another sinowal trojan problem

I believe have the sinowal trojan, and I have been able to remove many components. I'm not receiving the firewall message anymore and several files have been disabled and tossed in the trash. I've run HJT, Smitfraud, Icesword, Sophos rootkiller, and the latest, combofix. Many of these before I knew what I had.

here is my HJT Log, and I'll post the Combofix log, too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03, on 2008-12-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Xobni\XobniService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Castelle\FaxPress Plus\FaxTray.Exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Calyx Software\WebCasterDesktop\WebCasterDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Foxmarks\IE Extension\foxmarkssync.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Xpress Mail\Professional Editon\Connection.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FoxmarksDLLBHO - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - C:\Program Files\Foxmarks\IE Extension\foxmarksdll.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CstlFaxTray] "C:\Program Files\Castelle\FaxPress Plus\FaxTray.Exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CalyxWebCasterDesktop] "C:\Program Files\Calyx Software\WebCasterDesktop\WebCasterDesktop.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Foxmarks Favorites Synchronizer.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Xpress Mail Professional Edition.lnk = C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe
O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Foxmarks\IE Extension\foxmarksdll.dll (HKCU)
O9 - Extra 'Tools' menuitem: Foxmarks Favorites Synchronizer... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Foxmarks\IE Extension\foxmarksdll.dll (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wcc.local
O17 - HKLM\Software\..\Telephony: DomainName = wcc.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wcc.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wcc.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--

ComboFix 08-12-04.04 - peachesv 2008-12-04 21:45:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2052 [GMT -8:00]
Running from: c:\documents and settings\peachesv\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\x64
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Legacy_TDSSSERV.SYS
-------\Service_Packet
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 10:00 . 2008-12-04 15:35 d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 10:00 . 2008-12-04 15:38 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 22:39 . 2008-12-03 22:39 d-------- c:\program files\Sophos
2008-12-03 21:38 . 2008-12-03 21:39 d-------- c:\documents and settings\peachesv\SmitfraudFix
2008-12-03 21:38 . 2008-12-03 21:59 4,348 --a------ c:\windows\system32\tmp.reg
2008-12-01 09:44 . 2008-12-01 09:44 268 --ah----- C:\sqmdata19.sqm
2008-12-01 09:44 . 2008-12-01 09:44 244 --ah----- C:\sqmnoopt19.sqm
2008-12-01 08:52 . 2008-12-01 08:52 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-11-29 23:02 . 2008-11-29 23:02 d-------- c:\program files\YouTube Downloader
2008-11-28 23:51 . 2008-11-28 23:51 268 --ah----- C:\sqmdata18.sqm
2008-11-28 23:51 . 2008-11-28 23:51 244 --ah----- C:\sqmnoopt18.sqm
2008-11-27 23:59 . 2008-11-27 23:59 d-------- c:\program files\Foxmarks
2008-11-27 20:45 . 2008-11-27 20:45 268 --ah----- C:\sqmdata17.sqm
2008-11-27 20:45 . 2008-11-27 20:45 244 --ah----- C:\sqmnoopt17.sqm
2008-11-27 00:05 . 2008-11-27 00:05 d-------- c:\program files\Lavasoft
2008-11-27 00:05 . 2008-11-27 00:06 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-27 00:04 . 2008-11-27 00:04 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-26 15:52 . 2008-11-26 15:52 268 --ah----- C:\sqmdata16.sqm
2008-11-26 15:52 . 2008-11-26 15:52 244 --ah----- C:\sqmnoopt16.sqm
2008-11-26 08:54 . 2008-12-04 19:08 268 --ah----- C:\sqmdata15.sqm
2008-11-26 08:54 . 2008-12-04 19:08 244 --ah----- C:\sqmnoopt15.sqm
2008-11-25 17:44 . 2008-12-04 15:34 268 --ah----- C:\sqmdata14.sqm
2008-11-25 17:44 . 2008-12-04 15:34 244 --ah----- C:\sqmnoopt14.sqm
2008-11-25 16:07 . 2008-11-25 16:39 d-------- c:\documents and settings\peachesv\Application Data\Sierra Wireless
2008-11-25 16:06 . 2008-11-25 16:06 d-------- c:\documents and settings\peachesv\Application Data\Sprint
2008-11-25 15:54 . 2008-12-04 09:06 268 --ah----- C:\sqmdata13.sqm
2008-11-25 15:54 . 2008-12-04 09:06 244 --ah----- C:\sqmnoopt13.sqm
2008-11-25 15:52 . 2008-10-15 11:58 27,072 --a------ c:\windows\system32\drivers\PCASp50.sys
2008-11-25 15:52 . 2005-03-15 11:11 17,920 --a------ c:\windows\system32\apintfnt.dll
2008-11-25 15:50 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-11-25 15:49 . 2008-11-25 15:49 d-------- c:\program files\Novatel Wireless
2008-11-25 15:49 . 2008-11-25 15:49 d-------- c:\program files\Common Files\Research in Motion
2008-11-25 15:49 . 2008-11-25 15:51 d-------- c:\program files\Common Files\Motorola Shared
2008-11-25 15:49 . 2008-11-25 15:49 d-------- c:\documents and settings\All Users\Application Data\Sprint
2008-11-25 10:08 . 2008-11-25 17:42 d-------- c:\program files\Sprint
2008-11-25 10:08 . 2008-11-25 17:42 d-------- c:\program files\Sierra Wireless
2008-11-25 08:53 . 2008-12-04 06:04 268 --ah----- C:\sqmdata12.sqm
2008-11-25 08:53 . 2008-12-04 06:04 244 --ah----- C:\sqmnoopt12.sqm
2008-11-24 17:14 . 2008-12-03 23:21 268 --ah----- C:\sqmdata11.sqm
2008-11-24 17:14 . 2008-12-03 23:21 244 --ah----- C:\sqmnoopt11.sqm
2008-11-24 14:00 . 2008-11-24 14:01 d-------- c:\program files\iTunes
2008-11-24 14:00 . 2008-11-24 14:00 d-------- c:\program files\iPod
2008-11-24 14:00 . 2008-11-24 14:01 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 10:49 . 2008-11-24 10:49 d-------- c:\program files\Trend Micro
2008-11-24 09:56 . 2008-12-03 22:28 268 --ah----- C:\sqmdata10.sqm
2008-11-24 09:56 . 2008-12-03 22:28 244 --ah----- C:\sqmnoopt10.sqm
2008-11-23 09:14 . 2008-12-03 22:10 268 --ah----- C:\sqmdata09.sqm
2008-11-23 09:14 . 2008-12-03 22:10 244 --ah----- C:\sqmnoopt09.sqm
2008-11-23 09:12 . 2008-12-03 21:53 268 --ah----- C:\sqmdata08.sqm
2008-11-23 09:12 . 2008-12-03 21:53 244 --ah----- C:\sqmnoopt08.sqm
2008-11-21 15:25 . 2008-12-03 21:41 268 --ah----- C:\sqmdata07.sqm
2008-11-21 15:25 . 2008-12-03 21:41 244 --ah----- C:\sqmnoopt07.sqm
2008-11-21 10:22 . 2008-12-03 20:30 268 --ah----- C:\sqmdata06.sqm
2008-11-21 10:22 . 2008-12-03 20:30 244 --ah----- C:\sqmnoopt06.sqm
2008-11-20 16:07 . 2008-12-03 20:11 268 --ah----- C:\sqmdata05.sqm
2008-11-20 16:07 . 2008-12-03 20:11 244 --ah----- C:\sqmnoopt05.sqm
2008-11-20 08:03 . 2008-12-03 17:03 268 --ah----- C:\sqmdata04.sqm
2008-11-20 08:03 . 2008-12-03 17:03 244 --ah----- C:\sqmnoopt04.sqm
2008-11-19 09:21 . 2008-11-19 09:21 93,128 --a------ c:\windows\system32\ElbyCDIO.dll
2008-11-12 17:09 . 2008-11-12 17:09 d-------- c:\program files\Common Files\Steinberg
2008-11-12 17:09 . 2008-11-12 17:09 d-------- c:\documents and settings\All Users\Application Data\Steinberg
2008-11-12 17:08 . 2008-11-12 17:08 d-------- c:\program files\Steinberg
2008-11-12 17:08 . 2008-11-12 17:08 d-------- c:\documents and settings\peachesv\Application Data\Steinberg
2008-11-12 17:07 . 2008-11-12 17:07 d-------- c:\documents and settings\All Users\Application Data\Syncrosoft
2008-11-12 17:07 . 2006-01-29 11:48 147,425 --a------ c:\windows\system32\SYNSOACC-Aide.chm
2008-11-12 17:07 . 2006-01-29 11:48 120,468 --a------ c:\windows\system32\SYNSOACC-Hilfe.chm
2008-11-12 17:07 . 2006-01-29 11:48 114,279 --a------ c:\windows\system32\SYNSOACC-Help.chm
2008-11-12 17:07 . 2006-01-29 11:48 45,056 --a------ c:\windows\system32\Synsopos.exe
2008-11-12 17:07 . 2006-11-23 17:20 18,432 --a------ c:\windows\system32\drivers\synasUSB.sys
2008-11-12 17:07 . 2008-11-12 17:07 2,892 --a------ c:\windows\system32\audcon.sys
2008-11-12 17:06 . 2008-11-12 17:07 d-------- c:\program files\Syncrosoft
2008-11-12 17:06 . 2007-10-19 18:08 765,952 --a------ c:\windows\system32\SYNSOACC.dll
2008-11-12 17:06 . 2006-01-29 11:48 147,456 --a------ c:\windows\system32\SynsoLChk.dll
2008-11-12 04:48 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 04:47 . 2008-09-04 09:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 14:26 . 2008-11-06 14:26 d-------- c:\program files\Toshiba
2008-11-06 14:26 . 2007-04-23 16:39 113,920 --a------ c:\windows\system32\drivers\tosrfbd.sys
2008-11-06 14:26 . 2006-10-05 16:07 73,600 --a------ c:\windows\system32\drivers\Tosrfhid.sys
2008-11-06 14:26 . 2005-08-01 16:45 64,896 --a------ c:\windows\system32\drivers\tosrfcom.sys
2008-11-06 14:26 . 2007-04-10 20:29 41,856 --a------ c:\windows\system32\drivers\tosrfusb.sys
2008-11-06 14:26 . 2006-10-10 19:33 41,600 --a------ c:\windows\system32\drivers\tosporte.sys
2008-11-06 14:26 . 2006-11-20 17:55 36,480 --a------ c:\windows\system32\drivers\tosrfbnp.sys
2008-11-06 14:26 . 2005-01-06 13:42 18,612 --a------ c:\windows\system32\drivers\tosrfnds.sys
2008-11-06 14:20 . 2007-01-16 10:22 31,744 --a------ c:\windows\system32\drivers\csrbcxp.sys
2008-11-06 14:19 . 2008-11-06 14:19 d-------- c:\windows\OPTIONS
2008-11-06 14:19 . 2008-11-06 14:19 d-------- c:\program files\Realtek
2008-11-05 10:27 . 2008-11-05 10:27 1,805,969 --a------ c:\windows\Desert Ghost Towns.exe
2008-11-05 10:27 . 2008-11-05 10:27 254,232 --a------ c:\windows\Desert Ghost Towns.scr
2008-11-05 10:27 . 2008-11-05 10:27 30,208 --a------ c:\windows\mickey32.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 05:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 05:51 --------- d-----w c:\documents and settings\peachesv\Application Data\Orbit
2008-12-05 02:51 --------- d-----w c:\program files\Orbitdownloader
2008-12-04 05:48 --------- d-----w c:\program files\Google
2008-12-03 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-26 21:49 --------- d-----w c:\program files\QuickTime
2008-11-26 00:07 --------- d-----w c:\documents and settings\peachesv\Application Data\Stamps.com Internet Postage
2008-11-24 21:58 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-16 05:09 --------- d-----w c:\program files\The Logo Creator v5
2008-11-06 22:28 --------- d-----w c:\program files\DellTPad
2008-11-06 22:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-30 20:31 --------- d-----w c:\program files\Haunted Hotel
2008-10-30 05:55 --------- d-----w c:\program files\Family Feud
2008-10-30 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Grey Alien Games
2008-10-30 03:05 --------- d-----w c:\program files\Hide and Secret 2 - Cliffhanger Castle
2008-10-30 02:27 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-10-30 02:25 --------- d-----w c:\program files\bfgclient
2008-10-24 20:21 --------- d-----w c:\documents and settings\peachesv\Application Data\FrostWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 14:31 --------- d-----w c:\documents and settings\peachesv\Application Data\WebCasterDesktop
2008-10-17 02:41 --------- d-----w c:\program files\Xpress Mail
2008-10-15 19:58 38,680 ----a-w c:\windows\system32\drivers\pctnullport.sys
2008-10-15 19:58 24,840 ----a-w c:\windows\system32\drivers\swmsflt.sys
2008-10-15 19:58 222,720 ----a-w c:\windows\system32\drivers\NWADIenum.sys
2008-10-15 19:58 171,144 ----a-w c:\windows\system32\drivers\SWNC5E00.sys
2008-10-15 19:58 149,512 ----a-w c:\windows\system32\drivers\swmx00.sys
2008-10-09 04:36 --------- d-----w c:\program files\Tune Tools for iPod Multimedia Edition
2008-10-09 04:23 --------- d-----w c:\program files\Java
2008-10-09 00:12 --------- d-----w c:\program files\Xobni
2008-10-08 03:10 --------- d-----w c:\program files\Paint.NET
2008-10-06 03:32 --------- d-----w c:\program files\Web Publish
2008-10-05 23:31 --------- d-----w c:\program files\The Print Shop 21
2008-10-05 23:30 --------- d-----w c:\program files\Common Files\Broderbund
2008-10-05 23:28 --------- d-----w c:\program files\NZRVR
2008-10-05 23:28 --------- d-----w c:\program files\Connection Wizard
2008-09-08 05:08 491,520 ----a-w c:\windows\izzardScreenSaverJamRun2.scr
2008-09-08 05:07 545,280 ----a-w c:\windows\flashax.exe
2008-09-08 05:07 12,288 ----a-w c:\windows\impborl.dll
2008-09-02 00:57 172 ----a-w c:\documents and settings\peachesv\Application Data\wklnhst.dat
2008-08-28 15:58 60,744 ----a-w c:\documents and settings\peachesv\g2mdlhlpx.exe
2008-08-24 00:50 0 ----a-w c:\program files\temp01
2008-07-12 11:44 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2A71ABA-3939-43B2-BD8F-8C1767EF9020}]
2008-11-21 15:02 163840 --a------ c:\program files\Foxmarks\IE Extension\foxmarksdll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 09:22 3186440 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 09:22 3186440 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-01 2292672]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CalyxWebCasterDesktop"="c:\program files\Calyx Software\WebCasterDesktop\WebCasterDesktop.exe" [2008-04-10 880640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-21 137752]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CstlFaxTray"="c:\program files\Castelle\FaxPress Plus\FaxTray.Exe" [2007-02-16 56384]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PDFPrint"="c:\program files\pdf24\PDFBackend.exe" [2008-01-31 134144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-07-12 7168]
Foxmarks Favorites Synchronizer.lnk - c:\program files\Foxmarks\IE Extension\foxmarkssync.exe [2008-11-21 892928]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-08-01 1690824]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-07-17 6144]
Xpress Mail Professional Edition.lnk - c:\program files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe [2008-10-16 3082352]
Yahoo! Autosync.lnk - c:\program files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-08-21 391680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 09:07 96008 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^peachesv^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\peachesv\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^peachesv^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\peachesv\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 06:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 09:51 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
--a------ 2001-05-22 17:13 55296 c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Atari Icon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
--a------ 2001-05-22 17:17 49152 c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-03-21 17:30 1191936 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 06:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 09:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-07-12 03:51 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 12:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
--a------ 2008-01-31 07:17 134144 c:\program files\pdf24\PDFBackend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2008-02-26 07:57 128296 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 15:51 36864 c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-09 22:18 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2002-12-03 12:21 143360 c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Intellisync\\PushSyncService\\PushSyncService.exe"=
"c:\\Program Files\\Castelle\\FaxPress Plus\\FaxPressPlus.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xpress Mail\\Professional Editon\\XpressMailDesktopClient.exe"=
"c:\\Program Files\\Xpress Mail\\Professional Editon\\Connection.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-17 97928]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-07-12 30064]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\Drivers\hwinterface32B01.sys [2008-09-08 4930]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-17 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-17 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-17 76040]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-07-21 24652]
R2 XobniService;XobniService;"c:\program files\Xobni\XobniService.exe" [2008-09-17 36352]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-12 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-07-12 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-07-12 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-07-12 235200]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F9.tmp []
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2008-07-28 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2008-07-28 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2008-07-28 21081]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2008-11-12 18432]
S3 VNUSB;VN Series Device;c:\windows\system32\DRIVERS\VNUSB.sys [2008-08-12 38496]
S4 AutoSyncService;Memeo AutoSync ;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28cfdcae-9233-11dd-88be-002186487e2b}]
\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe
.

Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = ;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\peachesv\Application Data\Mozilla\Firefox\Profiles\9n8uvd6e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 21:49:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F9.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1800)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll

- - - - - - - > 'lsass.exe'(1856)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Xpress Mail\Professional Editon\Connection.exe
.
**************************************************************************
.
Completion time: 2008-12-04 21:56:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 05:55:59

Pre-Run: 137,787,830,272 bytes free
Post-Run: 137,865,781,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Hello.

Now open a new notepad file.
Input this into the notepad file:

Driver::
MEMSWEEP2

File::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
c:\windows\flashax.exe
c:\windows\impborl.dll
c:\documents and settings\peachesv\g2mdlhlpx.exe
c:\windows\system32\F9.tmp

Folder::
c:\program files\temp01

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

here you go, thank you!

ComboFix 08-12-04.04 - peachesv 2008-12-05 7:10:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2144 [GMT -8:00]
Running from: c:\documents and settings\peachesv\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\peachesv\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\documents and settings\peachesv\g2mdlhlpx.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\flashax.exe
c:\windows\impborl.dll
c:\windows\system32\F9.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\peachesv\g2mdlhlpx.exe
c:\program files\temp01\
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\flashax.exe
c:\windows\impborl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 10:00 . 2008-12-04 15:35 d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 10:00 . 2008-12-04 15:38 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 22:39 . 2008-12-03 22:39 d-------- c:\program files\Sophos
2008-12-03 21:38 . 2008-12-03 21:39 d-------- c:\documents and settings\peachesv\SmitfraudFix
2008-12-03 21:38 . 2008-12-03 21:59 4,348 --a------ c:\windows\system32\tmp.reg
2008-12-01 08:52 . 2008-12-01 08:52 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-11-29 23:02 . 2008-11-29 23:02 d-------- c:\program files\YouTube Downloader
2008-11-27 23:59 . 2008-11-27 23:59 d-------- c:\program files\Foxmarks
2008-11-27 00:05 . 2008-11-27 00:05 d-------- c:\program files\Lavasoft
2008-11-27 00:05 . 2008-11-27 00:06 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-27 00:04 . 2008-11-27 00:04 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-25 16:07 . 2008-11-25 16:39 d-------- c:\documents and settings\peachesv\Application Data\Sierra Wireless
2008-11-25 16:06 . 2008-11-25 16:06 d-------- c:\documents and settings\peachesv\Application Data\Sprint
2008-11-25 15:52 . 2008-10-15 11:58 27,072 --a------ c:\windows\system32\drivers\PCASp50.sys
2008-11-25 15:52 . 2005-03-15 11:11 17,920 --a------ c:\windows\system32\apintfnt.dll
2008-11-25 15:50 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-11-25 15:49 . 2008-11-25 15:49 d-------- c:\program files\Novatel Wireless
2008-11-25 15:49 . 2008-11-25 15:49 d-------- c:\program files\Common Files\Research in Motion
2008-11-25 15:49 . 2008-11-25 15:51 d-------- c:\program files\Common Files\Motorola Shared
2008-11-25 15:49 . 2008-11-25 15:49 d-------- c:\documents and settings\All Users\Application Data\Sprint
2008-11-25 10:08 . 2008-11-25 17:42 d-------- c:\program files\Sprint
2008-11-25 10:08 . 2008-11-25 17:42 d-------- c:\program files\Sierra Wireless
2008-11-24 14:00 . 2008-11-24 14:01 d-------- c:\program files\iTunes
2008-11-24 14:00 . 2008-11-24 14:00 d-------- c:\program files\iPod
2008-11-24 14:00 . 2008-11-24 14:01 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 10:49 . 2008-11-24 10:49 d-------- c:\program files\Trend Micro
2008-11-19 09:21 . 2008-11-19 09:21 93,128 --a------ c:\windows\system32\ElbyCDIO.dll
2008-11-12 17:09 . 2008-11-12 17:09 d-------- c:\program files\Common Files\Steinberg
2008-11-12 17:09 . 2008-11-12 17:09 d-------- c:\documents and settings\All Users\Application Data\Steinberg
2008-11-12 17:08 . 2008-11-12 17:08 d-------- c:\program files\Steinberg
2008-11-12 17:08 . 2008-11-12 17:08 d-------- c:\documents and settings\peachesv\Application Data\Steinberg
2008-11-12 17:07 . 2008-11-12 17:07 d-------- c:\documents and settings\All Users\Application Data\Syncrosoft
2008-11-12 17:07 . 2006-01-29 11:48 147,425 --a------ c:\windows\system32\SYNSOACC-Aide.chm
2008-11-12 17:07 . 2006-01-29 11:48 120,468 --a------ c:\windows\system32\SYNSOACC-Hilfe.chm
2008-11-12 17:07 . 2006-01-29 11:48 114,279 --a------ c:\windows\system32\SYNSOACC-Help.chm
2008-11-12 17:07 . 2006-01-29 11:48 45,056 --a------ c:\windows\system32\Synsopos.exe
2008-11-12 17:07 . 2006-11-23 17:20 18,432 --a------ c:\windows\system32\drivers\synasUSB.sys
2008-11-12 17:07 . 2008-11-12 17:07 2,892 --a------ c:\windows\system32\audcon.sys
2008-11-12 17:06 . 2008-11-12 17:07 d-------- c:\program files\Syncrosoft
2008-11-12 17:06 . 2007-10-19 18:08 765,952 --a------ c:\windows\system32\SYNSOACC.dll
2008-11-12 17:06 . 2006-01-29 11:48 147,456 --a------ c:\windows\system32\SynsoLChk.dll
2008-11-12 04:48 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 04:47 . 2008-09-04 09:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 14:26 . 2008-11-06 14:26 d-------- c:\program files\Toshiba
2008-11-06 14:26 . 2007-04-23 16:39 113,920 --a------ c:\windows\system32\drivers\tosrfbd.sys
2008-11-06 14:26 . 2006-10-05 16:07 73,600 --a------ c:\windows\system32\drivers\Tosrfhid.sys
2008-11-06 14:26 . 2005-08-01 16:45 64,896 --a------ c:\windows\system32\drivers\tosrfcom.sys
2008-11-06 14:26 . 2007-04-10 20:29 41,856 --a------ c:\windows\system32\drivers\tosrfusb.sys
2008-11-06 14:26 . 2006-10-10 19:33 41,600 --a------ c:\windows\system32\drivers\tosporte.sys
2008-11-06 14:26 . 2006-11-20 17:55 36,480 --a------ c:\windows\system32\drivers\tosrfbnp.sys
2008-11-06 14:26 . 2005-01-06 13:42 18,612 --a------ c:\windows\system32\drivers\tosrfnds.sys
2008-11-06 14:20 . 2007-01-16 10:22 31,744 --a------ c:\windows\system32\drivers\csrbcxp.sys
2008-11-06 14:19 . 2008-11-06 14:19 d-------- c:\windows\OPTIONS
2008-11-06 14:19 . 2008-11-06 14:19 d-------- c:\program files\Realtek
2008-11-05 10:27 . 2008-11-05 10:27 1,805,969 --a------ c:\windows\Desert Ghost Towns.exe
2008-11-05 10:27 . 2008-11-05 10:27 254,232 --a------ c:\windows\Desert Ghost Towns.scr
2008-11-05 10:27 . 2008-11-05 10:27 30,208 --a------ c:\windows\mickey32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 15:14 --------- d-----w c:\documents and settings\peachesv\Application Data\Orbit
2008-12-05 05:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 02:51 --------- d-----w c:\program files\Orbitdownloader
2008-12-04 05:48 --------- d-----w c:\program files\Google
2008-12-03 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-26 21:49 --------- d-----w c:\program files\QuickTime
2008-11-26 00:07 --------- d-----w c:\documents and settings\peachesv\Application Data\Stamps.com Internet Postage
2008-11-24 21:58 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-16 05:09 --------- d-----w c:\program files\The Logo Creator v5
2008-11-06 22:28 --------- d-----w c:\program files\DellTPad
2008-11-06 22:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-30 20:31 --------- d-----w c:\program files\Haunted Hotel
2008-10-30 05:55 --------- d-----w c:\program files\Family Feud
2008-10-30 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Grey Alien Games
2008-10-30 03:05 --------- d-----w c:\program files\Hide and Secret 2 - Cliffhanger Castle
2008-10-30 02:27 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-10-30 02:25 --------- d-----w c:\program files\bfgclient
2008-10-24 20:21 --------- d-----w c:\documents and settings\peachesv\Application Data\FrostWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 14:31 --------- d-----w c:\documents and settings\peachesv\Application Data\WebCasterDesktop
2008-10-17 02:41 --------- d-----w c:\program files\Xpress Mail
2008-10-15 19:58 38,680 ----a-w c:\windows\system32\drivers\pctnullport.sys
2008-10-15 19:58 24,840 ----a-w c:\windows\system32\drivers\swmsflt.sys
2008-10-15 19:58 222,720 ----a-w c:\windows\system32\drivers\NWADIenum.sys
2008-10-15 19:58 171,144 ----a-w c:\windows\system32\drivers\SWNC5E00.sys
2008-10-15 19:58 149,512 ----a-w c:\windows\system32\drivers\swmx00.sys
2008-10-09 04:36 --------- d-----w c:\program files\Tune Tools for iPod Multimedia Edition
2008-10-09 04:23 --------- d-----w c:\program files\Java
2008-10-09 00:12 --------- d-----w c:\program files\Xobni
2008-10-08 03:10 --------- d-----w c:\program files\Paint.NET
2008-10-06 03:32 --------- d-----w c:\program files\Web Publish
2008-10-05 23:31 --------- d-----w c:\program files\The Print Shop 21
2008-10-05 23:30 --------- d-----w c:\program files\Common Files\Broderbund
2008-10-05 23:28 --------- d-----w c:\program files\NZRVR
2008-10-05 23:28 --------- d-----w c:\program files\Connection Wizard
2008-09-08 05:08 491,520 ----a-w c:\windows\izzardScreenSaverJamRun2.scr
2008-09-02 00:57 172 ----a-w c:\documents and settings\peachesv\Application Data\wklnhst.dat
2008-08-24 00:50 0 ----a-w c:\program files\temp01
2008-07-12 11:44 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( snapshot@2008-12-04_21.55.34.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-05 04:09:12 64,262 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-05 05:54:00 64,262 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-05 04:09:12 405,878 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-05 05:54:00 405,878 ----a-w c:\windows\system32\perfh009.dat

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2A71ABA-3939-43B2-BD8F-8C1767EF9020}]
2008-11-21 15:02 163840 --a------ c:\program files\Foxmarks\IE Extension\foxmarksdll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 09:22 3186440 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 09:22 3186440 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-01 2292672]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CalyxWebCasterDesktop"="c:\program files\Calyx Software\WebCasterDesktop\WebCasterDesktop.exe" [2008-04-10 880640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-21 137752]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"CstlFaxTray"="c:\program files\Castelle\FaxPress Plus\FaxTray.Exe" [2007-02-16 56384]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PDFPrint"="c:\program files\pdf24\PDFBackend.exe" [2008-01-31 134144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-07-12 7168]
Foxmarks Favorites Synchronizer.lnk - c:\program files\Foxmarks\IE Extension\foxmarkssync.exe [2008-11-21 892928]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-08-01 1690824]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-07-17 6144]
Xpress Mail Professional Edition.lnk - c:\program files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe [2008-10-16 3082352]
Yahoo! Autosync.lnk - c:\program files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-08-21 391680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 09:07 96008 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^peachesv^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\peachesv\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^peachesv^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\peachesv\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 06:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 09:51 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
--a------ 2001-05-22 17:13 55296 c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Atari Icon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
--a------ 2001-05-22 17:17 49152 c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-03-21 17:30 1191936 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
--a------ 2007-10-11 06:49 465136 c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-03-11 09:44 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-07-12 03:51 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 12:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
--a------ 2008-01-31 07:17 134144 c:\program files\pdf24\PDFBackend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2008-02-26 07:57 128296 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 15:51 36864 c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-09 22:18 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2002-12-03 12:21 143360 c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Intellisync\\PushSyncService\\PushSyncService.exe"=
"c:\\Program Files\\Castelle\\FaxPress Plus\\FaxPressPlus.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xpress Mail\\Professional Editon\\XpressMailDesktopClient.exe"=
"c:\\Program Files\\Xpress Mail\\Professional Editon\\Connection.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-17 97928]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-07-12 30064]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\Drivers\hwinterface32B01.sys [2008-09-08 4930]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-17 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-17 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-07-17 76040]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-07-21 24652]
R2 XobniService;XobniService;"c:\program files\Xobni\XobniService.exe" [2008-09-17 36352]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-12 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-07-12 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-07-12 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-07-12 235200]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [2008-07-28 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [2008-07-28 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [2008-07-28 21081]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2008-11-12 18432]
S3 VNUSB;VN Series Device;c:\windows\system32\DRIVERS\VNUSB.sys [2008-08-12 38496]
S4 AutoSyncService;Memeo AutoSync ;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28cfdcae-9233-11dd-88be-002186487e2b}]
\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = ;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\peachesv\Application Data\Mozilla\Firefox\Profiles\9n8uvd6e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 07:17:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1800)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll

- - - - - - - > 'lsass.exe'(1856)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Common Files\Intellisync\PushSyncService\PushSyncService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Xpress Mail\Professional Editon\Connection.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2008-12-05 7:22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 15:22:54
ComboFix2.txt 2008-12-05 05:56:04

Pre-Run: 137,842,151,424 bytes free
Post-Run: 137,823,588,352 bytes free

473 --- E O F --- 2008-11-12 18:53:29

Looks good, how is everything?

It's been running fine since I was able to stop a few processes a few nights ago and disable them. I just didn't want any of the keylogger/backdoor stuff on there, as I do a lot of financial transactions online.

Thank you so much, and if anything else happens, I'll be back ;)

Hello.
Glad to hear it.
But we aren't done yet, we have to get Java updated.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Ok, here it is...

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Dec 05 10:22:35 2008

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\Classes\JavaPlugin.160

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

------------------------------------

Finished reporting.