I don't even feel safe using my computer anymore...

[newwyorkbound]

- 2008-04-14 00:12:08 131,584 ----a-w c:\windows\system32\wbem\viewprov.dll
+ 2004-08-04 19:00:00 131,584 ----a-w c:\windows\system32\wbem\viewprov.dll
- 2008-04-14 00:12:08 196,608 ----a-w c:\windows\system32\wbem\wbemcntl.dll
+ 2004-08-04 19:00:00 196,608 ----a-w c:\windows\system32\wbem\wbemcntl.dll
- 2008-04-14 00:12:08 214,528 ----a-w c:\windows\system32\wbem\wbemcomn.dll
+ 2004-08-04 19:00:00 214,528 ----a-w c:\windows\system32\wbem\wbemcomn.dll
- 2008-04-14 00:12:08 71,680 ----a-w c:\windows\system32\wbem\wbemcons.dll
+ 2004-08-04 19:00:00 71,680 ----a-w c:\windows\system32\wbem\wbemcons.dll
- 2008-04-14 00:12:08 531,456 ----a-w c:\windows\system32\wbem\wbemcore.dll
+ 2004-08-04 19:00:00 530,944 ----a-w c:\windows\system32\wbem\wbemcore.dll
- 2008-04-14 00:12:08 178,176 ----a-w c:\windows\system32\wbem\wbemdisp.dll
+ 2004-08-04 19:00:00 178,176 ----a-w c:\windows\system32\wbem\wbemdisp.dll
- 2008-04-14 00:12:08 273,920 ----a-w c:\windows\system32\wbem\wbemess.dll
+ 2004-08-04 19:00:00 273,920 ----a-w c:\windows\system32\wbem\wbemess.dll
- 2008-04-14 00:12:08 43,008 ----a-w c:\windows\system32\wbem\wbemperf.dll
+ 2004-08-04 19:00:00 43,008 ----a-w c:\windows\system32\wbem\wbemperf.dll
- 2008-04-14 00:12:08 18,944 ----a-w c:\windows\system32\wbem\wbemprox.dll
+ 2004-08-04 19:00:00 18,944 ----a-w c:\windows\system32\wbem\wbemprox.dll
- 2008-04-14 00:12:08 43,520 ----a-w c:\windows\system32\wbem\wbemsvc.dll
+ 2004-08-04 19:00:00 43,520 ----a-w c:\windows\system32\wbem\wbemsvc.dll
- 2008-04-14 00:12:39 116,224 ----a-w c:\windows\system32\wbem\wbemtest.exe
+ 2004-08-04 19:00:00 116,224 ----a-w c:\windows\system32\wbem\wbemtest.exe
- 2008-04-14 00:12:08 197,120 ----a-w c:\windows\system32\wbem\wbemupgd.dll
+ 2004-08-04 19:00:00 197,120 ----a-w c:\windows\system32\wbem\wbemupgd.dll
- 2008-04-14 00:12:40 196,608 ----a-w c:\windows\system32\wbem\wmiadap.exe
+ 2004-08-04 19:00:00 196,608 ----a-w c:\windows\system32\wbem\wmiadap.exe
- 2008-04-13 17:10:20 6,656 ----a-w c:\windows\system32\wbem\wmiapres.dll
+ 2004-08-04 19:00:00 6,656 ----a-w c:\windows\system32\wbem\wmiapres.dll
- 2008-04-14 00:12:09 88,576 ----a-w c:\windows\system32\wbem\wmiaprpl.dll
+ 2004-08-04 19:00:00 89,088 ----a-w c:\windows\system32\wbem\wmiaprpl.dll
- 2008-04-14 00:12:40 126,464 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
+ 2004-08-04 19:00:00 126,464 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
- 2008-04-14 00:12:09 60,928 ----a-w c:\windows\system32\wbem\wmicookr.dll
+ 2004-08-04 19:00:00 60,928 ----a-w c:\windows\system32\wbem\wmicookr.dll
- 2008-04-14 00:12:09 140,800 ----a-w c:\windows\system32\wbem\wmidcprv.dll
+ 2004-08-04 19:00:00 140,800 ----a-w c:\windows\system32\wbem\wmidcprv.dll
- 2008-04-14 00:12:09 156,672 ----a-w c:\windows\system32\wbem\wmipcima.dll
+ 2004-08-04 19:00:00 156,672 ----a-w c:\windows\system32\wbem\wmipcima.dll
- 2008-04-14 00:12:09 132,096 ----a-w c:\windows\system32\wbem\wmipdskq.dll
+ 2004-08-04 19:00:00 132,096 ----a-w c:\windows\system32\wbem\wmipdskq.dll
- 2008-04-14 00:12:09 61,952 ----a-w c:\windows\system32\wbem\wmipiprt.dll
+ 2004-08-04 19:00:00 62,464 ----a-w c:\windows\system32\wbem\wmipiprt.dll
- 2008-04-14 00:12:09 62,464 ----a-w c:\windows\system32\wbem\wmipjobj.dll
+ 2004-08-04 19:00:00 62,976 ----a-w c:\windows\system32\wbem\wmipjobj.dll
- 2008-04-14 00:12:09 144,896 ----a-w c:\windows\system32\wbem\wmiprov.dll
+ 2004-08-04 19:00:00 144,896 ----a-w c:\windows\system32\wbem\wmiprov.dll
- 2008-04-14 00:12:09 437,248 ----a-w c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-04 19:00:00 437,248 ----a-w c:\windows\system32\wbem\wmiprvsd.dll
- 2008-04-14 00:12:40 218,112 ----a-w c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-04 19:00:00 218,112 ----a-w c:\windows\system32\wbem\wmiprvse.exe
- 2008-04-14 00:12:09 41,472 ----a-w c:\windows\system32\wbem\wmipsess.dll
+ 2004-08-04 19:00:00 41,472 ----a-w c:\windows\system32\wbem\wmipsess.dll
- 2008-04-14 00:12:09 144,896 ----a-w c:\windows\system32\wbem\wmisvc.dll
+ 2004-08-04 19:00:00 144,896 ----a-w c:\windows\system32\wbem\wmisvc.dll
- 2008-04-14 00:12:09 95,232 ----a-w c:\windows\system32\wbem\wmiutils.dll
+ 2004-08-04 19:00:00 95,232 ----a-w c:\windows\system32\wbem\wmiutils.dll
- 2008-04-14 00:12:08 49,152 ----a-w c:\windows\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w c:\windows\system32\wdigest.dll
- 2008-04-14 00:12:45 23,552 ----a-w c:\windows\system32\wdmaud.drv
+ 2004-08-04 08:56:58 23,552 ----a-w c:\windows\system32\wdmaud.drv
- 2008-04-14 00:12:08 68,096 ----a-w c:\windows\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w c:\windows\system32\webclnt.dll
- 2008-04-14 00:12:08 135,680 ----a-w c:\windows\system32\webvw.dll
+ 2004-08-04 19:00:00 135,680 ----a-w c:\windows\system32\webvw.dll

- 2008-04-14 00:12:39 65,024 ----a-w c:\windows\system32\wextract.exe
+ 2004-08-04 19:00:00 65,536 ----a-w c:\windows\system32\wextract.exe
- 2008-04-14 00:12:39 433,664 ----a-w c:\windows\system32\wiaacmgr.exe
+ 2004-08-04 19:00:00 433,664 ----a-w c:\windows\system32\wiaacmgr.exe
- 2008-04-14 00:12:08 463,360 ----a-w c:\windows\system32\wiadefui.dll
+ 2004-08-04 19:00:00 463,360 ----a-w c:\windows\system32\wiadefui.dll
- 2008-04-14 00:12:08 124,416 ----a-w c:\windows\system32\wiadss.dll
+ 2004-08-04 19:00:00 124,416 ----a-w c:\windows\system32\wiadss.dll
- 2008-04-14 00:12:08 75,776 ----a-w c:\windows\system32\wiascr.dll
+ 2004-08-04 19:00:00 75,776 ----a-w c:\windows\system32\wiascr.dll
- 2008-04-14 00:12:08 333,824 ----a-w c:\windows\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w c:\windows\system32\wiaservc.dll
- 2008-04-14 00:12:08 589,312 ----a-w c:\windows\system32\wiashext.dll
+ 2004-08-04 19:00:00 589,312 ----a-w c:\windows\system32\wiashext.dll
- 2008-04-14 00:12:08 111,104 ----a-w c:\windows\system32\wiavideo.dll
+ 2004-08-04 19:00:00 111,104 ----a-w c:\windows\system32\wiavideo.dll
- 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2008-04-14 00:12:08 102,400 ----a-w c:\windows\system32\win32spl.dll
+ 2004-08-04 19:00:00 101,888 ----a-w c:\windows\system32\win32spl.dll
- 2008-04-13 16:48:53 1,647,616 ----a-w c:\windows\system32\winbrand.dll
+ 2004-08-04 19:00:00 937,984 ----a-w c:\windows\system32\winbrand.dll
- 2008-04-14 00:12:08 354,304 ----a-w c:\windows\system32\winhttp.dll
+ 2004-08-04 19:00:00 351,232 ----a-w c:\windows\system32\winhttp.dll
- 2008-04-14 00:12:09 32,256 ----a-w c:\windows\system32\winipsec.dll
+ 2004-08-04 19:00:00 32,768 ----a-w c:\windows\system32\winipsec.dll
- 2008-04-14 00:12:39 507,904 ----a-w c:\windows\system32\winlogon.exe
+ 2004-08-04 19:00:00 502,272 ----a-w c:\windows\system32\winlogon.exe
- 2008-04-14 00:12:09 176,128 ----a-w c:\windows\system32\winmm.dll
+ 2004-08-04 19:00:00 176,128 ----a-w c:\windows\system32\winmm.dll
- 2008-04-14 00:11:11 756,224 ----a-w c:\windows\system32\winntbbu.dll
+ 2004-08-04 19:00:00 764,928 ----a-w c:\windows\system32\winntbbu.dll
- 2008-04-14 00:12:09 16,896 ----a-w c:\windows\system32\winrnr.dll
+ 2004-08-04 19:00:00 16,896 ----a-w c:\windows\system32\winrnr.dll
- 2008-04-14 00:12:09 99,328 ----a-w c:\windows\system32\winscard.dll
+ 2004-08-04 19:00:00 99,328 ----a-w c:\windows\system32\winscard.dll
- 2008-04-14 00:12:09 17,408 ----a-w c:\windows\system32\winshfhc.dll
+ 2004-08-04 19:00:00 17,408 ----a-w c:\windows\system32\winshfhc.dll
- 2008-04-14 00:12:45 146,432 ----a-w c:\windows\system32\winspool.drv
+ 2004-08-04 19:00:00 146,432 ----a-w c:\windows\system32\winspool.drv
- 2008-04-14 00:12:09 293,376 ----a-w c:\windows\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w c:\windows\system32\winsrv.dll
- 2008-04-14 00:12:09 53,760 ----a-w c:\windows\system32\winsta.dll
+ 2004-08-04 19:00:00 53,760 ----a-w c:\windows\system32\winsta.dll
- 2008-04-14 00:12:09 176,640 ----a-w c:\windows\system32\wintrust.dll
+ 2004-08-04 19:00:00 176,640 ----a-w c:\windows\system32\wintrust.dll
- 2008-04-14 00:12:40 5,632 ----a-w c:\windows\system32\winver.exe
+ 2004-08-04 19:00:00 5,632 ----a-w c:\windows\system32\winver.exe
- 2008-04-14 00:12:09 132,096 ----a-w c:\windows\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w c:\windows\system32\wkssvc.dll
- 2008-04-14 00:12:09 172,032 ----a-w c:\windows\system32\wldap32.dll
+ 2004-08-04 19:00:00 172,032 ----a-w c:\windows\system32\wldap32.dll
- 2008-04-14 00:12:09 92,672 ----a-w c:\windows\system32\wlnotify.dll
+ 2004-08-04 19:00:00 92,672 ----a-w c:\windows\system32\wlnotify.dll
- 2008-04-14 00:11:15 5,632 ----a-w c:\windows\system32\wmi.dll
+ 2004-08-04 19:00:00 5,632 ----a-w c:\windows\system32\wmi.dll
- 2008-04-14 00:12:09 115,200 ----a-w c:\windows\system32\wmsdmoe.dll
+ 2004-08-04 19:00:00 115,200 ----a-w c:\windows\system32\wmsdmoe.dll
- 2008-04-14 00:12:10 303,616 ----a-w c:\windows\system32\wmstream.dll
+ 2004-08-04 19:00:00 303,616 ----a-w c:\windows\system32\wmstream.dll
- 2008-04-14 00:12:10 264,192 ----a-w c:\windows\system32\wow32.dll
+ 2004-08-04 19:00:00 264,192 ----a-w c:\windows\system32\wow32.dll
- 2008-04-14 00:12:40 32,256 ----a-w c:\windows\system32\wpabaln.exe
+ 2004-08-04 19:00:00 32,256 ----a-w c:\windows\system32\wpabaln.exe
- 2008-04-14 00:12:41 11,264 ----a-w c:\windows\system32\wpnpinst.exe
+ 2004-08-04 19:00:00 32,256 ----a-w c:\windows\system32\wpnpinst.exe
- 2008-04-14 00:12:10 82,432 ----a-w c:\windows\system32\ws2_32.dll
+ 2004-08-04 19:00:00 82,944 ----a-w c:\windows\system32\ws2_32.dll
- 2008-04-14 00:12:10 19,968 ----a-w c:\windows\system32\ws2help.dll
+ 2004-08-04 19:00:00 19,968 ----a-w c:\windows\system32\ws2help.dll
- 2008-04-14 00:12:41 13,824 ----a-w c:\windows\system32\wscntfy.exe
+ 2004-08-04 19:00:00 13,824 ----a-w c:\windows\system32\wscntfy.exe
- 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
+ 2004-08-04 19:00:00 114,688 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 00:12:10 80,896 ----a-w c:\windows\system32\wscsvc.dll
+ 2004-08-04 19:00:00 81,408 ----a-w c:\windows\system32\wscsvc.dll
- 2008-04-14 00:12:10 108,032 ----a-w c:\windows\system32\wshbth.dll
+ 2004-08-04 19:00:00 108,032 ----a-w c:\windows\system32\wshbth.dll
- 2008-04-14 00:12:10 36,864 ----a-w c:\windows\system32\wshcon.dll
+ 2004-08-04 19:00:00 28,672 ----a-w c:\windows\system32\wshcon.dll
- 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2004-08-04 19:00:00 65,536 ----a-w c:\windows\system32\wshext.dll
- 2008-04-14 00:12:10 14,336 ----a-w c:\windows\system32\wship6.dll
+ 2004-08-04 19:00:00 14,336 ----a-w c:\windows\system32\wship6.dll
- 2008-04-14 00:12:10 11,264 ----a-w c:\windows\system32\wshrm.dll
+ 2004-08-04 19:00:00 11,776 ----a-w c:\windows\system32\wshrm.dll
- 2008-04-14 00:12:10 19,456 ----a-w c:\windows\system32\wshtcpip.dll
+ 2004-08-04 19:00:00 19,968 ----a-w c:\windows\system32\wshtcpip.dll
- 2008-04-14 00:12:10 41,984 ----a-w c:\windows\system32\wsnmp32.dll
+ 2004-08-04 19:00:00 42,496 ----a-w c:\windows\system32\wsnmp32.dll
- 2008-04-14 00:12:10 22,528 ----a-w c:\windows\system32\wsock32.dll
+ 2004-08-04 19:00:00 22,528 ----a-w c:\windows\system32\wsock32.dll
- 2008-04-14 00:12:10 50,688 ----a-w c:\windows\system32\wstdecod.dll
+ 2004-08-04 19:00:00 50,688 ----a-w c:\windows\system32\wstdecod.dll
- 2008-04-14 00:12:10 18,432 ----a-w c:\windows\system32\wtsapi32.dll
+ 2004-08-04 19:00:00 18,432 ----a-w c:\windows\system32\wtsapi32.dll
- 2008-04-14 00:12:41 165,888 ----a-w c:\windows\system32\wuauclt1.exe
+ 2004-08-04 19:00:00 165,888 ----a-w c:\windows\system32\wuauclt1.exe
- 2008-04-14 00:12:11 183,296 ----a-w c:\windows\system32\wuaueng1.dll
+ 2004-08-04 19:00:00 183,296 ----a-w c:\windows\system32\wuaueng1.dll
- 2008-04-14 00:12:11 6,656 ----a-w c:\windows\system32\wuauserv.dll
+ 2004-08-04 19:00:00 6,656 ----a-w c:\windows\system32\wuauserv.dll
- 2008-04-14 00:12:11 383,488 ----a-w c:\windows\system32\wzcdlg.dll
+ 2004-08-04 19:00:00 378,368 ----a-w c:\windows\system32\wzcdlg.dll
- 2008-04-14 00:12:11 52,736 ----a-w c:\windows\system32\wzcsapi.dll
+ 2004-08-04 19:00:00 51,712 ----a-w c:\windows\system32\wzcsapi.dll
- 2008-04-14 00:12:11 483,840 ----a-w c:\windows\system32\wzcsvc.dll
+ 2004-08-04 19:00:00 359,936 ----a-w c:\windows\system32\wzcsvc.dll
- 2008-04-14 00:12:11 91,648 ----a-w c:\windows\system32\xactsrv.dll
+ 2004-08-04 19:00:00 91,648 ----a-w c:\windows\system32\xactsrv.dll
- 2008-04-14 00:12:41 30,720 ----a-w c:\windows\system32\xcopy.exe
+ 2004-08-04 19:00:00 30,720 ----a-w c:\windows\system32\xcopy.exe
- 2008-04-14 00:12:11 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2006-07-14 15:51:51 121,856 ----a-w c:\windows\system32\xmllite.dll
- 2008-04-14 00:12:11 129,024 ----a-w c:\windows\system32\xmlprov.dll
+ 2004-08-04 19:00:00 129,536 ----a-w c:\windows\system32\xmlprov.dll
- 2008-04-14 00:12:11 50,176 ----a-w c:\windows\system32\xmlprovi.dll
+ 2004-08-04 19:00:00 50,176 ----a-w c:\windows\system32\xmlprovi.dll

- 2008-04-14 00:12:11 11,776 ----a-w c:\windows\system32\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 ----a-w c:\windows\system32\xolehlp.dll
- 2008-04-13 17:39:29 438,784 ----a-w c:\windows\system32\xpob2res.dll
+ 2004-08-04 19:00:00 438,784 ----a-w c:\windows\system32\xpob2res.dll
- 2008-04-13 17:39:22 187,392 ----a-w c:\windows\system32\xpsp1res.dll
+ 2004-08-04 19:00:00 187,392 ----a-w c:\windows\system32\xpsp1res.dll
- 2008-04-13 17:39:24 2,897,920 ----a-w c:\windows\system32\xpsp2res.dll
+ 2004-08-04 19:00:00 2,897,920 ----a-w c:\windows\system32\xpsp2res.dll
- 2008-04-13 17:39:26 689,152 ----a-w c:\windows\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w c:\windows\system32\xpsp3res.dll
- 2008-04-14 00:12:11 338,432 ----a-w c:\windows\system32\zipfldr.dll
+ 2004-08-04 19:00:00 337,920 ----a-w c:\windows\system32\zipfldr.dll
+ 2009-01-28 07:35:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8d8.dat
- 2008-04-14 00:12:07 50,688 ----a-w c:\windows\twain_32.dll
+ 2004-08-04 19:00:00 50,688 ----a-w c:\windows\twain_32.dll
- 2008-04-14 00:12:39 283,648 ----a-w c:\windows\winhlp32.exe
+ 2004-08-04 19:00:00 283,648 ----a-w c:\windows\winhlp32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-10-16 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MostFun.lnk - c:\program files\MostFun\Bin\MostFun.exe [2007-08-28 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MostFun.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MostFun.lnk
backup=c:\windows\pss\MostFun.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-04-29 00:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-11-21 17:38 52840 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 22:36 1207080 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lost Beachs screen saver]
--a------ 2002-02-06 17:09 370176 c:\program files\Lost Beachs\screen saver\TaskTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 14:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 02:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 23:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-23 01:38 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2008-02-19 12:01 104080 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-11-05 05:47 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-05 05:47 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2007-03-14 19:49 125632 c:\progra~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-10-16 20:57 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\MostFun\\Bin\\MostFun.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
R4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-27 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yl65l58j.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.portal.radford.edu/MyRU.php
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yl65l58j.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 02:33:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2266918304-2087264726-3243295965-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_USERS\S-1-5-21-2266918304-2087264726-3243295965-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2266918304-2087264726-3243295965-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2266918304-2087264726-3243295965-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2266918304-2087264726-3243295965-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop4]
"Name"="oemDesktop4"
"DisplayName"="NotepadSync"
"Param1"="\\EXTRAS\\DESKTOP\\NotePadSync\\NotePadSync.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000000
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-01-28 2:39:28 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-28 07:38:28
ComboFix2.txt 2009-01-24 09:18:00

Pre-Run: 93,931,364,352 bytes free
Post-Run: 94,008,369,152 bytes free

3953 --- E O F --- 2009-01-28 07:25:30

 

[newwyorkbound]

Wow that was a lot of copying and pasting!
Here's my HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:27 AM, on 1/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11317 bytes

 

[Blade81]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

c:\documents and settings\Owner\Application Data\LimeWire
c:\program files\LimeWire

Empty Recycle Bin.

After that:


Start hjt, do a system scan, check (if found):
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

Close browsers and fix checked.


Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Owner\Application Data\LimeWire
c:\program files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

 

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.