Member Panel

arthur92710

ComboFix 08-06-11.3 - Administrator 2008-06-12 22:10:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.243 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM57f45f18.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbJPonnn.ini
C:\WINDOWS\system32\bbJPonnn.ini2
C:\WINDOWS\system32\cisxlrwo.dll
C:\WINDOWS\system32\dvpayeah.ini
C:\WINDOWS\system32\haeyapvd.dll
C:\WINDOWS\system32\keibwjoh.dll
C:\WINDOWS\system32\nnnoPJbb.dll
C:\WINDOWS\system32\sckojgsq.dll
C:\WINDOWS\system32\vbpbwfsw.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-12 22:00 . 2008-06-12 22:00 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-12 20:27 . 2001-09-24 07:59 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-06-12 20:27 . 2001-09-24 07:59 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-12 20:27 . 2001-09-24 07:59 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-12 20:27 . 2001-09-24 07:59 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-06-12 20:26 . 2008-06-12 20:26 <DIR> d-------- C:\WINDOWS\system32\CBA
2008-06-12 20:26 . 2008-06-12 20:27 <DIR> d-------- C:\Program Files\Symantec
2008-06-12 20:26 . 2008-06-12 22:11 <DIR> d-------- C:\Program Files\NavNT
2008-06-12 18:58 . 2008-06-12 18:58 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-06-12 17:11 . 2008-06-12 17:11 <DIR> d-------- C:\Inetpub
2008-06-12 14:52 . 2008-06-12 14:52 3,784,664 --a------ C:\WINDOWS\xobglu32.dll
2008-06-12 14:52 . 2008-06-12 14:52 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-06-11 22:55 . 2008-06-11 22:55 2,208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys
2008-06-10 15:11 . 2008-06-10 15:11 <DIR> d-------- C:\VundoFix Backups
2008-06-09 18:29 . 2008-06-10 14:56 294 --a------ C:\WINDOWS\wininit.ini
2008-06-08 13:26 . 2008-06-08 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-08 13:23 . 2006-09-24 11:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-08 13:23 . 2007-09-04 12:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-08 13:23 . 2007-09-20 20:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-08 13:23 . 2007-10-03 11:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-08 13:22 . 2008-06-08 13:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-08 13:22 . 2008-01-10 08:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-08 13:22 . 2008-01-10 08:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-08 13:22 . 2008-03-28 13:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-08 13:22 . 2007-07-10 12:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-08 11:05 . 2008-06-08 11:05 4,236 --a------ C:\WINDOWS\SETUP.LST
2008-06-08 11:05 . 2008-06-08 11:05 303 --a------ C:\WINDOWS\ST6UNST.000
2008-06-08 08:40 . 2008-06-08 08:40 59,392 --a------ C:\WINDOWS\system32\geBTNfDU.dll.vir
2008-06-01 20:52 . 2008-06-01 20:52 <DIR> d-------- C:\Program Files\CACE Technologies
2008-06-01 15:53 . 2008-06-01 15:53 <DIR> d-------- C:\Program Files\WinPcap
2008-06-01 15:49 . 2008-06-01 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-06-01 15:22 . 2008-06-01 15:23 <DIR> d-------- C:\Program Files\WinSCP
2008-06-01 15:19 . 2008-06-05 18:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Wireshark
2008-06-01 15:05 . 2008-06-01 15:07 <DIR> d-------- C:\Program Files\Wireshark
2008-06-01 11:12 . 2008-06-01 18:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FileZilla
2008-06-01 11:11 . 2008-06-01 11:11 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-06-01 11:02 . 2008-06-01 11:03 <DIR> d-------- C:\Program Files\FileZilla Server
2008-05-30 15:56 . 2008-05-30 16:12 5,497,296 --a------ C:\Kayne West - Stronger.rar
2008-05-29 17:16 . 2008-05-29 17:26 272 --a------ C:\WINDOWS\Wlink83p.ini
2008-05-29 16:59 . 1999-08-30 14:51 9,152 --a------ C:\WINDOWS\system32\drivers\Ticalc.sys
2008-05-29 16:38 . 2008-05-29 16:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Megaupload
2008-05-28 20:02 . 2008-05-28 20:02 <DIR> d-------- C:\Program Files\Google
2008-05-26 22:43 . 2008-05-26 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-26 16:47 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\GSC
2008-05-26 16:47 . 2008-05-26 16:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GSC
2008-05-24 21:18 . 2008-06-01 20:32 <DIR> d-------- C:\Program Files\Bagatrix
2008-05-24 13:55 . 2008-05-24 13:55 894 --a------ C:\WINDOWS\cw23.cfg
2008-05-24 13:55 . 2008-05-24 13:55 552 --a------ C:\WINDOWS\ew23.cfg
2008-05-24 13:54 . 2008-05-24 13:55 1,082 --a------ C:\WINDOWS\ew23.INI
2008-05-24 13:53 . 2008-05-24 13:55 1,206 --a------ C:\WINDOWS\cw23.INI
2008-05-24 13:44 . 2008-05-24 13:44 <DIR> d-------- C:\Program Files\IAR Systems
2008-05-24 13:44 . 2008-05-24 13:44 <DIR> d-------- C:\Program Files\Common Files\Labcenter Electronics
2008-05-24 13:44 . 2008-05-24 13:44 <DIR> d-------- C:\Program Files\Common Files\IAR Systems
2008-05-24 13:43 . 2008-05-24 13:43 <DIR> d-------- C:\Program Files\Labcenter Electronics
2008-05-24 13:36 . 2008-05-24 13:36 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-24 13:30 . 2008-05-24 13:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:29 . 2008-05-24 13:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-23 18:30 . 2008-05-23 18:32 <DIR> d-------- C:\WinAVR-20080512
2008-05-23 18:19 . 2008-05-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft
2008-05-23 18:19 . 2008-05-23 18:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\National Instruments
2008-05-23 16:17 . 2008-05-23 16:18 <DIR> d-------- C:\Program Files\HI-TECH Software
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\National Instruments
2008-05-23 16:10 . 2008-05-23 16:10 <DIR> d-------- C:\WINDOWS\system32\cvirte
2008-05-23 16:10 . 2008-05-23 16:17 <DIR> d-------- C:\Program Files\National Instruments
2008-05-23 15:56 . 2008-02-19 15:39 191,424 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2008-05-23 15:55 . 2008-05-23 15:55 <DIR> d-------- C:\Program Files\Atmel
2008-05-23 15:55 . 2007-09-17 08:04 3,858,432 --a------ C:\WINDOWS\system32\BCGCBPRO95580.dll
2008-05-23 15:55 . 2007-04-26 13:18 290,904 --a------ C:\WINDOWS\system32\vc6-re200l.dll
2008-05-23 15:55 . 2008-02-19 15:42 143,360 --a------ C:\WINDOWS\system32\wdapi920.dll
2008-05-23 15:55 . 2006-10-18 15:29 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll
2008-05-23 15:55 . 2006-02-07 14:45 73,728 --a------ C:\WINDOWS\system32\RWUXThemeS.dll
2008-05-23 15:54 . 2008-05-23 15:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-21 19:55 . 2008-05-21 20:00 <DIR> d-------- C:\Program Files\Unlocker
2008-05-21 18:12 . 2008-06-10 17:56 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 18:12 . 2008-06-12 22:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-21 18:04 . 2008-05-21 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-05-21 18:00 . 2008-05-21 18:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-13 00:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-13 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-13 00:03 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-10 02:23 --------- d-----w C:\Program Files\The Learning Company
2008-06-10 02:21 --------- d-----w C:\Program Files\Oberon Media
2008-06-10 02:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-09 21:53 --------- d-----w C:\Program Files\SpeedFan
2008-06-08 17:20 --------- d-----w C:\Program Files\DivX
2008-05-29 21:16 --------- d-----w C:\Program Files\TI Education
2008-05-26 20:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-24 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 01:27 --------- d-----w C:\Program Files\iTunes
2008-05-23 20:17 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-05-21 21:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-05-21 20:30 --------- d-----w C:\Program Files\Apple Software Update
2008-05-14 03:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-12 23:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2008-05-12 16:04 --------- d-----w C:\Program Files\iPod
2008-05-12 15:57 --------- d-----w C:\Program Files\QuickTime
2008-05-03 00:07 --------- d-----w C:\Program Files\Sony Setup
2008-05-02 22:37 --------- d-----w C:\Program Files\MegauploadToolbar
2008-05-02 22:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\Megaupload
2008-05-02 22:36 --------- d-----w C:\Program Files\Megaupload
2008-05-02 22:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-05-02 22:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-29 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 23:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-29 03:05 --------- d-----w C:\Program Files\Lavalys
2008-04-28 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-28 22:12 --------- d-----w C:\Program Files\FlashFXP
2008-04-28 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-04-28 21:20 --------- d-----w C:\Program Files\Azureus
2008-04-27 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-27 20:26 --------- d-----w C:\Program Files\Lavasoft
2008-04-27 20:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 16:13 692,497 ----a-w C:\WINDOWS\unins000.exe
2008-04-20 14:48 --------- d-----w C:\Program Files\El Cheapo Version 0.84
2008-04-20 01:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-04-20 01:34 --------- d-----w C:\Program Files\Apache Software Foundation
2007-12-15 14:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-03-17 20:12 303,104 ----a-w C:\Program Files\lame_enc.dll
2006-12-20 01:41 32,555 ----a-w C:\Documents and Settings\Owner\elcheapo.exe
2006-01-23 14:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 18:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
2005-05-13 21:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 15:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 01:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 23:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 16:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-22 02:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 04:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 14:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 17:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot_2008-06-12_17.20.02.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 21:11:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 02:18:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-07-31 06:50:00 24,576 ----a-w C:\WINDOWS\McAfee.com\FreeScan\avdat.exe
+ 2007-07-09 10:20:00 5,264 ----a-w C:\WINDOWS\McAfee.com\FreeScan\config.dat
+ 2008-06-12 13:34:44 156,984 ----a-w C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
+ 2007-07-09 10:20:00 2,724,006 ----a-w C:\WINDOWS\McAfee.com\FreeScan\mcscan32.dll
+ 2008-06-12 09:20:00 870,870 ----a-w C:\WINDOWS\McAfee.com\FreeScan\names.DAT
+ 2006-12-18 15:03:00 7,449 ----a-w C:\WINDOWS\McAfee.com\FreeScan\rwabs16.dll
+ 2006-12-18 15:03:10 16,921 ----a-w C:\WINDOWS\McAfee.com\FreeScan\rwabs32.dll
+ 2008-06-12 09:20:00 30,599,268 ----a-w C:\WINDOWS\McAfee.com\FreeScan\scan.DAT
+ 2000-09-18 21:12:40 15,872 ----a-w C:\WINDOWS\system32\AMSLIB.DLL
+ 2000-09-18 21:16:20 13,824 ----a-w C:\WINDOWS\system32\cba.dll
+ 2000-09-18 21:12:40 14,336 ----a-w C:\WINDOWS\system32\CBAXFR.DLL
+ 2000-09-18 21:12:40 45,056 ----a-w C:\WINDOWS\system32\CLUTIL_S.DLL
+ 2000-09-18 21:12:40 92,672 ----a-w C:\WINDOWS\system32\CSL.DLL
+ 2000-09-18 21:12:40 222,720 ----a-w C:\WINDOWS\system32\CSSM32S.DLL
+ 2000-09-18 21:12:40 23,040 ----a-w C:\WINDOWS\system32\CSSMS_IN.DLL
+ 2000-09-18 21:12:40 62,976 ----a-w C:\WINDOWS\system32\INDSM_S.DLL
- 2008-06-12 21:15:40 219,943 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-13 02:22:32 219,944 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2000-09-18 21:12:40 109,056 ----a-w C:\WINDOWS\system32\IX509CLS.DLL
+ 2000-09-18 21:12:40 77,824 ----a-w C:\WINDOWS\system32\LOC32VC0.DLL
+ 2000-09-18 21:16:20 20,992 ----a-w C:\WINDOWS\system32\msgsys.dll
+ 2000-09-18 21:12:40 14,336 ----a-w C:\WINDOWS\system32\MSGSYS.EXE
+ 2000-09-18 21:12:40 1,039,360 ----a-w C:\WINDOWS\system32\MSJET35.DLL
+ 2000-09-18 21:12:40 37,136 ----a-w C:\WINDOWS\system32\MSJINT35.DLL
+ 2000-09-18 21:12:40 24,336 ----a-w C:\WINDOWS\system32\MSJTER35.DLL
+ 2000-09-18 21:12:40 169,984 ----a-w C:\WINDOWS\system32\MSLTUS35.DLL
+ 2000-09-18 21:12:40 251,664 ----a-w C:\WINDOWS\system32\MSRD2X35.DLL
+ 2001-09-24 11:59:00 45,056 ----a-w C:\WINDOWS\system32\NavLogon.dll
+ 2000-09-18 21:16:20 61,952 ----a-w C:\WINDOWS\system32\nts.dll
+ 2000-09-18 21:12:40 77,824 ----a-w C:\WINDOWS\system32\ODBCTL32.DLL
+ 2000-09-18 21:16:20 81,408 ----a-w C:\WINDOWS\system32\pds.dll
+ 2000-09-18 21:12:40 368,912 ----a-w C:\WINDOWS\system32\VBAR332.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{970AC70C-3A12-4A41-9B66-11F78C9F7710}]
C:\WINDOWS\system32\wvUmjhhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEEF42DE-61AF-4645-A154-72481F22BCD6}]
C:\WINDOWS\system32\mlJCRhFV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-21 18:12 219952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SpySweeper"="C:\Spy Sweeper\SpySweeper.exe" [2006-01-25 12:21 3405312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk
backup=C:\WINDOWS\pss\Wireless-G Notebook Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-08-30 13:19 87392 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo RX580 Series on ARTHUR]
--a------ 2006-05-23 04:00 139264 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB PA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo RX580 Series on ARTHUR (Copy 1)]
--a------ 2006-05-23 04:00 139264 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB PA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-08-19 15:50 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2006-06-01 11:26 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPHost]
--a------ 2006-11-18 23:14 216576 C:\Program Files\PSPHost\\PSPHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 16:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2006-05-15 15:52 675840 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-04 03:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-04-28 22:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a------ 2006-06-19 13:37 262144 C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yapta Tracker]
--a------ 2007-08-27 17:14 296240 C:\Program Files\Yapta\YaptaClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SoundMAX Agent Service (default)"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LexBceS"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"CryptSvc"=3 (0x3)
"CiSvc"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Themes"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\PSPHost\\files\\usbhostfs_old.exe"=
"C:\\Program Files\\PSPHost\\files\\PimpStreamer.exe"=
"C:\\Program Files\\Microsoft DirectX SDK (October 2006)\\Samples\\C++\\Misc\\Bin\\x86\\Firewall.exe" =
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\R6E8VNO4.PAH\\H8K1D2HX.DBM\\l oca..tion_a8e5dcf1d52dd7e2_0001.0001_3b6d4cea4c725 a9c\\Local TCP Port Opener.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\iTunes\\Copy of iTunes.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\WinPcap\\rpcapd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"65000:TCP"= 65000:TCP:iis

R0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys [2005-02-14 11:54]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 11:54]
R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2005-05-06 10:12]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Driver s\hwinterface.sys [2006-12-19 20:53]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvin tdrv.sys [2006-07-27 10:00]
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-06-11 22:55]
R3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-08-27 08:59]
S2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.s ys [1999-08-30 14:51]
S3 Ali910;Ali910;C:\WINDOWS\system32\drivers\R8139n51 .sys [2003-10-23 11:11]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\driver s\dump_wmimmc.sys []
S3 ebookman;FEP_USB Driver;C:\WINDOWS\system32\Drivers\ebookman.sys [2001-05-11 13:13]
S3 ECRDRV;ECRDRV;C:\WINDOWS\system32\drivers\ecrdrv.s ys [2004-12-12 10:55]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-28 20:02]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2008-01-29 21:24]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sy s [2004-09-24 23:36]
S3 RTCore;RTCore;C:\Documents and Settings\Owner\Desktop\RTCore.sys [2008-06-07 11:11]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 10:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 01:53:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 02:13:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2005-07-09 23:41:25 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 22:20:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\FileZilla Server\FileZilla server.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-06-12 22:25:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-13 02:24:55
ComboFix2.txt 2008-06-12 21:21:08
ComboFix3.txt 2008-06-12 02:19:23
ComboFix4.txt 2008-04-20 03:12:18

Pre-Run: 2,672,119,808 bytes free
Post-Run: 2,681,532,416 bytes free

418 --- E O F --- 2007-07-11 12:05:32

arthur92710

So, whats wrong with it?
Sorry I have not been here in a while, I was working on upgrading my other laptop, from vista to xp

. xp is soooo much better.

Pancake · 08:04 AM

More to remove...

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{970AC70C-3A12-4A41-9B66-11F78C9F7710}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEEF42DE-61AF-4645-A154-72481F22BCD6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"=-

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

arthur92710

Ok here it is.

ComboFix 08-06-11.3 - Administrator 2008-06-17 9:23:42.5 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\Scantestfix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\Scantestfix\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-13 21:45 . 2008-06-13 21:45 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator
2008-06-13 21:04 . 2008-06-13 21:07 163,274,752 --a------ C:\usb.iso
2008-06-13 19:53 . 2008-06-13 20:57 <DIR> d-------- C:\pebuilder3110a
2008-06-13 19:28 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-13 19:28 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-13 19:27 . 2004-08-03 23:07 6,912 --a------ C:\WINDOWS\system32\drivers\smbclass.sys
2008-06-13 19:27 . 2004-08-03 23:07 6,912 --a------ C:\WINDOWS\system32\dllcache\smbclass.sys
2008-06-13 19:27 . 2001-08-17 13:57 6,784 --a------ C:\WINDOWS\system32\drivers\smbhc.sys
2008-06-13 19:27 . 2001-08-17 13:57 6,784 --a------ C:\WINDOWS\system32\dllcache\smbhc.sys
2008-06-13 19:21 . 2001-08-17 13:53 3,328 --a------ C:\WINDOWS\system32\drivers\qv2kux.sys
2008-06-13 19:21 . 2001-08-17 13:53 3,328 --a------ C:\WINDOWS\system32\dllcache\qv2kux.sys
2008-06-13 19:19 . 2001-07-21 14:29 161,568 --a------ C:\WINDOWS\system32\drivers\sgsmusb.sys
2008-06-13 19:19 . 2001-07-21 14:29 161,568 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-06-13 19:19 . 2006-02-03 12:37 49,536 -ra------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2008-06-13 19:19 . 2004-08-03 23:08 40,832 --a------ C:\WINDOWS\system32\drivers\IrBus.sys
2008-06-13 19:19 . 2004-08-03 23:08 40,832 --a------ C:\WINDOWS\system32\dllcache\irbus.sys
2008-06-13 19:19 . 2001-07-21 14:29 18,400 --a------ C:\WINDOWS\system32\drivers\sgsmld.sys
2008-06-13 19:19 . 2001-07-21 14:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-06-13 19:18 . 2001-08-17 13:12 12,160 --a------ C:\WINDOWS\system32\drivers\BrFiltLo.sys
2008-06-13 19:18 . 2001-08-17 13:12 12,160 --a------ C:\WINDOWS\system32\dllcache\brfiltlo.sys
2008-06-13 19:18 . 2001-08-17 13:12 3,968 --a------ C:\WINDOWS\system32\drivers\BrFiltUp.sys
2008-06-13 19:18 . 2001-08-17 13:12 3,968 --a------ C:\WINDOWS\system32\dllcache\brfiltup.sys
2008-06-13 18:56 . 2006-09-09 15:13 225,280 --a------ C:\WINDOWS\system32\USBoot.dll
2008-06-13 18:56 . 2006-09-09 15:12 143,360 --a------ C:\WINDOWS\system32\USBoot.sys
2008-06-13 14:14 . 2008-06-13 16:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-06-12 22:00 . 2008-06-12 22:00 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-12 20:27 . 2001-09-24 07:59 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-06-12 20:27 . 2001-09-24 07:59 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-12 20:27 . 2001-09-24 07:59 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-12 20:27 . 2001-09-24 07:59 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-06-12 20:26 . 2008-06-12 20:26 <DIR> d-------- C:\WINDOWS\system32\CBA
2008-06-12 20:26 . 2008-06-12 20:27 <DIR> d-------- C:\Program Files\Symantec
2008-06-12 20:26 . 2008-06-12 22:11 <DIR> d-------- C:\Program Files\NavNT
2008-06-12 18:58 . 2008-06-12 18:58 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-06-12 17:11 . 2008-06-12 17:11 <DIR> d-------- C:\Inetpub
2008-06-12 14:52 . 2008-06-12 14:52 3,784,664 --a------ C:\WINDOWS\xobglu32.dll
2008-06-12 14:52 . 2008-06-12 14:52 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-06-11 22:55 . 2008-06-11 22:55 2,208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys
2008-06-10 15:11 . 2008-06-10 15:11 <DIR> d-------- C:\VundoFix Backups
2008-06-09 18:29 . 2008-06-10 14:56 294 --a------ C:\WINDOWS\wininit.ini
2008-06-08 13:26 . 2008-06-08 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-08 13:23 . 2006-09-24 11:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-08 13:23 . 2007-09-04 12:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-08 13:23 . 2007-09-20 20:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-08 13:23 . 2007-10-03 11:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-08 13:22 . 2008-06-08 13:22 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-08 13:22 . 2008-01-10 08:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-08 13:22 . 2008-01-10 08:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-08 13:22 . 2008-03-28 13:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-08 13:22 . 2007-07-10 12:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-08 11:05 . 2008-06-08 11:05 4,236 --a------ C:\WINDOWS\SETUP.LST
2008-06-08 11:05 . 2008-06-08 11:05 303 --a------ C:\WINDOWS\ST6UNST.000
2008-06-08 08:40 . 2008-06-08 08:40 59,392 --a------ C:\WINDOWS\system32\geBTNfDU.dll.vir
2008-06-01 20:52 . 2008-06-01 20:52 <DIR> d-------- C:\Program Files\CACE Technologies
2008-06-01 15:49 . 2008-06-01 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-06-01 15:22 . 2008-06-01 15:23 <DIR> d-------- C:\Program Files\WinSCP
2008-06-01 11:12 . 2008-06-01 18:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FileZilla
2008-06-01 11:11 . 2008-06-01 11:11 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-06-01 11:02 . 2008-06-01 11:03 <DIR> d-------- C:\Program Files\FileZilla Server
2008-05-29 17:16 . 2008-05-29 17:26 272 --a------ C:\WINDOWS\Wlink83p.ini
2008-05-29 16:59 . 1999-08-30 14:51 9,152 --a------ C:\WINDOWS\system32\drivers\Ticalc.sys
2008-05-29 16:38 . 2008-05-29 16:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Megaupload
2008-05-28 20:02 . 2008-05-28 20:02 <DIR> d-------- C:\Program Files\Google
2008-05-26 22:43 . 2008-05-26 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-26 16:47 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\GSC
2008-05-26 16:47 . 2008-05-26 16:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GSC
2008-05-24 21:18 . 2008-06-01 20:32 <DIR> d-------- C:\Program Files\Bagatrix
2008-05-24 13:55 . 2008-05-24 13:55 894 --a------ C:\WINDOWS\cw23.cfg
2008-05-24 13:55 . 2008-05-24 13:55 552 --a------ C:\WINDOWS\ew23.cfg
2008-05-24 13:54 . 2008-05-24 13:55 1,082 --a------ C:\WINDOWS\ew23.INI
2008-05-24 13:53 . 2008-05-24 13:55 1,206 --a------ C:\WINDOWS\cw23.INI
2008-05-24 13:44 . 2008-05-24 13:44 <DIR> d-------- C:\Program Files\IAR Systems
2008-05-24 13:44 . 2008-05-24 13:44 <DIR> d-------- C:\Program Files\Common Files\Labcenter Electronics
2008-05-24 13:44 . 2008-05-24 13:44 <DIR> d-------- C:\Program Files\Common Files\IAR Systems
2008-05-24 13:43 . 2008-05-24 13:43 <DIR> d-------- C:\Program Files\Labcenter Electronics
2008-05-24 13:36 . 2008-05-24 13:36 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-24 13:30 . 2008-05-24 13:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:29 . 2008-05-24 13:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-23 18:30 . 2008-05-23 18:32 <DIR> d-------- C:\WinAVR-20080512
2008-05-23 18:19 . 2008-05-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft
2008-05-23 18:19 . 2008-05-23 18:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\National Instruments
2008-05-23 16:17 . 2008-05-23 16:18 <DIR> d-------- C:\Program Files\HI-TECH Software
2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\National Instruments
2008-05-23 16:10 . 2008-05-23 16:10 <DIR> d-------- C:\WINDOWS\system32\cvirte
2008-05-23 16:10 . 2008-05-23 16:17 <DIR> d-------- C:\Program Files\National Instruments
2008-05-23 15:56 . 2008-02-19 15:39 191,424 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2008-05-23 15:55 . 2008-05-23 15:55 <DIR> d-------- C:\Program Files\Atmel
2008-05-23 15:55 . 2007-09-17 08:04 3,858,432 --a------ C:\WINDOWS\system32\BCGCBPRO95580.dll
2008-05-23 15:55 . 2007-04-26 13:18 290,904 --a------ C:\WINDOWS\system32\vc6-re200l.dll
2008-05-23 15:55 . 2008-02-19 15:42 143,360 --a------ C:\WINDOWS\system32\wdapi920.dll
2008-05-23 15:55 . 2006-10-18 15:29 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll
2008-05-23 15:55 . 2006-02-07 14:45 73,728 --a------ C:\WINDOWS\system32\RWUXThemeS.dll
2008-05-23 15:54 . 2008-05-23 15:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-21 19:55 . 2008-05-21 20:00 <DIR> d-------- C:\Program Files\Unlocker
2008-05-21 18:12 . 2008-06-10 17:56 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 18:12 . 2008-06-17 09:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-21 18:04 . 2008-05-21 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-05-21 18:00 . 2008-05-21 18:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-17 01:02 --------- d-----w C:\Program Files\SpeedFan
2008-06-13 20:30 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-13 17:16 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-13 00:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-13 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-13 00:03 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-10 02:23 --------- d-----w C:\Program Files\The Learning Company
2008-06-10 02:21 --------- d-----w C:\Program Files\Oberon Media
2008-06-10 02:19 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-08 17:20 --------- d-----w C:\Program Files\DivX
2008-05-29 21:16 --------- d-----w C:\Program Files\TI Education
2008-05-26 20:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-24 17:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 01:27 --------- d-----w C:\Program Files\iTunes
2008-05-23 20:17 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-05-21 21:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-05-21 20:30 --------- d-----w C:\Program Files\Apple Software Update
2008-05-14 03:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-12 23:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2008-05-12 16:04 --------- d-----w C:\Program Files\iPod
2008-05-12 15:57 --------- d-----w C:\Program Files\QuickTime
2008-05-03 00:07 --------- d-----w C:\Program Files\Sony Setup
2008-05-02 22:37 --------- d-----w C:\Program Files\MegauploadToolbar
2008-05-02 22:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\Megaupload
2008-05-02 22:36 --------- d-----w C:\Program Files\Megaupload
2008-05-02 22:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-05-02 22:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-29 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 23:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-29 03:05 --------- d-----w C:\Program Files\Lavalys
2008-04-28 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-28 22:12 --------- d-----w C:\Program Files\FlashFXP
2008-04-28 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-04-28 21:20 --------- d-----w C:\Program Files\Azureus
2008-04-27 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-27 20:26 --------- d-----w C:\Program Files\Lavasoft
2008-04-27 20:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 16:13 692,497 ----a-w C:\WINDOWS\unins000.exe
2008-04-20 14:48 --------- d-----w C:\Program Files\El Cheapo Version 0.84
2008-04-20 01:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-04-20 01:34 --------- d-----w C:\Program Files\Apache Software Foundation
2007-12-15 14:49 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-03-17 20:12 303,104 ----a-w C:\Program Files\lame_enc.dll
2006-01-23 14:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 18:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
2005-05-13 21:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 15:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 01:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-07-14 16:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-22 02:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 04:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 14:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 17:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot_2008-06-12_22.24.14.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 02:18:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 13:29:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 20:31:14 25,214 ----a-r C:\WINDOWS\Installer\{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}\ARPPRODUCTICON.exe
- 2005-08-15 15:08:26 5,888 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2005-08-15 16:08:26 5,888 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
- 2005-08-15 15:08:26 127,488 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2005-08-15 16:08:26 127,488 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
- 2004-08-04 08:00:00 131,968 ------w C:\WINDOWS\system32\hal.dll
+ 2004-08-04 02:59:08 81,280 ----a-w C:\WINDOWS\system32\hal.dll
- 2004-07-26 20:16:10 1,568,768 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2004-07-26 21:16:10 1,568,768 ----a-w C:\WINDOWS\system32\imagX7.dll
- 2004-07-26 20:16:10 476,320 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2004-07-26 21:16:10 476,320 ----a-w C:\WINDOWS\system32\imagXpr7.dll
- 2004-07-26 20:16:10 262,144 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2004-07-26 21:16:10 262,144 ----a-w C:\WINDOWS\system32\imagXR7.dll
- 2004-07-26 20:16:10 471,040 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2004-07-26 21:16:10 471,040 ----a-w C:\WINDOWS\system32\imagXRA7.dll
- 2008-06-13 02:22:32 219,944 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-17 13:33:53 219,943 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2005-02-16 18:18:04 90,184 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2005-02-16 19:18:04 90,184 ----a-w C:\WINDOWS\system32\NeroCo.dll
- 2004-07-09 12:43:56 364,544 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2004-07-09 13:43:56 364,544 ----a-w C:\WINDOWS\system32\TwnLib4.dll
- 2005-09-12 19:13:46 233,472 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2006-07-14 21:29:44 966,656 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
- 2005-09-12 19:13:46 233,472 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2006-07-14 21:29:44 966,656 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
- 2005-09-12 19:13:46 233,472 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2006-07-14 21:29:44 966,656 ----a-w C:\WINDOWS\UNNeroShowTime.exe
- 2005-09-12 19:13:46 233,472 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2006-07-14 21:29:44 966,656 ----a-w C:\WINDOWS\UNNeroVision.exe
- 2005-09-12 19:13:46 233,472 ----a-w C:\WINDOWS\UNRecode.exe
+ 2006-07-14 21:29:44 966,656 ----a-w C:\WINDOWS\UNRecode.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{970AC70C-3A12-4A41-9B66-11F78C9F7710}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEEF42DE-61AF-4645-A154-72481F22BCD6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-21 18:12 219952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SpySweeper"="C:\Spy Sweeper\SpySweeper.exe" [2006-01-25 12:21 3405312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59 73728]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-G Notebook Adapter.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk
backup=C:\WINDOWS\pss\Wireless-G Notebook Adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-08-30 13:19 87392 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo RX580 Series on ARTHUR]
--a------ 2006-05-23 04:00 139264 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB PA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo RX580 Series on ARTHUR (Copy 1)]
--a------ 2006-05-23 04:00 139264 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB PA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-08-19 15:50 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2006-06-01 11:26 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
C:\Program Files\Media Access\MediaAccK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPHost]
--a------ 2006-11-18 23:14 216576 C:\Program Files\PSPHost\\PSPHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 200

Member Panel

Sponsors and Ads

Noticeboard