Virtumonde.

Status
Not open for further replies.
Y

your name here

New member
Spybot detects, but doesn't remove, and I need some advice other than "format".


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:59 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Documents and Settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {b3de4d04-2b32-451f-8088-a8c90ac9659a} - C:\WINDOWS\system32\jazefara.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sanavepuru] Rundll32.exe "C:\WINDOWS\system32\muzakego.dll",s
O4 - HKLM\..\Run: [CPMf35b1149] Rundll32.exe "c:\windows\system32\yojakagu.dll",a
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [sanavepuru] Rundll32.exe "C:\WINDOWS\system32\muzakego.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlayer/launcher/PotPlayerLauncher.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\lisuhufu.dll c:\windows\system32\rulutati.dll c:\windows\system32\raseloka.dll c:\windows\system32\yojakagu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yojakagu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yojakagu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 9113 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

1) uTorrent <<< uninstall all p2p programs, see this:
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Click to expand...

2) Post an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

3) DO NOT enable TeaTimer while we are working.

4) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks
 
I ran the uninstaller in C:\Program Files\uTorrent
It didn't seem to do anything other than remove the start menu shortcuts. If you absolutely require that I remove it, I'll need more instructions regarding how to remove it. I've included the uninstall log anyways.

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Armadillo Run Demo Version 1.0.5
Armadillo Run Version 1.0.1
Audacity 1.2.6
AVG 7.5
BitPim 1.0.5
Blender (remove only)
Bonjour
Celtx (0.9.9.7)
CryEngine(R)2 Sandbox(TM)2
Deus Ex
DivX Web Player
Fallout 3
G6 U-DISK Manager Uninstall
Game of Life
GOM Player
Google Earth
Guitar Hero III
GunBound Classic v417
Half-Life 2: Jaykin' Bacon Source
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
Impossible Creatures 1.0.1
IrfanView (remove only)
iTunes
Java(TM) 6 Update 5
JFK Reloaded 1.1
Left 4 Dead
LiveUpdate BVRP Software
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Reader
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
mobile PhoneTools
Motorola Driver Installation
Motorola PST
Mozilla Firefox (3.0.4)
MSI v2 to redistribute Rigs of Rods
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Narbacular Drop version 1.4
NVIDIA Drivers
Oblivion
oggcodecs 0.71.0946
Opposing Force
PeerCast (remove only)
Piano Hero (remove only)
QuickTime
Q-Xpress Installer 1.1.9
Realtek AC'97 Audio
Realtek High Definition Audio Driver
RollerCoaster Tycoon Deluxe
RPG Maker VX
RPG Maker VX RTP
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SimPE 0.62 (alpha)
Sins of a Solar Empire
Sins of a Solar Empire
Source SDK
SPORE™
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam
support.com Support Connection
System Requirements Lab
Team Fortress Classic
TES Construction Set
The Sims 2
The Sims 2 HomeCrafter Plus
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Seasons
Tribes 2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.6a
WhatPulse 1.5
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Frotz
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinTin++
Xbox 360 Controller for Windows
Yugioh Virtual Desktop


ComboFix 08-11-27.07 - Gamer 2008-11-28 14:04:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.431 [GMT -3.5:30]
Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Gamer\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\fubabebu.dll
c:\windows\system32\jazefara.dll
c:\windows\system32\kegovahe.dll
c:\windows\system32\lisuhufu.dll
c:\windows\system32\yerehute.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 00:44 . 2008-11-28 00:44 2,098 ---hs---- c:\windows\system32\samazaho.exe
2008-11-27 12:21 . 2008-11-27 12:21 <DIR> d-------- c:\program files\Trend Micro
2008-11-26 18:56 . 2008-11-26 18:56 <DIR> d-------- C:\VundoFix Backups
2008-11-25 22:14 . 2008-11-27 11:09 384 --a------ c:\windows\wininit.ini
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-25 01:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-25 01:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-25 01:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-24 18:12 . 2008-11-24 18:14 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-24 18:11 . 2008-11-24 18:15 <DIR> d-------- c:\program files\Windows Live
2008-11-24 18:11 . 2008-11-24 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-12 11:55 . 2008-09-04 13:45 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:55 . 2008-10-24 07:51 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 20:56 . 2008-11-09 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-09 20:55 . 2008-11-09 20:55 <DIR> d-------- c:\windows\system32\xlive
2008-11-09 20:55 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-09 20:55 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-09 20:55 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 17:41 --------- d-----w c:\program files\Steam
2008-11-28 17:41 --------- d-----w c:\documents and settings\Gamer\Application Data\uTorrent
2008-11-28 17:19 --------- d-----w c:\program files\uTorrent
2008-11-28 08:03 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-26 22:13 --------- d-----w c:\program files\Java
2008-11-26 01:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 01:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 21:52 --------- d-----w c:\program files\DivX
2008-11-25 06:31 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-24 21:48 --------- d-----w c:\program files\MSN Messenger
2008-11-24 20:44 --------- d-----w c:\documents and settings\Gamer\Application Data\mIRC
2008-11-20 21:27 --------- d-----w c:\program files\mIRC
2008-11-10 00:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 00:26 --------- d-----w c:\program files\Bethesda Softworks
2008-11-08 20:41 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-08 20:38 --------- d-----w c:\documents and settings\Gamer\Application Data\SystemRequirementsLab
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 01:05 --------- d-----w c:\program files\G6 U-DISK Manager
2008-10-16 17:43 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 17:43 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 17:42 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 17:42 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 17:39 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 17:39 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 17:39 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 17:38 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 20:13 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\nsa206.tmp
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\nsv205.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-07 11:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-02 23:09 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-04-02 17:53 88 --sh--r c:\documents and settings\All Users\Application Data\3413FDFCC2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-16 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2008-09-14 267056]
"Google Update"="c:\documents and settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\YVD\\YGO Virtual Desktop V086.exe"=
"c:\\Program Files\\YVD\\n00b-IRC.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\team fortress 2\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\PeerCast\\PeerCast.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Halo CE Portable Edition By Am3n\\App\\haloce.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\Half-life\\hl.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Gamer\\OctoshapeClient.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softnyx Canada\\GunBound Classic\\GunBound.exe"=
"c:\\Program Files\\Softnyx Canada\\GunBound Classic\\GunBound.gme"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 ithsgt;ithsgt;c:\windows\system32\DRIVERS\ithsgt.sys [2007-12-03 162432]
R2 lilsgt;lilsgt;c:\windows\system32\DRIVERS\lilsgt.sys [2007-12-03 12032]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2007-03-10 20160]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b108be18-d0eb-11db-84ea-0017315c3d6e}]
\Shell\AutoRun\command - G:\FalloutLauncher.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-28 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 18:40]
.
- - - - ORPHANS REMOVED - - - -

BHO-{b3de4d04-2b32-451f-8088-a8c90ac9659a} - c:\windows\system32\jazefara.dll
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKLM-Run-sanavepuru - c:\windows\system32\muzakego.dll
HKLM-Run-CPMf35b1149 - c:\windows\system32\yojakagu.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Gamer\Application Data\Mozilla\Firefox\Profiles\o6ooaw5v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
FF -: plugin - c:\documents and settings\Gamer\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\documents and settings\Gamer\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - c:\program files\Octoshape Streaming Services\Gamer\octoprogram-L03-NMS0806110_SUA_900\npoctoshape.dll
FF -: plugin - c:\program files\Octoshape Streaming Services\Gamer\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 14:08:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-11-28 14:24:28 - machine was rebooted [Gamer]
ComboFix-quarantined-files.txt 2008-11-28 17:54:24

Pre-Run: 5,875,163,136 bytes free
Post-Run: 5,748,711,424 bytes free

228 --- E O F --- 2008-11-25 06:31:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:41 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlayer/launcher/PotPlayerLauncher.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 8340 bytes
 
Thanks for returning your information, looking at the uninstall list first.

Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

Adobe Reader 8.1.2 <<< out of date and being exploited, see this information:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows
http://www.foxitsoftware.com/pdf/rd_intro.php

AVG 7.5 <<< I run AVG 8, is this program out of date? Do you own this program or is it free?
Make sure you respond with that information, I can not move forward with an out of date antivirus program, waste of both out time.

Java(TM) 6 Update 5 <<< out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Spybot - Search & Destroy 1.4 <<< uninstall the old program

SpywareBlaster v3.5.1 <<< a good program, but out of date. You need to disable everything, then uninstall the program. Install the new version from here:
http://www.javacoolsoftware.com/spywareblaster.html



1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\windows\system32\samazaho.exe

Folder::
C:\VundoFix Backups
c:\program files\uTorrent
c:\documents and settings\Gamer\Application Data\uTorrent

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {2E215D23-8D32-4141-BB8F-6254C84FBC9E} - http://potplayer.daum.net/PotPlayer/...erLauncher.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running?

Thanks
 
I updated to adobe reader 8.1.3.
I'm using the free version of AVG. Looks like the autoupdater for it wasn't working. I uninstalled and downloaded 8.0
I uninstalled the old java via add/remove programs and downloaded version 6 update 10.
Spybot 1.4 was uninstalled via add/remove programs.
old version of Spywareblaster had everything disabled, then was uninstalled. Downloaded 4.1

I'm going to install everything now. My next post will be the logs.
 
I have omitted some file names from


ComboFix 08-11-27.07 - Gamer 2008-11-28 16:26:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.575 [GMT -3.5:30]
Running from: c:\documents and settings\Gamer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gamer\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\samazaho.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gamer\Application Data\uTorrent
c:\documents and settings\Gamer\Application Data\uTorrent\dht.dat
c:\documents and settings\Gamer\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Gamer\Application Data\uTorrent\Grand_Theft_Auto_4_Second_HD_Trailer.torrent
c:\documents and settings\Gamer\Application Data\uTorrent\pokemongreen-tas-primo.avi.torrent
c:\documents and settings\Gamer\Application Data\uTorrent\resume.dat
c:\documents and settings\Gamer\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Gamer\Application Data\uTorrent\rss.dat
c:\documents and settings\Gamer\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Gamer\Application Data\uTorrent\settings.dat
c:\documents and settings\Gamer\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Gamer\Application Data\uTorrent\supermario64-tas-1star-aka_and_swordlesslink.avi.torrent
c:\documents and settings\Gamer\Application Data\uTorrent\utorrent.lng
c:\program files\uTorrent
c:\program files\uTorrent\4602-utorrent.2747.dmp
c:\program files\uTorrent\4602-utorrent.9209.dmp
c:\program files\uTorrent\4602-utorrent.99d3.dmp
c:\program files\uTorrent\4602-utorrent.9dad.dmp
c:\program files\uTorrent\utorrent.exe
C:\VundoFix Backups
c:\windows\system32\samazaho.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 12:21 . 2008-11-27 12:21 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 22:14 . 2008-11-27 11:09 384 --a------ c:\windows\wininit.ini
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-25 21:24 . 2008-11-25 21:24 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-25 01:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-25 01:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-25 01:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-24 18:12 . 2008-11-24 18:14 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-24 18:11 . 2008-11-24 18:15 <DIR> d-------- c:\program files\Windows Live
2008-11-24 18:11 . 2008-11-24 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-12 11:55 . 2008-09-04 13:45 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:55 . 2008-10-24 07:51 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 20:56 . 2008-11-09 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-09 20:55 . 2008-11-09 20:55 <DIR> d-------- c:\windows\system32\xlive
2008-11-09 20:55 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-09 20:55 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-09 20:55 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 19:47 --------- d-----w c:\program files\Steam
2008-11-28 19:31 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-28 19:18 --------- d-----w c:\documents and settings\Gamer\Application Data\AVG7
2008-11-28 17:52 --------- d-----w c:\program files\Microsoft Works
2008-11-26 22:13 --------- d-----w c:\program files\Java
2008-11-25 21:52 --------- d-----w c:\program files\DivX
2008-11-25 06:31 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-24 21:48 --------- d-----w c:\program files\MSN Messenger
2008-11-24 20:44 --------- d-----w c:\documents and settings\Gamer\Application Data\mIRC
2008-11-20 21:27 --------- d-----w c:\program files\mIRC
2008-11-10 00:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 00:26 --------- d-----w c:\program files\Bethesda Softworks
2008-11-08 20:41 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-08 20:38 --------- d-----w c:\documents and settings\Gamer\Application Data\SystemRequirementsLab
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 01:05 --------- d-----w c:\program files\G6 U-DISK Manager
2008-10-16 17:43 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 17:43 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 17:42 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 17:42 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 17:39 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 17:39 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 17:39 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 17:38 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 20:13 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\nsa206.tmp
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\nsv205.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-07 11:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-02 23:09 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-04-02 17:53 88 --sh--r c:\documents and settings\All Users\Application Data\3413FDFCC2.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-28_14.23.45.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-15 02:13:20 87,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-15 02:27:34 38,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 02:23:06 94,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 02:23:24 60,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-15 02:23:22 46,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 06:44:28 350,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 06:48:12 47,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-25 22:27:20 75,832 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 02:26:54 14,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 02:27:14 98,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-31 18:49:52 131,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-08-13 06:04:38 10,073,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-07-15 02:11:44 13,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-08-03 14:26:16 1,146,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2002-10-07 13:19:36 192,573 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2003-07-24 02:31:40 1,949,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 03:06:14 186,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 02:10:12 179,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 02:10:12 165,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-25 22:30:16 1,157,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-25 22:44:50 799,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 02:41:42 2,139,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-15 02:27:44 87,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 02:23:50 161,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-24 02:02:32 121,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-06-18 21:01:44 758,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 21:01:10 252,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 21:01:48 17,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 21:01:48 18,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 21:01:46 35,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 21:01:34 443,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-07-15 02:16:08 176,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-07-15 02:31:44 445,496 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
+ 2003-07-15 02:27:14 124,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 02:42:22 47,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 02:28:04 230,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 02:21:50 116,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2002-12-17 22:38:50 359,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 22:38:54 1,383,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 02:26:14 40,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 02:21:44 87,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2002-04-09 23:44:36 187,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 02:22:52 17,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 03:53:16 12,172,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-15 02:27:16 120,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 06:44:18 106,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-24 02:05:26 127,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 02:22:52 27,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 02:14:06 25,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 02:22:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-17 22:39:24 2,071,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-15 02:26:16 54,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-11 05:45:48 1,292,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 06:48:52 376,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 02:22:54 28,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 02:22:52 35,896 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 02:23:00 55,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 02:23:20 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 02:16:16 42,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 02:15:12 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 02:15:12 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 21:01:24 1,033,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 21:01:54 788,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-18 21:01:50 16,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 19:35:52 128,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-19 19:35:50 364,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 02:32:42 637,496 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 02:22:58 41,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 02:32:14 627,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 02:26:24 124,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 02:10:00 482,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 02:30:54 145,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 02:27:10 56,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 02:26:52 13,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-18 21:01:58 6,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2003-07-15 06:44:26 283,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 06:44:26 828,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 06:44:26 27,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 06:44:26 242,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 02:35:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 02:23:08 95,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OSA.EXE
+ 2003-07-15 02:11:56 24,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 02:14:34 102,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-08-10 02:36:42 7,522,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-15 02:14:32 88,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 02:15:18 196,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-15 02:13:48 139,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 02:13:18 64,056 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 02:13:16 49,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-08-01 18:39:04 8,086,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 16:10:40 6,133,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 06:48:54 430,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 06:48:44 93,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-31 18:51:08 1,782,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2002-10-07 13:41:00 167,997 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-15 02:12:26 37,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-09 01:24:00 77,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 02:27:08 40,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 13:19:42 81,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 02:13:30 74,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-21 15:16:38 390,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 02:27:18 349,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 02:14:16 66,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 02:27:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-08-06 17:01:22 362,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
+ 2003-07-15 02:23:14 11,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-03 14:22:32 2,808,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2002-10-07 13:23:04 106,561 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-07-15 02:30:22 99,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2002-10-07 13:20:44 241,729 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 13:21:04 180,289 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 13:21:14 147,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 13:21:20 102,467 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 13:20:04 118,847 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 13:19:56 81,983 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 13:21:44 221,252 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 02:27:40 59,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2003-07-03 18:49:36 2,502,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-06 16:54:20 12,037,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2002-10-07 13:33:34 1,794,113 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 15:22:32 1,581,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 17:33:34 59,466 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2001-06-05 11:43:22 289,926 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 11:43:22 34,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2001-06-05 11:43:24 18,844 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 11:43:26 65,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2001-10-23 03:43:42 53,260 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 11:43:26 40,972 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
- 2008-11-25 06:31:21 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-28 17:54:31 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-25 06:31:21 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-28 17:54:31 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-25 06:31:21 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-28 17:54:31 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-25 06:31:21 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-28 17:54:32 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-25 06:31:21 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-28 17:54:32 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-25 06:31:21 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-28 17:54:33 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-25 06:31:21 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-28 17:54:31 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-25 06:31:21 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-28 17:54:34 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-25 06:31:21 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-28 17:54:31 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-25 06:31:21 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-28 17:54:30 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-28 19:24:09 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2003-08-03 14:26:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL
+ 2007-06-06 14:23:34 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2003-07-15 02:27:04 32,584 ----a-w c:\windows\system32\FM20ENU.DLL
+ 2007-03-22 22:47:04 35,440 ----a-w c:\windows\system32\FM20ENU.DLL
- 2008-10-27 16:44:24 129,296 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-28 19:46:41 129,296 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2003-06-18 21:01:48 17,920 ----a-w c:\windows\system32\mdimon.dll
+ 2007-04-09 16:53:54 28,040 ----a-w c:\windows\system32\mdimon.dll
- 2008-11-13 06:45:32 68,404 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 18:38:58 68,404 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-13 06:45:32 435,760 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 18:38:58 435,760 ----a-w c:\windows\system32\perfh009.dat
- 2003-06-18 21:01:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 16:54:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 21:01:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 16:53:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-18 21:01:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 16:54:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-18 21:01:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 16:53:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 21:01:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 16:53:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-16 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"Google Update"="c:\documents and settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\YVD\\YGO Virtual Desktop V086.exe"=
"c:\\Program Files\\YVD\\n00b-IRC.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\team fortress 2\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\PeerCast\\PeerCast.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Halo CE Portable Edition By Am3n\\App\\haloce.exe"=
"c:\\Program Files\\Steam\\steamapps\\yournameinhere\\Half-life\\hl.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Gamer\\OctoshapeClient.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softnyx Canada\\GunBound Classic\\GunBound.exe"=
"c:\\Program Files\\Softnyx Canada\\GunBound Classic\\GunBound.gme"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 ithsgt;ithsgt;c:\windows\system32\DRIVERS\ithsgt.sys [2007-12-03 162432]
R2 lilsgt;lilsgt;c:\windows\system32\DRIVERS\lilsgt.sys [2007-12-03 12032]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2007-03-10 20160]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b108be18-d0eb-11db-84ea-0017315c3d6e}]
\Shell\AutoRun\command - G:\FalloutLauncher.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-28 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 18:40]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uTorrent - c:\program files\uTorrent\utorrent.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 16:30:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-28 16:37:26
ComboFix-quarantined-files.txt 2008-11-28 20:06:09
ComboFix2.txt 2008-11-28 17:54:29

Pre-Run: 5,832,863,744 bytes free
Post-Run: 5,818,486,784 bytes free

430 --- E O F --- 2008-11-28 17:55:22

Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 3

11/28/2008 7:26:42 PM
mbam-log-2008-11-28 (19-26-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185183
Time elapsed: 1 hour(s), 40 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\fubabebu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jazefara.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kegovahe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lisuhufu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yerehute.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP673\A0062103.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP673\A0062104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP674\A0062222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP676\A0062498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP676\A0062500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP678\A0062620.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP678\A0062621.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP678\A0062622.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP678\A0062623.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7738F915-7931-4FC3-B212-3E70018FDF66}\RP678\A0062624.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:37 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gamer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 6845 bytes


Computer runs fine as far as I can tell.
 
Thanks for that feedback, you have stuff running at startup I doubt you need at every start, have a look at this information to help your computer.
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutorials/runningslowly.php
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Let's proceed like this:

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.

Update AVG 8 and scan the system, to be sure it is running right and scanning clean.
Here is some good information for you: FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
 
Status
Not open for further replies.
Back
Top