTorrent
2009-09-09 18:29 . 2009-06-16 16:23 0 ----a-w- c:\users\mike\AppData\Local\prvlcl.dat
2009-09-01 23:47 . 2009-09-01 23:47 -------- d-----w- c:\program files\Free Audio Pack
2009-08-26 00:24 . 2008-10-17 22:03 -------- d-----w- c:\program files\Ace MP3 To WAV Converter
2009-08-14 17:07 . 2009-09-10 06:16 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 06:16 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 06:16 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 06:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 06:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 06:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 06:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 06:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 06:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 06:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:58 . 2009-09-04 21:23 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\program files\EarMaster Pro 5
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\users\mike\AppData\Roaming\EarMaster
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\programdata\EarMaster
2009-08-11 05:53 . 2009-08-11 05:53 -------- d-----w- c:\programdata\Downloaded Installations
2009-08-11 05:52 . 2009-05-14 18:23 -------- d-----w- c:\programdata\avg8
2009-08-11 02:16 . 2008-04-07 22:11 -------- d-----w- c:\programdata\FLEXnet
2009-08-03 16:19 . 2009-05-14 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-03 16:19 . 2009-05-14 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 16:19 . 2009-05-14 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-23 00:23 . 2009-07-23 00:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-23 00:23 . 2009-07-23 00:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-21 20:36 . 2009-07-21 20:36 -------- d-----w- c:\program files\Vstplugins
2009-07-18 16:06 . 2009-07-28 23:40 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 23:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 23:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 19:36 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 19:36 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 19:36 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 19:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 19:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-10 06:16 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-10 06:16 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:32 . 2009-09-10 06:16 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:29 . 2009-09-10 06:16 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-01 02:03 . 2009-07-01 02:03 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-06-15 15:24 . 2009-07-15 11:47 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 11:47 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 11:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 11:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-01-26 22:48 . 2008-01-26 22:48 0 --sha-w- c:\windows\SBC38B530.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_19.48.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-10 18:58 . 2009-09-12 20:57 62870 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-12 20:57 89906 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-03 18:03 . 2009-09-12 20:57 15670 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1427494975-2143899584-4123375682-1000_UserData.bin
- 2007-09-03 17:56 . 2009-09-11 18:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-03 17:56 . 2009-09-12 20:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-03 17:56 . 2009-09-11 18:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-03 17:56 . 2009-09-12 20:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-03 17:56 . 2009-09-11 18:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-03 17:56 . 2009-09-12 20:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-09 15:48 . 2009-09-12 20:52 4992 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-09-12 20:55 . 2009-09-12 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-11 19:40 . 2009-09-11 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-11 19:40 . 2009-09-11 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-12 20:55 . 2009-09-12 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-14 07:09 . 2009-09-11 23:19 273098 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-20 14:35 . 2009-09-12 21:47 542254 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 10:22 . 2009-09-11 14:41 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-12 19:17 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-07 20:29 . 2009-09-12 20:53 1850240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-07 20:29 . 2009-09-11 18:35 1850240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-13 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-23 1600008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2007-9-10 126976]
MOTU Pedal Handler.lnk - c:\windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-17 10134]
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B74D4073-4A65-4516-BAA9-C36211272413}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3268F9DE-2BE1-4BA1-8F3A-1BB02C8100D3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CC0EE83-F4EF-4719-99E1-490B956C0F5A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4513983D-0C39-4FAE-90C6-A381B25F63D8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C52709ED-5492-4C67-AA3D-BDA44F3C77A2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3CD4529E-5113-41D2-BCAC-DB7911B55C4E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9DCBB145-7212-4670-BA5A-1E7FF1382BC4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{068BAED6-CA03-402A-9E71-2794EBD2C887}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A14168FF-C125-47DE-A405-9FF0B73306DE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{063497CE-70DD-42AB-9B34-33C87055991F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BA8EFD64-9614-46FD-B172-42C2530D38DE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6F48FE21-A898-40B7-B6B1-9B50AD020D25}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{2721363D-8A7C-403D-9745-11663E94956B}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{F6B7ED2B-7F67-4820-A521-8B8478C45518}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{87CFD502-683E-4097-8960-2DB6815907E9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4E4AC7AB-D111-43AE-B77F-C45C6D6527F1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3792332-B664-4CE2-9C12-8813271F9D9F}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{2A03D6FB-1225-4720-9910-4CA80CD23789}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{886A128E-60F3-415C-92CD-7AA722A8AA50}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AC15DACA-CFA1-4D1D-B672-8240AF2D7012}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6699F5EA-DAA4-4546-BAFA-7452AB832F66}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{832CFB87-1306-4CF9-B90B-57239E16F75D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6E980E6C-8A0C-44E9-8368-F211748849E3}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{9E392FF1-4FFF-4E2E-B8A4-EFFAF4851165}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{5953E229-30E5-4280-B058-9BDEB3D71A64}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{F70EC504-1928-441F-8FB9-67997A3F37C8}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{EC435664-8772-4085-8EEC-6AE37572DF2A}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{6C759863-6E26-4827-B880-A926CC9BE00B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8EADB55A-E98B-4CF6-BB54-B3326116480F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B7ED8531-9224-43E1-B08E-23CED92BB755}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{FD5759EC-4CFF-453E-8AF2-46E61B4B3097}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{71A4BBC5-BFDA-46E4-8D67-6979959C7F9A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2A8FCC79-1900-4247-8B2C-EF036C65CF10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55C616E4-7047-4528-920B-0D19F87454B0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{80C495C5-F775-4BD1-8AA9-BB997939D048}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98163C55-ED80-4C81-9B1C-2E5D969227AC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A30D7A0A-9D14-450F-B7E4-7407AE42B374}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{2C622DAD-06D9-4751-8B3A-50B3F11B6B68}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{A299CCDE-FF68-4DB6-96B0-1F55EAD8469C}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{2CDC90EB-1170-4A8D-B2F0-5C47DB5AEE83}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{36C82A20-12D6-49DA-8F9F-EE1D07BD96B5}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{5201E383-A18C-4184-BC07-229C183B5686}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{6BF94A10-9C05-4F98-A6FA-B7D42413B1DE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6046AC6C-EB29-4825-819A-4962701C4F73}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\drivers\AVGIDSErHr.sys [7/22/2009 5:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [5/14/2009 11:26 AM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [5/14/2009 11:04 AM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/14/2009 11:26 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/14/2009 11:26 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/14/2009 11:25 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/14/2009 11:25 AM 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [7/22/2009 5:23 PM 571912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/12/2007 12:23 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [4/8/2008 11:23 PM 33792]
R3 mfwagsif;MOTU Audio GSIF;c:\windows\System32\drivers\mfwagsif.sys [1/4/2007 7:06 PM 21752]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\System32\drivers\MFWAMIDI.sys [1/4/2007 7:06 PM 25336]
R3 mfwawave;MOTU Audio Wave;c:\windows\System32\drivers\MFWAWave.sys [1/4/2007 7:05 PM 58104]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\System32\drivers\motubus.sys [1/4/2007 6:06 PM 23288]
R3 MotuFWA;MotuFWA;c:\windows\System32\drivers\motufwa.sys [1/4/2007 7:06 PM 233720]
R3 portio32;portio32;c:\windows\System32\drivers\portio32.sys [6/19/2009 3:04 PM 2048]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/14/2009 11:25 AM 908056]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\System32\drivers\akMPC4kU.sys [1/4/2008 3:11 PM 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [9/23/2008 12:39 PM 84832]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [7/22/2009 5:23 PM 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [7/22/2009 5:23 PM 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [7/22/2009 5:23 PM 29136]
S3 RDID1045;Roland FANTOM-X;c:\windows\System32\drivers\Rdwm1045.sys [3/26/2008 2:37 PM 56832]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\System32\drivers\ymidusbw.sys [4/19/2008 2:56 PM 33736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 18:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000003

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5792)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-09-13 18:10
ComboFix-quarantined-files.txt 2009-09-13 01:09
ComboFix2.txt 2009-09-11 19:51

Pre-Run: 156,267,008,000 bytes free
Post-Run: 156,167,475,200 bytes free

309 --- E O F --- 2009-09-12 10:00
 
Heres the Kaspersky Log... i scanned the whole computer first (it took 12 hours to complete) and it found these exact viruses in Scan Critical Areas.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 14, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 14, 2009 02:31:21
Records in database: 2802800
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Program Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows

Scan statistics:
Objects scanned: 164145
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:51:38


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\Program Files\Online Services\eBay\WizLink.exe Infected: Trojan.Win32.Agent.cwkw 1
C:\Program Files\Online Services\zipca\WizLink.exe Infected: Trojan.Win32.Agent.cwkw 1

Selected area has been scanned.
 
Here's my DDS report :)




DDS (Ver_09-07-30.01) - NTFSx86
Run by mike at 17:46:13.71 on Mon 09/14/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1024 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\hp\kbd\kbd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\mike\AppData\Local\temp\jkos-mike\binaries\ScanningProcess.exe
C:\Users\mike\AppData\Local\temp\jkos-mike\binaries\ScanningProcess.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\mike\Desktop\DdS8145.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\motupe~1.lnk - c:\windows\installer\{faaf4f08-107f-42b4-b01c-b5bacb65e7d3}\_B46567FF76B580C507E5B5.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\ds97wq52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-14 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-5-14 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-14 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-5-14 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-12 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-4-8 33792]
R3 mfwagsif;MOTU Audio GSIF;c:\windows\system32\drivers\mfwagsif.sys [2007-1-4 21752]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2007-1-4 25336]
R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2007-1-4 58104]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2007-1-4 23288]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [2007-1-4 233720]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-6-19 2048]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-14 908056]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\system32\drivers\akMPC4kU.sys [2008-1-4 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-23 84832]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-7-22 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-7-22 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_vista\AVGIDSShim.sys [2009-7-22 29136]
S3 RDID1045;Roland FANTOM-X;c:\windows\system32\drivers\Rdwm1045.sys [2008-3-26 56832]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2008-4-19 33736]

=============== Created Last 30 ================

2009-09-13 17:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-12 18:08 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-12 17:40 <DIR> --d----- C:\SnaPPLe
2009-09-11 11:47 <DIR> --d----- C:\32788R22FWJFW.2.tmp
2009-09-11 08:30 230,912 a------- c:\windows\PEV.exe
2009-09-11 08:30 161,792 a------- c:\windows\SWREG.exe
2009-09-11 08:30 98,816 a------- c:\windows\sed.exe
2009-09-11 07:59 <DIR> --d----- C:\32788R22FWJFW.1.tmp
2009-09-09 23:15 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-09 13:16 20 a------- c:\windows\system32\SYSTEM
2009-09-09 11:09 <DIR> --d----- c:\program files\Trend Micro
2009-09-08 23:39 <DIR> --d----- c:\programdata\Sunbelt
2009-09-08 23:39 <DIR> --d----- c:\progra~2\Sunbelt
2009-09-07 14:54 <DIR> --d----- c:\program files\Sunbelt Software
2009-09-06 19:42 <DIR> --d----- c:\users\mike\appdata\roaming\Malwarebytes
2009-09-06 19:41 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 19:41 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-06 19:41 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-06 19:41 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-06 19:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 18:49 <DIR> --d----- c:\program files\Panda Security
2009-09-04 14:23 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-04 13:48 <DIR> --d----- c:\programdata\PC Tools
2009-09-04 13:48 <DIR> --d----- c:\progra~2\PC Tools
2009-09-02 17:45 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 17:45 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 16:47 <DIR> --d----- c:\program files\Free Audio Pack
2009-08-26 03:02 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 17:24 1,388,544 a------- c:\windows\system32\temp.012
2009-08-25 17:24 73,785 a------- c:\windows\system32\temp.011
2009-08-25 17:23 <DIR> --d----- c:\program files\4Musics WAV to MP3 Converter

==================== Find3M ====================

2009-09-09 12:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-09 12:19 86,016 a------- c:\windows\inf\infstor.dat
2009-09-09 12:19 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-14 10:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 09:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 09:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 07:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 07:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 07:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 07:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 07:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 07:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 07:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-03 09:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-03 09:19 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 17:23 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 17:23 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-18 09:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 09:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 02:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 07:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 12:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 12:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 12:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 12:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-30 19:03 233,472 a------- c:\windows\system32\REX Shared Library.dll
2008-07-19 13:39 174 a--sh--- c:\program files\desktop.ini
2008-07-19 13:02 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:46:44.90 ===============
 
and heres the combo log! :)


ComboFix 09-09-14.02 - mike 09/14/2009 17:53.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1012 [GMT -7:00]
Running from: c:\users\mike\Desktop\SnaPPLe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\mike\AppData\Roaming\Microsoft\Installer\{1D187E68-A03C-4E34-BE30-75CE94710A0D}\Icon7FAF987E1.txt
c:\users\mike\AppData\Roaming\Microsoft\Installer\{1D187E68-A03C-4E34-BE30-75CE94710A0D}\Icon7FAF987E2.ico

.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 01:02 . 2009-09-15 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-14 16:27 . 2009-09-14 16:27 -------- d-----w- c:\users\mike\AppData\Local\Apple
2009-09-14 00:08 . 2009-09-14 00:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 00:07 . 2009-09-14 00:07 -------- d-----w- c:\program files\Java
2009-09-13 23:47 . 2009-09-14 00:14 -------- d-----w- c:\users\mike\AppData\Local\Adobe
2009-09-13 00:40 . 2009-09-13 00:40 -------- d-----w- C:\SnaPPLe
2009-09-11 19:51 . 2009-09-15 01:02 -------- d-----w- c:\users\mike\AppData\Local\temp
2009-09-11 18:47 . 2009-09-11 18:48 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-09-11 14:59 . 2009-09-11 15:01 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-09-10 06:15 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 18:09 . 2009-09-09 18:16 -------- d-----w- c:\program files\Trend Micro
2009-09-09 06:39 . 2009-09-09 06:39 -------- d-----w- c:\programdata\Sunbelt
2009-09-07 21:54 . 2009-09-08 06:26 -------- d-----w- c:\program files\Sunbelt Software
2009-09-07 02:42 . 2009-09-07 02:42 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2009-09-07 02:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 02:41 . 2009-09-07 02:41 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 02:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 02:41 . 2009-09-11 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 01:49 . 2009-09-09 21:46 -------- d-----w- c:\program files\Panda Security
2009-09-04 20:48 . 2009-09-09 21:41 -------- d-----w- c:\programdata\PC Tools
2009-09-03 00:45 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 00:45 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 10:02 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 00:23 . 2009-08-26 00:23 -------- d-----w- c:\program files\4Musics WAV to MP3 Converter
2009-08-19 18:36 . 2009-08-20 01:30 -------- d-----w- c:\users\mike\AppData\Roaming\Winamp
2009-08-19 18:36 . 2009-08-19 18:37 -------- d-----w- c:\program files\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 20:55 . 2008-04-13 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-12 20:51 . 2008-04-13 20:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-12 18:36 . 2007-09-09 20:55 -------- d-----w- c:\program files\LimeWire
2009-09-10 17:59 . 2007-09-09 19:12 -------- d-----w- c:\users\mike\AppData\Roaming\mIRC
2009-09-10 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 19:15 . 2008-03-03 19:13 -------- d-----w- c:\users\mike\AppData\Roaming\uTorrent
2009-09-09 18:29 . 2009-06-16 16:23 0 ----a-w- c:\users\mike\AppData\Local\prvlcl.dat
2009-09-01 23:47 . 2009-09-01 23:47 -------- d-----w- c:\program files\Free Audio Pack
2009-08-26 00:24 . 2008-10-17 22:03 -------- d-----w- c:\program files\Ace MP3 To WAV Converter
2009-08-14 17:07 . 2009-09-10 06:16 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 06:16 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 06:16 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 06:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 06:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 06:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 06:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 06:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 06:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 06:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:58 . 2009-09-04 21:23 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\program files\EarMaster Pro 5
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\users\mike\AppData\Roaming\EarMaster
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\programdata\EarMaster
2009-08-11 05:53 . 2009-08-11 05:53 -------- d-----w- c:\programdata\Downloaded Installations
2009-08-11 05:52 . 2009-05-14 18:23 -------- d-----w- c:\programdata\avg8
2009-08-11 02:16 . 2008-04-07 22:11 -------- d-----w- c:\programdata\FLEXnet
2009-08-03 16:19 . 2009-05-14 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-03 16:19 . 2009-05-14 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 16:19 . 2009-05-14 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-23 00:23 . 2009-07-23 00:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-23 00:23 . 2009-07-23 00:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-21 20:36 . 2009-07-21 20:36 -------- d-----w- c:\program files\Vstplugins
2009-07-18 16:06 . 2009-07-28 23:40 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 23:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 23:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 19:36 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 19:36 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 19:36 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 19:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 19:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-10 06:16 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-10 06:16 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:32 . 2009-09-10 06:16 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:29 . 2009-09-10 06:16 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-01 02:03 . 2009-07-01 02:03 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2008-01-26 22:48 . 2008-01-26 22:48 0 --sha-w- c:\windows\SBC38B530.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_19.48.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-10 18:58 . 2009-09-13 23:47 62902 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-13 23:47 89994 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-03 18:03 . 2009-09-13 23:47 15670 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1427494975-2143899584-4123375682-1000_UserData.bin
- 2007-09-03 17:56 . 2009-09-11 18:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-03 17:56 . 2009-09-15 00:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-03 17:56 . 2009-09-15 00:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-03 17:56 . 2009-09-11 18:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-03 17:56 . 2009-09-11 18:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-03 17:56 . 2009-09-15 00:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-09 15:48 . 2009-09-12 20:52 4992 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-09-11 19:40 . 2009-09-11 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-13 23:44 . 2009-09-13 23:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-11 19:40 . 2009-09-11 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-13 23:44 . 2009-09-13 23:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-14 07:09 . 2009-09-11 23:19 273098 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-20 14:35 . 2009-09-15 00:28 546852 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-09-14 00:08 . 2009-09-14 00:07 149280 c:\windows\System32\javaws.exe
+ 2009-09-14 00:08 . 2009-09-14 00:07 145184 c:\windows\System32\javaw.exe
+ 2009-09-14 00:08 . 2009-09-14 00:07 145184 c:\windows\System32\java.exe
- 2006-11-02 10:22 . 2009-09-11 14:41 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-12 19:17 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-07 20:29 . 2009-09-11 18:35 1850240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-07 20:29 . 2009-09-13 23:43 1850240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-14 00:07 . 2009-09-14 00:07 1757696 c:\windows\Installer\14fb04.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-13 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-23 1600008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2007-9-10 126976]
MOTU Pedal Handler.lnk - c:\windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-17 10134]
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B74D4073-4A65-4516-BAA9-C36211272413}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3268F9DE-2BE1-4BA1-8F3A-1BB02C8100D3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CC0EE83-F4EF-4719-99E1-490B956C0F5A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4513983D-0C39-4FAE-90C6-A381B25F63D8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C52709ED-5492-4C67-AA3D-BDA44F3C77A2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3CD4529E-5113-41D2-BCAC-DB7911B55C4E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9DCBB145-7212-4670-BA5A-1E7FF1382BC4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{068BAED6-CA03-402A-9E71-2794EBD2C887}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A14168FF-C125-47DE-A405-9FF0B73306DE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{063497CE-70DD-42AB-9B34-33C87055991F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BA8EFD64-9614-46FD-B172-42C2530D38DE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6F48FE21-A898-40B7-B6B1-9B50AD020D25}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{2721363D-8A7C-403D-9745-11663E94956B}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{F6B7ED2B-7F67-4820-A521-8B8478C45518}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{87CFD502-683E-4097-8960-2DB6815907E9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4E4AC7AB-D111-43AE-B77F-C45C6D6527F1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3792332-B664-4CE2-9C12-8813271F9D9F}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{2A03D6FB-1225-4720-9910-4CA80CD23789}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{886A128E-60F3-415C-92CD-7AA722A8AA50}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AC15DACA-CFA1-4D1D-B672-8240AF2D7012}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6699F5EA-DAA4-4546-BAFA-7452AB832F66}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{832CFB87-1306-4CF9-B90B-57239E16F75D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6E980E6C-8A0C-44E9-8368-F211748849E3}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{9E392FF1-4FFF-4E2E-B8A4-EFFAF4851165}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{5953E229-30E5-4280-B058-9BDEB3D71A64}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{F70EC504-1928-441F-8FB9-67997A3F37C8}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{EC435664-8772-4085-8EEC-6AE37572DF2A}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{6C759863-6E26-4827-B880-A926CC9BE00B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8EADB55A-E98B-4CF6-BB54-B3326116480F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B7ED8531-9224-43E1-B08E-23CED92BB755}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{FD5759EC-4CFF-453E-8AF2-46E61B4B3097}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{71A4BBC5-BFDA-46E4-8D67-6979959C7F9A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2A8FCC79-1900-4247-8B2C-EF036C65CF10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55C616E4-7047-4528-920B-0D19F87454B0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{80C495C5-F775-4BD1-8AA9-BB997939D048}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98163C55-ED80-4C81-9B1C-2E5D969227AC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A30D7A0A-9D14-450F-B7E4-7407AE42B374}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{2C622DAD-06D9-4751-8B3A-50B3F11B6B68}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{A299CCDE-FF68-4DB6-96B0-1F55EAD8469C}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{2CDC90EB-1170-4A8D-B2F0-5C47DB5AEE83}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{36C82A20-12D6-49DA-8F9F-EE1D07BD96B5}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{5201E383-A18C-4184-BC07-229C183B5686}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{6BF94A10-9C05-4F98-A6FA-B7D42413B1DE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6046AC6C-EB29-4825-819A-4962701C4F73}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\drivers\AVGIDSErHr.sys [7/22/2009 5:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [5/14/2009 11:26 AM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [5/14/2009 11:04 AM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/14/2009 11:26 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/14/2009 11:26 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/14/2009 11:25 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/14/2009 11:25 AM 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [7/22/2009 5:23 PM 571912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/12/2007 12:23 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [4/8/2008 11:23 PM 33792]
R3 mfwagsif;MOTU Audio GSIF;c:\windows\System32\drivers\mfwagsif.sys [1/4/2007 7:06 PM 21752]
R3 mfwamidi;MOTU Audio MIDI;c:\windows\System32\drivers\MFWAMIDI.sys [1/4/2007 7:06 PM 25336]
R3 mfwawave;MOTU Audio Wave;c:\windows\System32\drivers\MFWAWave.sys [1/4/2007 7:05 PM 58104]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\System32\drivers\motubus.sys [1/4/2007 6:06 PM 23288]
R3 MotuFWA;MotuFWA;c:\windows\System32\drivers\motufwa.sys [1/4/2007 7:06 PM 233720]
R3 portio32;portio32;c:\windows\System32\drivers\portio32.sys [6/19/2009 3:04 PM 2048]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/14/2009 11:25 AM 908056]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\System32\drivers\akMPC4kU.sys [1/4/2008 3:11 PM 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [9/23/2008 12:39 PM 84832]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [7/22/2009 5:23 PM 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [7/22/2009 5:23 PM 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [7/22/2009 5:23 PM 29136]
S3 RDID1045;Roland FANTOM-X;c:\windows\System32\drivers\Rdwm1045.sys [3/26/2008 2:37 PM 56832]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\System32\drivers\ymidusbw.sys [4/19/2008 2:56 PM 33736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 18:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000003

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-15 18:06
ComboFix-quarantined-files.txt 2009-09-15 01:06
ComboFix2.txt 2009-09-13 01:10
ComboFix3.txt 2009-09-11 19:51

Pre-Run: 158,431,084,544 bytes free
Post-Run: 158,404,898,816 bytes free

306 --- E O F --- 2009-09-14 20:43
 
i scanned the whole computer first (it took 12 hours to complete) and it found these exact viruses in Scan Critical Areas.
Click to expand...
Did the whole computer scan found any other items than those three in critical area scan?

Please upload these to http://www.virustotal.com and post back links to the results:
C:\Program Files\Online Services\eBay\WizLink.exe
C:\Program Files\Online Services\zipca\WizLink.exe



Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
c:\program files\LimeWire
c:\users\mike\AppData\Roaming\uTorrent


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log and description of remaining issues.
 
i really dont need any of those files in that Online Services Folder could i just delete them? But here are the results from www.virustotal.com as requested

this is for C:\Program Files\Online Services\eBay\WizLink.exe

MD5: c45d74c22d4efc3f86c9cabf9d98611f
First received: 2006.11.03 19:44:28 UTC
Date: 2009.09.14 21:50:13 UTC [<1D]
Results: 1/41

Permalink: analisis/acc714741fb10f39c949ba5f3f56d56420574cce74650cf2193c616e5a34fee9-1252965013



File WizLink.exe received on 2009.09.14 21:50:13 (UTC)
Current status: finished

Result: 1/41 (2.44%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.14 -
AhnLab-V3 5.0.0.2 2009.09.14 -
AntiVir 7.9.1.14 2009.09.14 -
Antiy-AVL 2.0.3.7 2009.09.14 Worm/Win32.Polip.gen
Authentium 5.1.2.4 2009.09.14 -
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.14 -
CAT-QuickHeal 10.00 2009.09.14 -
ClamAV 0.94.1 2009.09.14 -
Comodo 2319 2009.09.14 -
DrWeb 5.0.0.12182 2009.09.14 -
eSafe 7.0.17.0 2009.09.14 -
eTrust-Vet 31.6.6737 2009.09.14 -
F-Prot 4.5.1.85 2009.09.14 -
F-Secure 8.0.14470.0 2009.09.13 -
Fortinet 3.120.0.0 2009.09.14 -
GData 19 2009.09.14 -
Ikarus T3.1.1.72.0 2009.09.14 -
Jiangmin 11.0.800 2009.09.14 -
K7AntiVirus 7.10.844 2009.09.14 -
Kaspersky 7.0.0.125 2009.09.14 -
McAfee 5741 2009.09.14 -
McAfee+Artemis 5741 2009.09.14 -
McAfee-GW-Edition 6.8.5 2009.09.14 -
Microsoft 1.5005 2009.09.14 -
NOD32 4425 2009.09.14 -
Norman 6.01.09 2009.09.14 -
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 -
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.14 -
Rising 21.47.04.00 2009.09.14 -
Sophos 4.45.0 2009.09.14 -
Sunbelt 3.2.1858.2 2009.09.14 -
Symantec 1.4.4.12 2009.09.14 -
TheHacker 6.3.4.4.403 2009.09.14 -
TrendMicro 8.950.0.1094 2009.09.14 -
VBA32 3.12.10.10 2009.09.14 -
ViRobot 2009.9.14.1934 2009.09.14 -
VirusBuster 4.6.5.0 2009.09.14 -
Additional information
File size: 40960 bytes
MD5 : c45d74c22d4efc3f86c9cabf9d98611f
SHA1 : 9156223d154de1c74eba91bfac4348291224fb1f
SHA256: acc714741fb10f39c949ba5f3f56d56420574cce74650cf2193c616e5a34fee9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1192
timedatestamp.....: 0x42A61412 (Tue Jun 7 23:39:30 2005)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x49DA 0x5000 6.36 896493177206c7d469edaa4b4754663c
.rdata 0x6000 0x964 0x1000 3.68 862333608f0667daea26c27df53da028
.data 0x7000 0x3E7C 0x3000 0.57 640e37a49aa1c3cab8b0eb624f4af3b8

( 3 imports )

> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> kernel32.dll: CreateProcessA, FlushFileBuffers, GetStringTypeW, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetLastError, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle
> shell32.dll: ShellExecuteExA

( 0 exports )

TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=c45d74c22d4efc3f86c9cabf9d98611f
ssdeep: 384:edj9qNJTE/S4x7kRiF7Y6qL854Crq3EOWoYRmn/rTtbShXy6rWCS9EM7lS:/PE/r7kRiFA4Vbc/5I/rWtuUl
PEiD : Armadillo v1.71
RDS : NSRL Reference Data Set
-
 
C:\Program Files\Online Services\zipca\WizLink.exe


File has already been analysed:
MD5: c45d74c22d4efc3f86c9cabf9d98611f
First received: 2006.11.03 19:44:28 UTC
Date: 2009.09.14 21:50:13 UTC [<1D]
Results: 1/41
Permalink: analisis/acc714741fb10f39c949ba5f3f56d56420574cce74650cf2193c616e5a34fee9-1252965013


File WizLink.exe received on 2009.09.14 21:50:13 (UTC)
Current status: finished

Result: 1/41 (2.44%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.14 -
AhnLab-V3 5.0.0.2 2009.09.14 -
AntiVir 7.9.1.14 2009.09.14 -
Antiy-AVL 2.0.3.7 2009.09.14 Worm/Win32.Polip.gen
Authentium 5.1.2.4 2009.09.14 -
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.14 -
CAT-QuickHeal 10.00 2009.09.14 -
ClamAV 0.94.1 2009.09.14 -
Comodo 2319 2009.09.14 -
DrWeb 5.0.0.12182 2009.09.14 -
eSafe 7.0.17.0 2009.09.14 -
eTrust-Vet 31.6.6737 2009.09.14 -
F-Prot 4.5.1.85 2009.09.14 -
F-Secure 8.0.14470.0 2009.09.13 -
Fortinet 3.120.0.0 2009.09.14 -
GData 19 2009.09.14 -
Ikarus T3.1.1.72.0 2009.09.14 -
Jiangmin 11.0.800 2009.09.14 -
K7AntiVirus 7.10.844 2009.09.14 -
Kaspersky 7.0.0.125 2009.09.14 -
McAfee 5741 2009.09.14 -
McAfee+Artemis 5741 2009.09.14 -
McAfee-GW-Edition 6.8.5 2009.09.14 -
Microsoft 1.5005 2009.09.14 -
NOD32 4425 2009.09.14 -
Norman 6.01.09 2009.09.14 -
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 -
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.14 -
Rising 21.47.04.00 2009.09.14 -
Sophos 4.45.0 2009.09.14 -
Sunbelt 3.2.1858.2 2009.09.14 -
Symantec 1.4.4.12 2009.09.14 -
TheHacker 6.3.4.4.403 2009.09.14 -
TrendMicro 8.950.0.1094 2009.09.14 -
VBA32 3.12.10.10 2009.09.14 -
ViRobot 2009.9.14.1934 2009.09.14 -
VirusBuster 4.6.5.0 2009.09.14 -
Additional information
File size: 40960 bytes
MD5 : c45d74c22d4efc3f86c9cabf9d98611f
SHA1 : 9156223d154de1c74eba91bfac4348291224fb1f
SHA256: acc714741fb10f39c949ba5f3f56d56420574cce74650cf2193c616e5a34fee9
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1192
timedatestamp.....: 0x42A61412 (Tue Jun 7 23:39:30 2005)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x49DA 0x5000 6.36 896493177206c7d469edaa4b4754663c
.rdata 0x6000 0x964 0x1000 3.68 862333608f0667daea26c27df53da028
.data 0x7000 0x3E7C 0x3000 0.57 640e37a49aa1c3cab8b0eb624f4af3b8

( 3 imports )

> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> kernel32.dll: CreateProcessA, FlushFileBuffers, GetStringTypeW, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetLastError, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle
> shell32.dll: ShellExecuteExA

( 0 exports )

TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=c45d74c22d4efc3f86c9cabf9d98611f
ssdeep: 384:edj9qNJTE/S4x7kRiF7Y6qL854Crq3EOWoYRmn/rTtbShXy6rWCS9EM7lS:/PE/r7kRiFA4Vbc/5I/rWtuUl
PEiD : Armadillo v1.71
RDS : NSRL Reference Data Set
 
Hi,

Online Services folder seems to be there by default in HP systems. I believe those findings were false positives. So, not necessary to delete them.
 
Great.
And here's my combofix log as requested :)

ComboFix 09-09-14.02 - mike 09/15/2009 8:17.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1309 [GMT -7:00]
Running from: c:\users\mike\Desktop\SnaPPLe.exe
Command switches used :: c:\users\mike\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jl011.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\MessagesBundles.jar
c:\program files\LimeWire\lib\mp3sp14.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbis.jar
c:\users\mike\AppData\Roaming\uTorrent
c:\users\mike\AppData\Roaming\uTorrent\YouTube Video Downloader 1.6.4 - By QuackWare

.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 15:25 . 2009-09-15 15:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-15 15:25 . 2009-09-15 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-15 00:50 . 2009-09-15 01:06 -------- d-----w- C:\SnaPPLe3143S
2009-09-14 16:27 . 2009-09-14 16:27 -------- d-----w- c:\users\mike\AppData\Local\Apple
2009-09-14 00:08 . 2009-09-14 00:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 00:07 . 2009-09-14 00:07 -------- d-----w- c:\program files\Java
2009-09-13 23:47 . 2009-09-14 00:14 -------- d-----w- c:\users\mike\AppData\Local\Adobe
2009-09-13 00:40 . 2009-09-13 00:40 -------- d-----w- C:\SnaPPLe
2009-09-11 19:51 . 2009-09-15 15:26 -------- d-----w- c:\users\mike\AppData\Local\temp
2009-09-11 18:47 . 2009-09-11 18:48 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-09-11 14:59 . 2009-09-11 15:01 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-09-10 06:15 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 18:09 . 2009-09-09 18:16 -------- d-----w- c:\program files\Trend Micro
2009-09-09 06:39 . 2009-09-09 06:39 -------- d-----w- c:\programdata\Sunbelt
2009-09-07 21:54 . 2009-09-08 06:26 -------- d-----w- c:\program files\Sunbelt Software
2009-09-07 02:42 . 2009-09-07 02:42 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2009-09-07 02:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 02:41 . 2009-09-07 02:41 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 02:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 02:41 . 2009-09-11 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 01:49 . 2009-09-09 21:46 -------- d-----w- c:\program files\Panda Security
2009-09-04 20:48 . 2009-09-09 21:41 -------- d-----w- c:\programdata\PC Tools
2009-09-03 00:45 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 00:45 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 10:02 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 00:23 . 2009-08-26 00:23 -------- d-----w- c:\program files\4Musics WAV to MP3 Converter
2009-08-19 18:36 . 2009-08-20 01:30 -------- d-----w- c:\users\mike\AppData\Roaming\Winamp
2009-08-19 18:36 . 2009-08-19 18:37 -------- d-----w- c:\program files\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 20:55 . 2008-04-13 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-12 20:51 . 2008-04-13 20:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-10 17:59 . 2007-09-09 19:12 -------- d-----w- c:\users\mike\AppData\Roaming\mIRC
2009-09-10 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 18:29 . 2009-06-16 16:23 0 ----a-w- c:\users\mike\AppData\Local\prvlcl.dat
2009-09-01 23:47 . 2009-09-01 23:47 -------- d-----w- c:\program files\Free Audio Pack
2009-08-26 00:24 . 2008-10-17 22:03 -------- d-----w- c:\program files\Ace MP3 To WAV Converter
2009-08-14 17:07 . 2009-09-10 06:16 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 06:16 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 06:16 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 06:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 06:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 06:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 06:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 06:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 06:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 06:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:58 . 2009-09-04 21:23 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\program files\EarMaster Pro 5
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\users\mike\AppData\Roaming\EarMaster
2009-08-11 19:30 . 2009-08-11 19:30 -------- d-----w- c:\programdata\EarMaster
2009-08-11 05:53 . 2009-08-11 05:53 -------- d-----w- c:\programdata\Downloaded Installations
2009-08-11 05:52 . 2009-05-14 18:23 -------- d-----w- c:\programdata\avg8
2009-08-11 02:16 . 2008-04-07 22:11 -------- d-----w- c:\programdata\FLEXnet
2009-08-03 16:19 . 2009-05-14 18:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-03 16:19 . 2009-05-14 18:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 16:19 . 2009-05-14 18:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-23 00:23 . 2009-07-23 00:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-23 00:23 . 2009-07-23 00:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-21 20:36 . 2009-07-21 20:36 -------- d-----w- c:\program files\Vstplugins
2009-07-18 16:06 . 2009-07-28 23:40 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 23:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 23:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 19:36 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 19:36 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 19:36 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 19:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 19:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-10 06:16 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-10 06:16 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:32 . 2009-09-10 06:16 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:29 . 2009-09-10 06:16 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-01 02:03 . 2009-07-01 02:03 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2008-01-26 22:48 . 2008-01-26 22:48 0 --sha-w- c:\windows\SBC38B530.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_19.48.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-10 18:58 . 2009-09-13 23:47 62902 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-15 02:44 90010 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-03 18:03 . 2009-09-15 02:44 15670 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1427494975-2143899584-4123375682-1000_UserData.bin
- 2007-09-03 17:56 . 2009-09-11 18:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-03 17:56 . 2009-09-15 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-03 17:56 . 2009-09-15 15:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-03 17:56 . 2009-09-11 18:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-03 17:56 . 2009-09-11 18:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-03 17:56 . 2009-09-15 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-09 15:48 . 2009-09-12 20:52 4992 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-09-11 19:40 . 2009-09-11 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-13 23:44 . 2009-09-15 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-11 19:40 . 2009-09-11 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-13 23:44 . 2009-09-15 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-14 07:09 . 2009-09-11 23:19 273098 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-20 14:35 . 2009-09-15 14:49 546852 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-09-14 00:08 . 2009-09-14 00:07 149280 c:\windows\System32\javaws.exe
+ 2009-09-14 00:08 . 2009-09-14 00:07 145184 c:\windows\System32\javaw.exe
+ 2009-09-14 00:08 . 2009-09-14 00:07 145184 c:\windows\System32\java.exe
- 2006-11-02 10:22 . 2009-09-11 14:41 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-12 19:17 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-07 20:29 . 2009-09-11 18:35 1850240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-07 20:29 . 2009-09-13 23:43 1850240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-14 00:07 . 2009-09-14 00:07 1757696 c:\windows\Installer\14fb04.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-13 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-23 1600008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2007-9-10 126976]
MOTU Pedal Handler.lnk - c:\windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-17 10134]
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B74D4073-4A65-4516-BAA9-C36211272413}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3268F9DE-2BE1-4BA1-8F3A-1BB02C8100D3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CC0EE83-F4EF-4719-99E1-490B956C0F5A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4513983D-0C39-4FAE-90C6-A381B25F63D8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C52709ED-5492-4C67-AA3D-BDA44F3C77A2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3CD4529E-5113-41D2-BCAC-DB7911B55C4E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9DCBB145-7212-4670-BA5A-1E7FF1382BC4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{068BAED6-CA03-402A-9E71-2794EBD2C887}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A14168FF-C125-47DE-A405-9FF0B73306DE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{063497CE-70DD-42AB-9B34-33C87055991F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BA8EFD64-9614-46FD-B172-42C2530D38DE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6F48FE21-A898-40B7-B6B1-9B50AD020D25}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{2721363D-8A7C-403D-9745-11663E94956B}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{F6B7ED2B-7F67-4820-A521-8B8478C45518}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{87CFD502-683E-4097-8960-2DB6815907E9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4E4AC7AB-D111-43AE-B77F-C45C6D6527F1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3792332-B664-4CE2-9C12-8813271F9D9F}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{2A03D6FB-1225-4720-9910-4CA80CD23789}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{886A128E-60F3-415C-92CD-7AA722A8AA50}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AC15DACA-CFA1-4D1D-B672-8240AF2D7012}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6699F5EA-DAA4-4546-BAFA-7452AB832F66}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{832CFB87-1306-4CF9-B90B-57239E16F75D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6E980E6C-8A0C-44E9-8368-F211748849E3}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{9E392FF1-4FFF-4E2E-B8A4-EFFAF4851165}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{5953E229-30E5-4280-B058-9BDEB3D71A64}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{F70EC504-1928-441F-8FB9-67997A3F37C8}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{EC435664-8772-4085-8EEC-6AE37572DF2A}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{6C759863-6E26-4827-B880-A926CC9BE00B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8EADB55A-E98B-4CF6-BB54-B3326116480F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B7ED8531-9224-43E1-B08E-23CED92BB755}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{FD5759EC-4CFF-453E-8AF2-46E61B4B3097}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{71A4BBC5-BFDA-46E4-8D67-6979959C7F9A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2A8FCC79-1900-4247-8B2C-EF036C65CF10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{55C616E4-7047-4528-920B-0D19F87454B0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{80C495C5-F775-4BD1-8AA9-BB997939D048}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98163C55-ED80-4C81-9B1C-2E5D969227AC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A30D7A0A-9D14-450F-B7E4-7407AE42B374}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{2C622DAD-06D9-4751-8B3A-50B3F11B6B68}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{A299CCDE-FF68-4DB6-96B0-1F55EAD8469C}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{2CDC90EB-1170-4A8D-B2F0-5C47DB5AEE83}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{36C82A20-12D6-49DA-8F9F-EE1D07BD96B5}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{5201E383-A18C-4184-BC07-229C183B5686}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{6BF94A10-9C05-4F98-A6FA-B7D42413B1DE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6046AC6C-EB29-4825-819A-4962701C4F73}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\drivers\AVGIDSErHr.sys [7/22/2009 5:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [5/14/2009 11:26 AM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [5/14/2009 11:04 AM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/14/2009 11:26 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/14/2009 11:26 AM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/14/2009 11:25 AM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/14/2009 11:25 AM 1370488]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [7/22/2009 5:23 PM 571912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/12/2007 12:23 PM 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [4/8/2008 11:23 PM 33792]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\System32\drivers\motubus.sys [1/4/2007 6:06 PM 23288]
R3 portio32;portio32;c:\windows\System32\drivers\portio32.sys [6/19/2009 3:04 PM 2048]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/14/2009 11:25 AM 908056]
S3 akMPC4kU;AKAI MPC4000 Driver;c:\windows\System32\drivers\akMPC4kU.sys [1/4/2008 3:11 PM 11392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [9/23/2008 12:39 PM 84832]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [7/22/2009 5:23 PM 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [7/22/2009 5:23 PM 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [7/22/2009 5:23 PM 29136]
S3 mfwagsif;MOTU Audio GSIF;c:\windows\System32\drivers\mfwagsif.sys [1/4/2007 7:06 PM 21752]
S3 mfwamidi;MOTU Audio MIDI;c:\windows\System32\drivers\MFWAMIDI.sys [1/4/2007 7:06 PM 25336]
S3 mfwawave;MOTU Audio Wave;c:\windows\System32\drivers\MFWAWave.sys [1/4/2007 7:05 PM 58104]
S3 MotuFWA;MotuFWA;c:\windows\System32\drivers\motufwa.sys [1/4/2007 7:06 PM 233720]
S3 RDID1045;Roland FANTOM-X;c:\windows\System32\drivers\Rdwm1045.sys [3/26/2008 2:37 PM 56832]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\System32\drivers\ymidusbw.sys [4/19/2008 2:56 PM 33736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\ds97wq52.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 08:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000013

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:00000003

[HKEY_USERS\S-1-5-21-1427494975-2143899584-4123375682-1000\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000003

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-15 8:29
ComboFix-quarantined-files.txt 2009-09-15 15:29
ComboFix2.txt 2009-09-15 01:06
ComboFix3.txt 2009-09-13 01:10
ComboFix4.txt 2009-09-11 19:51

Pre-Run: 158,873,780,224 bytes free
Post-Run: 158,762,704,896 bytes free

357 --- E O F --- 2009-09-15 10:00
 
yeah im no longer redirected anymore whenever i use a search engine (Google, Yahoo) on the I.E. Browser

However, still cannot Save an .Exe file.. i deleted spybot off of my computer and tried to redownload it just now and it disapeared off of my desktop in 1 second
 
Hi,

Does same issue occur with other type of files? What if you save .exe file to location different from your desktop? Do you have user account control (UAC) enabled in Vista?

Please run GMER that I instructed in post #2.
 
You must log in or register to reply here.
Back
Top