Inactive The unbeatable virus

[Yourdogsucks]

2010-09-12 00:19 . 2010-09-12 00:19 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a5acc59-n\jmc.dll
2010-09-12 00:19 . 2010-09-12 00:19 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a5acc59-n\msvcr71.dll
2010-09-12 00:19 . 2010-09-12 00:19 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-19799579-n\decora-sse.dll
2010-09-12 00:19 . 2010-09-12 00:19 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-19799579-n\decora-d3d.dll
2010-09-11 19:35 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-11 19:35 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-11 19:35 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-11 19:35 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-11 19:34 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-11 19:34 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-09-11 19:34 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-09-11 19:34 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-09-11 19:34 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-09-11 19:34 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-09-11 19:34 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-09-11 19:34 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-11 19:34 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-09-11 19:34 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-09-11 19:34 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-09-11 19:34 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-11 19:33 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-11 19:33 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-11 19:33 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-11 19:33 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-11 19:33 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-11 19:33 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-11 19:33 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-11 19:33 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-11 19:33 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-11 19:33 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-11 19:32 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-11 19:32 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-11 19:30 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-11 19:30 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-11 06:26 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-11 06:26 . 2008-04-14 05:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-11 06:26 . 2007-06-26 18:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-09-11 06:26 . 2007-06-26 18:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-09-11 06:26 . 2008-04-14 12:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-09-11 06:25 . 2008-04-14 12:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-09-11 05:55 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2010-09-11 05:54 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-09-11 05:54 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-09-11 05:54 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-09-11 05:54 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-09-11 05:54 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-09-11 05:54 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-09-11 05:54 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-09-11 05:53 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2010-09-11 05:53 . 2004-08-04 12:00 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2010-09-11 05:53 . 2004-08-04 12:00 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2010-09-11 05:53 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-11 05:30 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-11 05:30 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-11 05:30 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-11 05:30 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-11 04:47 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-11 04:47 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-11 04:47 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-11 04:47 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-11 04:47 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-11 04:47 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-11 04:47 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-11 04:47 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-09-11 04:47 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-11 04:47 . 2010-09-11 04:47 -------- d-----w- c:\program files\Alwil Software
2010-09-11 04:47 . 2010-09-11 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-07 05:15 . 2010-09-07 05:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-06 22:00 . 2010-09-06 22:00 -------- d-----w- c:\program files\iPod
2010-09-06 21:59 . 2010-09-06 22:00 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-09-06 21:58 . 2010-09-06 21:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-09-06 21:58 . 2010-09-06 21:58 -------- d-----w- c:\program files\Bonjour
2010-09-06 21:55 . 2010-09-06 21:55 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-06 21:52 . 2010-09-06 21:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-09-06 21:52 . 2010-09-06 21:52 101632 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 21:33 . 2010-09-06 21:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-09-06 21:08 . 2010-09-06 21:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-08-30 06:29 . 2010-08-30 06:29 6476416 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\Connect.exe
2010-08-30 06:29 . 2010-08-30 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Setup.exe
2010-08-30 06:29 . 2010-08-30 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Connect.exe
2010-08-29 18:39 . 2010-08-29 18:39 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-29 09:37 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 09:37 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 09:36 . 2010-08-29 09:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-29 09:24 . 2010-05-26 07:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-08-17 13:17 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 02:03 . 2010-09-16 02:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-12 04:00 . 2010-06-27 09:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-09-12 02:23 . 2010-05-26 03:23 -------- d-----w- c:\program files\iTunes
2010-09-12 00:29 . 2010-05-26 03:03 -------- d-----w- c:\program files\Java
2010-09-11 23:39 . 2010-05-26 03:22 -------- d-----w- c:\program files\QuickTime
2010-09-06 22:00 . 2010-05-26 03:22 -------- d-----w- c:\program files\Common Files\Apple
2010-08-30 03:32 . 2010-07-29 02:26 -------- d-----w- c:\program files\StarCraft II
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 09:06 . 2010-06-06 11:47 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-08-10 03:07 . 2010-08-10 02:50 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-08-10 01:12 . 2010-08-10 01:12 -------- d-----w- c:\program files\Cisco Systems
2010-08-09 02:10 . 2010-07-29 03:23 -------- d-----w- c:\documents and settings\User\Application Data\HPAppData
2010-08-09 02:04 . 2010-05-26 03:23 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2010-08-06 01:19 . 2010-06-05 03:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-06 01:00 . 2010-06-23 02:05 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-08-06 01:00 . 2010-08-06 00:58 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-08-06 00:58 . 2010-05-22 21:23 -------- d-----w- c:\program files\Realtek
2010-08-06 00:58 . 2010-05-22 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 02:20 . 2010-05-22 21:55 5243392 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:59 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 01:59 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 01:57 . 2010-05-22 21:55 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 01:53 . 2010-05-22 21:55 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2010-05-22 21:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2010-05-22 21:55 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2010-05-22 21:55 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2010-05-22 21:55 3901280 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2010-05-22 21:55 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2010-05-22 21:55 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2010-05-22 21:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2010-05-22 21:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2010-05-22 21:55 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2010-05-22 21:55 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2010-05-22 21:55 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2010-05-22 21:55 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2010-05-22 21:55 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-08-04 01:27 . 2010-05-22 21:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 01:24 . 2010-05-22 21:55 610304 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2010-05-22 21:55 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2010-05-22 21:55 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2010-05-22 21:55 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2010-05-22 21:55 700416 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2010-05-22 21:55 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 01:15 . 2010-05-22 21:55 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-01 21:12 . 2010-05-26 03:33 77448 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-01 03:23 . 2010-08-01 03:23 -------- d-----w- c:\documents and settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-30 00:23 . 2010-05-23 03:09 -------- d-----w- c:\program files\Steam
2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-07-29 02:49 . 2010-05-22 21:55 -------- d-----w- c:\program files\ATI Technologies
2010-07-29 02:37 . 2010-07-29 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-07-29 02:14 . 2010-07-29 02:14 -------- d-----w- c:\program files\LG Electronics
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 08:15 . 2010-05-14 22:04 23904 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-27 08:14 . 2010-05-14 22:04 6842464 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-27 08:14 . 2010-05-14 22:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 08:14 . 2010-05-14 22:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 08:12 . 2010-05-14 22:02 282336 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-07-27 08:12 . 2010-05-14 22:02 114784 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-07-27 08:08 . 2010-07-27 08:08 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 08:07 . 2010-05-14 21:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 08:03 . 2010-05-14 21:56 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 08:03 . 2010-05-14 21:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 08:03 . 2010-05-14 21:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 07:56 . 2010-05-14 21:47 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-07-27 07:55 . 2010-05-14 21:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-06-05 04:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-18 07:04 . 2010-07-18 07:04 -------- d-----w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7
2010-07-18 07:04 . 2010-07-18 07:04 172032 ----a-w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7\Uninstall-MyCar-Monitor.exe
2010-07-18 07:04 . 2010-07-18 07:04 229376 ----a-w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7\SSEInternetUpdater.exe
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 08:27 . 2010-05-26 03:29 101632 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-26 07:23 . 2010-06-26 07:23 260240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-26 06:48 . 2010-06-26 06:48 36864 ----a-w- c:\documents and settings\User\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 02:41 . 2010-05-22 20:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:45 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.

 

[Yourdogsucks]

((((((((((((((((((((((((((((( SnapShot_2010-09-15_02.04.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-16 02:04 . 2010-09-16 02:04 16384 c:\windows\temp\Perflib_Perfdata_1ec.dat
- 2004-08-04 12:00 . 2008-04-14 12:42 406016 c:\windows\system32\usp10.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 12:41 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-08-04 12:00 . 2010-04-05 18:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-05-22 20:37 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00 . 2010-04-05 18:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
- 2004-08-04 12:00 . 2008-04-14 12:41 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2010-01-29 15:01 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AlcWzrd"="ALCWZRD.EXE" [2010-05-01 2815520]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2010-8-5 966656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 23:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\altitude\\altitude.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the settlers 7 paths to a kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/10/2010 9:47 PM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/10/2010 9:47 PM 19024]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [8/9/2010 6:11 PM 816672]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [8/5/2010 5:58 PM 594048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-XfireXO Toolbar - c:\progra~1\XfireXO\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 19:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(6212)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-09-15 19:07:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 02:07
ComboFix2.txt 2010-09-15 02:08
ComboFix3.txt 2010-09-11 23:43
ComboFix4.txt 2010-09-11 19:45

Pre-Run: 886,334,910,464 bytes free
Post-Run: 886,304,075,776 bytes free

- - End Of File - - F08D805C3CBD49F2CD385D03726DF45C

 

[Bobbye]

Looking good! I expect you should be seeing some marked improvement, especially in speed. But you still have numerous processes loading on boot, then running in the background. An example is all the HP Imaging processes. None of them need to run on boot and the printer can be manually started when-and if-you need it.

There is still one process for McAfee loading on Startup that refuses to let go. Let's see if the entry is here in the 04 section for globally starting. If it is, I can remove it from there:

Download the HijackThis Installer HERE and save to the desktop:

1. Double-click on HJTInstall.exe to run the program.
2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
3. Accept the license agreement by clicking the "I Accept" button.
4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
5. Click "Save log" to save the log file and then the log will open in notepad.
6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
================================
Can you tell me please if you are using this: GEST is an open source gameboy emulator. It is also on startup, had one corrupt file I removed.(http://www.emulator-zone.com/doc.php/gameboy/gest.html)

 

[Yourdogsucks]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:20:45 PM, on 9/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275710167109
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 8103 bytes

 

[Yourdogsucks]

Thank you for all the help. McAffee has been terrorizing my system for a long time and it is pretty hard to completely remove.

I don't use GEST. The last emulator I used was an SNES one a while ago and was on a different computer. Also, I've never been into gameboy games.....

It might definitely be a virus!

 

[Bobbye]

Before I have you remove the cleaning tools, I'd like you to run one more online AV scan, but with a different program:

Please run Kaspersky Online Scanner in Internet Explorer

• Click Accept and the web scanner will begin to load
• If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
• You will be prompted to install an ActiveX component from Kaspersky, click Install
• If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT and then Scan Settings
• In the scan settings make that the following are selected:
  [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
  [o] Scan Options: Scan Archives> Scan Mail Bases
• Click OK
• Now under select a target to scan:
  [o] Select My Computer
• The program will start to scan your system.
• Once the scan is complete, click on the Save as Text button and save the file to your desktop

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

If this is clean, I'll have you remove the cleaning tools.

 

[Yourdogsucks]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 25, 2010 01:42:42
Records in database: 4236916
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 125473
Threats found: 6
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 02:14:02


File name / Threat / Threats count
C:\Documents and Settings\User\My Documents\Downloads\Firefox\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Mp36YFaV.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_kghps_.sys.zip Infected: Rootkit.Win32.Bubnix.agi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\kUOCE.dll.vir Infected: Backdoor.Win32.TDSS.tf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\W1uOCE79.dll.vir Infected: Backdoor.Win32.TDSS.tf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\USRINI~1.EXE.vir Infected: Packed.Win32.Krap.hx 1
C:\Qoobox\Quarantine\C\WINDOWS\Uvydya.exe.vir Infected: Packed.Win32.Katusha.n 1
C:\Qoobox\Quarantine\C\WINDOWS\Uvydyb.exe.vir Infected: Packed.Win32.Katusha.n 1
C:\System Volume Information\_restore{D2A53069-32C3-4D29-8ECE-CEC0BF92B9D4}\RP1\A0000140.exe Infected: Packed.Win32.Katusha.n 1
C:\System Volume Information\_restore{D2A53069-32C3-4D29-8ECE-CEC0BF92B9D4}\RP1\A0000141.exe Infected: Packed.Win32.Katusha.n 1

Selected area has been scanned.

 

[Bobbye]

2 new threats> both IRC-related: We're not through yet! Run this please while I go back and review the logs to see if I can find the continuing source.

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes	
  
  :Files 
  C:\Documents and Settings\User\My Documents\Downloads\Firefox\mirc635.exe 
  C:\Program Files\mIRC\mirc.exe 
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

IRC worm (Internet Relay Chat worm) is usually a standalone program that uses IRC networks to spread itself. Such worm either tries to spread itself by establishing connection to an IRC server or it can drop specific scripts to an IRC client directory. The most affected IRC client is mIRC. Usually an IRC worm replaces some INI files in mIRC directory with its own scripts and when a user connects to an IRC server and joins any channel, these scripts instruct a client to send a worm's executable file to everyone in that channel. Most famous IRC worms: Aplore, Maldal, Gokar, Spester, Irok, Nymph.

"Infected: not-a-virus:Client-IRC.Win32.mIRC.g"

 

[Yourdogsucks]

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\User\My Documents\Downloads\Firefox\mirc635.exe moved successfully.
C:\Program Files\mIRC\mirc.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: User
->Temp folder emptied: 111765156 bytes
->Temporary Internet Files folder emptied: 636950500 bytes
->Java cache emptied: 139337 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 32749 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4437863 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 653190247 bytes

Total Files Cleaned = 1,341.00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 09252010_122105

Files moved on Reboot...
File C:\Documents and Settings\User\Local Settings\Temp\~DF8CD5.tmp not found!
File C:\Documents and Settings\User\Local Settings\Temp\~DF8D01.tmp not found!
File C:\Documents and Settings\User\Local Settings\Temp\~DF8D89.tmp not found!
File C:\Documents and Settings\User\Local Settings\Temp\~DF8D9A.tmp not found!
File C:\Documents and Settings\User\Local Settings\Temp\~DF8E82.tmp not found!
File C:\Documents and Settings\User\Local Settings\Temp\~DF8E94.tmp not found!
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\X9TL150A\ads[5].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\X9TL150A\launch[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MIAFTAB6\topic153185-2[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LVKJ9E4D\sh23[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BTIWYQ9I\blank[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BTIWYQ9I\blank[2].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\9WP7L5E9\blank[1].html moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4MXYMCH0\fc[2].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4MXYMCH0\st[2] moved successfully.

Registry entries deleted on Reboot...

 

[Bobbye]

Once more: Hopefully this will stop mIRC and the file shring programs from loading. If any of these are on the Startup menu, please uncheck them and then run the following:

Please run this Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Empty the Recycle Bin Reboot the computer. Run either the Eset scan or Kaspersky again.

Please do not participate in IRC for now.

 

[Yourdogsucks]

ComboFix 10-09-25.07 - User 09/26/2010 17:46:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2391 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\User\LOCALS~1\Temp\jna6798307388959547638.dll
c:\documents and settings\User\Local Settings\temp\jna6798307388959547638.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.

2010-09-26 07:15 . 2010-09-26 07:15 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\My Games
2010-09-23 03:45 . 2010-09-23 03:45 47876 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-18 08:19 . 2010-09-26 06:19 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-09-16 06:24 . 2010-09-16 06:24 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2010-09-16 01:47 . 2010-09-16 01:47 -------- d-----w- C:\_OTM
2010-09-15 02:10 . 2010-09-15 02:10 -------- d-----w- c:\program files\ESET
2010-09-15 01:50 . 2010-09-15 01:50 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-15 01:50 . 2010-09-15 01:50 -------- d-----w- c:\program files\Trend Micro
2010-09-14 01:44 . 2010-09-14 01:45 205421 ----a-w- c:\windows\hpoins46.dat
2010-09-12 04:00 . 2010-09-12 04:00 53248 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-12 00:29 . 2010-09-12 00:29 -------- d-----w- c:\program files\Common Files\Java
2010-09-12 00:29 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-12 00:19 . 2010-09-12 00:19 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a5acc59-n\msvcp71.dll
2010-09-12 00:19 . 2010-09-12 00:19 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a5acc59-n\jmc.dll
2010-09-12 00:19 . 2010-09-12 00:19 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a5acc59-n\msvcr71.dll
2010-09-12 00:19 . 2010-09-12 00:19 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-19799579-n\decora-sse.dll
2010-09-12 00:19 . 2010-09-12 00:19 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-19799579-n\decora-d3d.dll
2010-09-11 19:35 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-11 19:35 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-11 19:35 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-11 19:35 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-11 19:34 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-11 19:34 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-09-11 19:34 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-09-11 19:34 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-09-11 19:34 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-09-11 19:34 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-09-11 19:34 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-09-11 19:34 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-09-11 19:34 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-09-11 19:34 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-09-11 19:34 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-09-11 19:34 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-11 19:33 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-11 19:33 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-11 19:33 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-11 19:33 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-11 19:33 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-11 19:33 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-11 19:33 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-11 19:33 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-11 19:33 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-11 19:33 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-11 19:32 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-11 19:32 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-09-11 19:30 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-11 19:30 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-11 06:26 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-09-11 06:26 . 2008-04-14 05:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-09-11 06:26 . 2007-06-26 18:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-09-11 06:26 . 2007-06-26 18:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-09-11 06:26 . 2008-04-14 12:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-09-11 06:25 . 2008-04-14 12:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-09-11 05:55 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2010-09-11 05:54 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-09-11 05:54 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-09-11 05:54 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-09-11 05:54 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-09-11 05:54 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-09-11 05:54 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-09-11 05:54 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-09-11 05:53 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2010-09-11 05:53 . 2004-08-04 12:00 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2010-09-11 05:53 . 2004-08-04 12:00 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2010-09-11 05:53 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-11 05:30 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-11 05:30 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-11 05:30 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-11 05:30 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-11 04:47 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-11 04:47 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-11 04:47 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-11 04:47 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-11 04:47 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-11 04:47 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-11 04:47 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-11 04:47 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-09-11 04:47 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-11 04:47 . 2010-09-11 04:47 -------- d-----w- c:\program files\Alwil Software
2010-09-11 04:47 . 2010-09-11 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-07 05:15 . 2010-09-07 05:15 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-06 22:00 . 2010-09-06 22:00 -------- d-----w- c:\program files\iPod
2010-09-06 21:59 . 2010-09-06 22:00 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2010-09-06 21:58 . 2010-09-06 21:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2010-09-06 21:58 . 2010-09-06 21:58 -------- d-----w- c:\program files\Bonjour
2010-09-06 21:55 . 2010-09-06 21:55 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-06 21:52 . 2010-09-06 21:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-09-06 21:52 . 2010-09-06 21:52 101632 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 21:33 . 2010-09-06 21:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-09-06 21:08 . 2010-09-06 21:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-08-30 06:29 . 2010-08-30 06:29 6476416 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\Connect.exe
2010-08-30 06:29 . 2010-08-30 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Setup.exe
2010-08-30 06:29 . 2010-08-30 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Connect.exe
2010-08-29 18:39 . 2010-08-29 18:39 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-29 09:37 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 09:37 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 09:36 . 2010-08-29 09:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-29 09:24 . 2010-05-26 07:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 00:53 . 2010-09-23 01:34 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2010-09-27 00:53 . 2010-09-16 02:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-26 23:00 . 2010-05-23 03:09 -------- d-----w- c:\program files\Steam
2010-09-26 20:19 . 2010-05-25 07:54 -------- d-----w- c:\program files\uTorrent
2010-09-25 19:21 . 2010-06-27 10:41 -------- d-----w- c:\program files\mIRC
2010-09-23 03:45 . 2010-07-29 02:26 -------- d-----w- c:\program files\StarCraft II
2010-09-19 16:27 . 2010-08-10 01:12 -------- d-----w- c:\program files\Cisco Systems
2010-09-12 04:00 . 2010-06-27 09:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-09-12 02:23 . 2010-05-26 03:23 -------- d-----w- c:\program files\iTunes
2010-09-12 00:29 . 2010-05-26 03:03 -------- d-----w- c:\program files\Java
2010-09-11 23:39 . 2010-05-26 03:22 -------- d-----w- c:\program files\QuickTime
2010-09-06 22:00 . 2010-05-26 03:22 -------- d-----w- c:\program files\Common Files\Apple
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 09:06 . 2010-06-06 11:47 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-08-10 03:07 . 2010-08-10 02:50 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-08-09 02:10 . 2010-07-29 03:23 -------- d-----w- c:\documents and settings\User\Application Data\HPAppData
2010-08-09 02:04 . 2010-05-26 03:23 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2010-08-06 01:19 . 2010-06-05 03:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-06 01:00 . 2010-06-23 02:05 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-08-06 01:00 . 2010-08-06 00:58 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-08-06 00:58 . 2010-05-22 21:23 -------- d-----w- c:\program files\Realtek
2010-08-06 00:58 . 2010-05-22 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 02:20 . 2010-05-22 21:55 5243392 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:59 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 01:59 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 01:57 . 2010-05-22 21:55 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 01:53 . 2010-05-22 21:55 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2010-05-22 21:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2010-05-22 21:55 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2010-05-22 21:55 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2010-05-22 21:55 3901280 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2010-05-22 21:55 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2010-05-22 21:55 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2010-05-22 21:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2010-05-22 21:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2010-05-22 21:55 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2010-05-22 21:55 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2010-05-22 21:55 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2010-05-22 21:55 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2010-05-22 21:55 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-08-04 01:27 . 2010-05-22 21:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 01:24 . 2010-05-22 21:55 610304 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2010-05-22 21:55 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2010-05-22 21:55 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2010-05-22 21:55 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2010-05-22 21:55 700416 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2010-05-22 21:55 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 01:15 . 2010-05-22 21:55 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-01 21:12 . 2010-05-26 03:33 77448 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-01 03:23 . 2010-08-01 03:23 -------- d-----w- c:\documents and settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-07-29 02:49 . 2010-05-22 21:55 -------- d-----w- c:\program files\ATI Technologies
2010-07-29 02:37 . 2010-07-29 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-07-29 02:14 . 2010-07-29 02:14 -------- d-----w- c:\program files\LG Electronics
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 08:15 . 2010-05-14 22:04 23904 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-27 08:14 . 2010-05-14 22:04 6842464 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-27 08:14 . 2010-05-14 22:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 08:14 . 2010-05-14 22:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 08:12 . 2010-05-14 22:02 282336 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-07-27 08:12 . 2010-05-14 22:02 114784 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-07-27 08:08 . 2010-07-27 08:08 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 08:07 . 2010-05-14 21:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 08:03 . 2010-05-14 21:56 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 08:03 . 2010-05-14 21:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 08:03 . 2010-05-14 21:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 07:55 . 2010-05-14 21:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-06-05 04:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-18 07:04 . 2010-07-18 07:04 172032 ----a-w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7\Uninstall-MyCar-Monitor.exe
2010-07-18 07:04 . 2010-07-18 07:04 229376 ----a-w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7\SSEInternetUpdater.exe
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
.

 

[Yourdogsucks]

((((((((((((((((((((((((((((( SnapShot_2010-09-15_02.04.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-27 00:53 . 2010-09-27 00:53 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2010-09-26 07:15 . 2010-09-26 07:15 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 12:42 293376 c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 12:42 406016 c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 12:41 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-08-04 12:00 . 2010-04-05 18:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-09-20 06:41 . 2010-09-20 06:41 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
+ 2010-09-20 06:41 . 2010-09-20 06:41 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll
+ 2010-05-22 20:37 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00 . 2010-04-05 18:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
- 2004-08-04 12:00 . 2008-04-14 12:41 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2010-01-29 15:01 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-26 07:15 . 2010-09-26 07:15 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-06 20:48 . 2010-06-06 20:48 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AlcWzrd"="ALCWZRD.EXE" [2010-05-01 2815520]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2010-8-5 966656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 23:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\altitude\\altitude.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the settlers 7 paths to a kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/10/2010 9:47 PM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/10/2010 9:47 PM 19024]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [8/9/2010 6:11 PM 816672]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [8/5/2010 5:58 PM 594048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10e.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(5732)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-26 17:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-27 00:57
ComboFix2.txt 2010-09-16 02:07
ComboFix3.txt 2010-09-15 02:08
ComboFix4.txt 2010-09-11 23:43
ComboFix5.txt 2010-09-27 00:43

Pre-Run: 874,688,430,080 bytes free
Post-Run: 874,912,206,848 bytes free

- - End Of File - - 232847D1EF8A90697469D205042D8FB7

 

[Bobbye]

Please disable this:

2010-09-26 06:19 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

Having LimeWire and uTorrent running while I'm trying to clean the system is not very sensible!

I'm concerned at this point that you may be a victim of an IRC exploit that has made itself known recently. Please give me a change to go back over the logs and recheck everything. It is very possible that I will be recommending a reformat/reinstall, also because of the Backdoor capabilities.

Are you having any noticeable problems at this point?

 

[Yourdogsucks]

Sorry. Utorrent was not actually downloading anything at the moment when it scanned. The limewire files I download are all mp3s, as well.

The IRC thing sort of freaks me out. I never use IRC. A friend installed it several years ago to try to get some pirated movies, but nothing ever materialized from it.

No noticeable problems or browser redirects. Everything seems to be working extremely well, thanks to your expert advice.

I wonder if perhaps my internet browsing is what installed the 'after the fact' viruses. I've been travelling alot since we began this war, and have been lazy about 'isolating' my desktop when I'm home.

 

[Yourdogsucks]

Also, I'm considering buying windows 7, partially for the security reasons. Would you reccommend this?

 

[Bobbye]

Friends get lot of people in trouble! You would be amazed at what gets put on people systems by 'friends!'

When I was new to computing, a 'friend' pirated 6 disc for FrontPage on my computer. I didn't know 'pirate' at that time and never used the program. I removed it all with a big growl at my friend's "help"!

As for Win 7, I have a mini with the Win 7 Starter. That really isn't enough to make any judgement. In my opinion, all mine is different names in different locations. Not much of a challenge, but I don't think they put much on the starter.

I'll finish you up in the morning- just getting ready to shut down for the night. don't make any changes on the system.