Krepper - G and Win32.Small.kj

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-03 949376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-03-31 2277232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kimina\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2009-03-31 115056]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-03 15424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-27 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-27 15504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{015fc16c-09fb-11de-b244-806d6172696f}]
\Shell\AutoRun\command - F:\monsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1c4bc2-1a54-11de-9a3b-001cc0755738}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0ec9e34-f4cf-11dd-8da3-001cc0755738}]
\Shell\AutoRun\command - K:\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-839522115-1004.job
- c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 17:38]

2009-04-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]

2009-04-06 c:\windows\Tasks\Malwarebytes' Scheduled Update for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/internet/mybigpond/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E1C2CA2F-B009-43DB-AAEB-3433D7E8F1E7} = 61.9.211.33,61.9.211.1
FF - ProfilePath - c:\documents and settings\Kimina\Application Data\Mozilla\Firefox\Profiles\aba8c5y6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bigpond.com/internet/mybigpond/
FF - plugin: c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 02:21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-04-07 2:22:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 16:22:33
ComboFix2.txt 2009-04-06 15:44:35
ComboFix3.txt 2009-04-05 02:59:48

Pre-Run: 180,593,336,320 bytes free
Post-Run: 180,576,178,176 bytes free

322 --- E O F --- 2009-03-20 00:13:17

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

Once TeaTimer is disabled, download this file ResetTeaTimer.bat.
If you use using Firefox, right click the link and choose "Save Link As..."
Double click on ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Let me know how the machine is running now.

Hi Belahzur,

I've run scans with Malwarebytes' and Spybot, rebooted and run them both again.

So far there is no sign of an infection.

The link for ResetTeaTimer.bat is not working, I have tried it in IE, Firefox and Chrome.

Please advise further.

Doesn't matter than.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Oops...my mistake, it turns out I unchecked Resident in the right hand column instead of highlighting it in the left hand column then unchecking Resident Tea Timer in the right hand column.

I ran the .bat file and uninstalled ComboFix.

Thank you so much for time and help.

I'll have a look at the feedback form as soon as I wake up in a few hours.

Hello again Belahzur,

Just when we thought it was safe to go back into the water....

I don't know what has changed other than I had dialup speed for one day then I reboot my PC this morning and find that I am infected again...
Krepper G is the same as before in Spybot S&D

(SBI $710353AD) System Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i386p
(SBI $BBCD2521) System Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i386p
(SBI $B68258E1) System Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\i386p

and

Win32.Small.kj

(SBI $4CEF22AE) System Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xpdx

Please advise me further

What did you do after we cleaned this up?

Run any programs? because any one of what you run could possibly be infected.

Download and run Combofix again.

I ran standard programs I normally run yesterday after the clean up, I also ran another scan before I went to bed and everything was fine.

No trace of infection in NOD32, Spybot S&D or Malwarebytes'.

This evening when a scan was run the infection was picked up.

I ran Adobe Acrobat Professional 9 this afternoon, MS Outlook, MS Word, MS Excel and someone in the household played a game.

here is the log...

ComboFix 09-04-04.01 - Kimina 2009-04-09 1:42:46.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1541 [GMT 10:00]
Running from: c:\documents and settings\Kimina\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_FNHOJE
-------\Service_I386P
-------\Service_QWER78
-------\Service_WER32


((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 13:42 . 2009-04-07 13:42 d---s---- c:\documents and settings\Mum&Dad\UserData
2009-04-06 19:15 . 2009-04-07 13:59 d-------- c:\program files\SpywareBlaster
2009-04-06 19:14 . 2009-04-09 01:38 d-------- c:\program files\SpywareGuard
2009-04-05 15:57 . 2009-04-05 15:57 d-------- c:\documents and settings\Mum&Dad\Application Data\Simply Super Software
2009-04-05 11:28 . 2009-04-05 11:28 d-------- c:\program files\Eraser
2009-04-05 11:28 . 2009-04-05 11:28 d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-04-04 22:22 . 2009-04-04 22:22 d-------- c:\documents and settings\Mum&Dad\Application Data\PlayFirst
2009-04-04 22:22 . 2009-04-07 10:04 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-04 20:23 . 2009-04-04 20:23 d-------- c:\documents and settings\Mum&Dad\Application Data\URSoft
2009-04-04 18:37 . 2009-04-04 18:37 d-------- c:\program files\Rockstar Games
2009-04-04 18:35 . 2009-04-04 20:54 d-------- c:\program files\DAEMON Tools
2009-04-04 18:35 . 2009-04-04 18:35 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-04-04 18:34 . 2009-04-04 18:34 d-------- c:\documents and settings\Mum&Dad\Application Data\ImgBurn
2009-04-04 15:39 . 2009-04-04 16:23 d-------- c:\windows\system32\NtmsData
2009-04-04 14:09 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll
2009-04-04 14:09 . 2009-04-08 22:02 350,192 --a------ c:\windows\system32\vsconfig.xml
2009-04-04 00:40 . 2009-04-04 00:48 d-------- c:\documents and settings\Kimina\Application Data\ImgBurn
2009-04-04 00:39 . 2009-04-04 00:39 d-------- c:\program files\ImgBurn
2009-04-04 00:28 . 2000-07-21 10:40 2,048 --a------ C:\w2ksect.bin
2009-04-04 00:00 . 2009-04-04 00:21 d-------- C:\XPSetup
2009-04-03 22:44 . 2009-04-04 10:28 27,612 --a------ c:\windows\syscall.dat
2009-04-03 15:41 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-04-03 15:41 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-03 15:41 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-04-03 15:41 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-04-03 15:41 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-04-03 15:40 . 2009-04-06 01:27 d-------- c:\program files\Trojan Remover
2009-04-03 15:40 . 2009-04-03 15:40 d-------- c:\documents and settings\Kimina\Application Data\Simply Super Software
2009-04-03 15:40 . 2009-04-03 15:40 d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-02 15:27 . 2009-04-02 15:27 d-------- c:\documents and settings\Mum&Dad\Application Data\TypingMaster7
2009-04-02 15:26 . 2009-04-02 15:26 d-------- c:\documents and settings\Mum&Dad\Application Data\Malwarebytes
2009-04-02 09:30 . 2009-04-02 09:35 d-------- c:\program files\Spybot - Search & Destroy
2009-04-01 13:21 . 2009-04-01 13:26 d-------- c:\documents and settings\Kimina\Application Data\TypingMaster7
2009-04-01 12:51 . 2009-04-01 12:51 2,802 --a------ c:\windows\Sobotta.sam
2009-04-01 12:47 . 2009-04-01 12:47 338 --a------ c:\windows\Sobotta.ntz
2009-04-01 12:47 . 2009-04-01 12:48 29 --a------ c:\windows\BSL.INI
2009-04-01 08:54 . 2009-04-04 10:28 d--h-c--- c:\documents and settings\All Users\Application Data\{298A24DC-2111-4597-BF26-E3847C84C04B}
2009-03-31 14:02 . 2009-03-31 14:02 d-------- c:\documents and settings\Kimina\Application Data\XemiComputers
2009-03-30 17:03 . 2009-03-30 17:03 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-30 16:06 . 2009-03-30 16:06 d-------- c:\documents and settings\Kimina\Application Data\Nero
2009-03-30 15:53 . 2009-03-30 15:53 d-------- c:\program files\Nero
2009-03-30 15:53 . 2009-04-02 15:39 d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-30 12:01 . 2009-03-30 12:01 d-------- c:\program files\SEC
2009-03-30 11:56 . 2009-03-30 11:56 d-------- c:\documents and settings\Kimina\Application Data\InstallShield
2009-03-29 16:12 . 2009-03-29 16:12 d-------- C:\Share
2009-03-29 16:12 . 2009-03-29 16:20 d-------- c:\documents and settings\Mum&Dad\Application Data\Thinstall
2009-03-27 17:03 . 2009-04-07 16:08 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 17:03 . 2009-03-27 17:03 d-------- c:\documents and settings\Kimina\Application Data\Malwarebytes
2009-03-27 17:03 . 2009-03-27 17:03 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 17:03 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 17:03 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-27 13:55 . 2009-03-27 13:55 d-------- c:\program files\SonicWallES
2009-03-27 10:52 . 2009-03-31 19:20 72,584 --a------ c:\windows\zllsputility.exe
2009-03-27 08:18 . 2008-04-14 04:40 43,904 --a------ c:\windows\system32\drivers\sbp2port.sys
2009-03-27 08:18 . 2008-04-14 04:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2009-03-25 19:31 . 2009-03-25 19:31 d-------- c:\program files\Zone Labs
2009-03-25 12:01 . 2004-01-22 19:06 157,696 --a------ c:\windows\system32\unrar.dll
2009-03-25 11:52 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-03-22 19:53 . 2009-03-27 17:06 d-------- c:\program files\FLAC
2009-03-22 14:55 . 2009-04-02 20:57 dr------- c:\program files\TypingMaster
2009-03-18 10:48 . 2009-03-31 23:31 490 --a------ c:\windows\system32\spupdsvc.inf
2009-03-18 10:43 . 2009-03-18 10:43 d-------- c:\windows\system32\URTTEMP
2009-03-18 09:59 . 2009-03-18 09:59 d-------- c:\windows\system32\windows media
2009-03-18 09:56 . 2009-03-18 09:59 d--h----- c:\windows\msdownld.tmp
2009-03-18 09:55 . 2009-03-18 09:55 d-------- c:\program files\Windows Media Components
2009-03-14 09:43 . 2008-04-07 05:38 45,392 --a------ c:\windows\system32\AdobePDF.dll
2009-03-14 09:43 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\program files\iTunes
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\program files\iPod
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 19:34 . 2009-03-13 19:34 d-------- c:\program files\Innovative Logic
2009-03-13 19:34 . 1998-10-02 07:00 1,674,280 --a------ c:\windows\system32\OLCH2X32.OCX
2009-03-13 19:34 . 1999-11-16 11:09 222,416 --a------ c:\windows\system32\mhlist32.ocx
2009-03-13 19:34 . 2000-05-22 01:00 203,976 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-13 19:34 . 1999-05-06 23:00 140,288 --a------ c:\windows\system32\comdlg32.ocx
2009-03-13 19:34 . 1998-12-17 09:29 139,264 --a------ c:\windows\system32\ccrpfd.ocx
2009-03-13 19:34 . 2000-01-03 11:50 122,880 --a------ c:\windows\system32\ftpx.ocx
2009-03-13 19:34 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-03-13 19:34 . 1999-12-20 15:53 57,344 --a------ c:\windows\system32\BC32R60.dll
2009-03-12 18:06 . 2004-07-14 12:54 676,864 --a------ c:\windows\system32\drivers\hardlock.sys
2009-03-12 18:06 . 2009-03-12 18:06 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-03-12 18:06 . 2009-03-12 18:06 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-03-12 18:06 . 2009-02-02 21:07 2,577 --a------ c:\windows\system32\config.hsp
2009-03-12 18:06 . 2009-03-12 18:06 383 --a------ c:\windows\system32\haspdos.sys
2009-03-11 19:11 . 2009-04-01 13:15 d-------- c:\program files\Common Files\LightScribe
2009-03-11 13:45 . 2009-03-11 13:45 d-------- c:\documents and settings\Mum&Dad\Application Data\Ashampoo
2009-03-10 23:09 . 2009-03-10 23:09 d-------- c:\program files\LizardTech
2009-03-09 17:12 . 2009-03-25 19:36 d-------- c:\documents and settings\All Users\Application Data\Soulseek
2009-03-09 17:05 . 2009-03-09 17:11 d-------- c:\program files\SoulseekNS
2009-03-09 15:02 . 2008-04-14 10:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-09 13:47 . 2009-03-09 14:02 d-------- c:\program files\Windows Media Connect 2
2009-03-09 13:45 . 2009-03-10 23:53 d-------- c:\windows\system32\LogFiles
2009-03-09 13:45 . 2009-03-09 13:46 d-------- c:\windows\system32\drivers\UMDF
2009-03-08 12:38 . 2009-03-08 17:23 d-------- c:\program files\CheckPoint
2009-03-08 12:38 . 2009-03-08 12:38 144 --a------ c:\windows\system32\lkfl.dat
2009-03-08 12:38 . 2009-03-08 17:22 96 --a------ c:\windows\system32\pdfl.dat
2009-03-08 12:38 . 2009-03-08 12:38 80 --a------ c:\windows\system32\ibfl.dat
2009-03-08 11:12 . 2008-04-14 10:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-08 11:12 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 15:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 13:18 --------- d-----w c:\documents and settings\Kimina\Application Data\Adobe-BackupByPhotoshopPortable
2009-04-08 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 00:24 --------- d-----w c:\program files\QuickTime
2009-04-05 05:12 --------- d-----w c:\documents and settings\Kimina\Application Data\Thinstall
2009-04-05 02:45 --------- d-----w c:\program files\ESET
2009-04-04 08:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 00:38 --------- d-----w c:\program files\Java
2009-04-04 00:28 --------- d-----w c:\program files\AntiLogger
2009-04-03 22:48 --------- d-----w c:\program files\Common Files\Apple
2009-04-03 06:22 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\SolSuite
2009-04-01 10:00 --------- d-----w c:\documents and settings\Kimina\Application Data\SolSuite
2009-04-01 03:12 --------- d-----w c:\program files\Ashampoo
2009-03-30 09:00 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-30 05:35 --------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-28 14:05 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-25 09:55 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 09:55 --------- d-----w c:\program files\Lavasoft
2009-03-25 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-23 02:03 --------- d-----w c:\program files\SolSuite
2009-03-18 14:45 --------- d-----w c:\documents and settings\Kimina\Application Data\Apple Computer
2009-03-13 23:43 --------- d-----w c:\program files\Common Files\Adobe
2009-03-11 03:03 --------- d-----w c:\program files\Your Uninstaller 2008
2009-03-07 07:09 --------- d-----w c:\program files\JockerSoft
2009-03-07 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-06 04:57 --------- d-----w c:\documents and settings\Kimina\Application Data\Vso
2009-03-06 04:55 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-06 04:55 47,360 ----a-w c:\documents and settings\Kimina\Application Data\pcouffin.sys
2009-03-06 04:55 --------- d-----w c:\program files\VSO
2009-03-06 04:43 --------- d-----w c:\documents and settings\Kimina\Application Data\Ashampoo
2009-03-06 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-03-06 04:41 --------- d-----w c:\program files\Xilisoft
2009-03-05 04:55 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\Apple Computer
2009-03-05 01:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-04 07:05 --------- d-----w c:\program files\Common Files\OverDrive Shared
2009-03-04 07:04 --------- d-----w c:\program files\Common Files\L&H
2009-03-04 07:03 --------- d-----w c:\program files\Microsoft Reader
2009-03-04 07:02 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-04 06:55 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-04 03:54 --------- d-----w c:\documents and settings\Kimina\Application Data\Librarian Pro
2009-03-04 03:53 --------- d-----w c:\program files\Koingo Software
2009-03-03 10:00 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-03 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-03-03 03:31 --------- d-----w c:\program files\DFX
2009-03-03 03:31 --------- d-----w c:\program files\Common Files\DFX
2009-02-23 05:33 --------- d-----w c:\program files\TechSmith
2009-02-23 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-02-20 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2009-02-17 11:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-17 09:04 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\eGames
2009-02-16 00:54 --------- d-----w c:\program files\Windows Sidebar
2009-02-14 03:13 --------- d-----w c:\program files\MSXML 4.0
2009-02-12 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2009-02-12 04:05 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-11 15:02 --------- d-----w c:\program files\Family Tree Maker 2009
2009-02-11 15:02 --------- d-----w c:\program files\AoA MP4 Converter
2009-02-11 07:47 --------- d-----w c:\program files\DivX
2009-02-11 07:46 --------- d-----w c:\program files\DirectX 9.0c
2009-02-10 04:57 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\TuneUp Software
2009-02-09 07:17 --------- d-----w c:\program files\Google
2009-02-09 07:09 --------- d-----w c:\documents and settings\Kimina\Application Data\URSoft
2009-02-09 07:00 --------- d-----w c:\program files\Yahoo!
2009-02-09 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-09 06:40 --------- d-----w c:\documents and settings\Kimina\Application Data\TuneUp Software
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-02-09 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-02-08 06:34 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\Canon
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-03 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-03-31 2277232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kimina\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2009-03-31 115056]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-03 15424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-27 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-27 15504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{015fc16c-09fb-11de-b244-806d6172696f}]
\Shell\AutoRun\command - F:\monsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1c4bc2-1a54-11de-9a3b-001cc0755738}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0ec9e34-f4cf-11dd-8da3-001cc0755738}]
\Shell\AutoRun\command - K:\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-839522115-1004.job
- c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 17:38]

2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]

2009-04-08 c:\windows\Tasks\Malwarebytes' Scheduled Update for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/internet/mybigpond/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {E1C2CA2F-B009-43DB-AAEB-3433D7E8F1E7} = 61.9.211.33,61.9.211.1
FF - ProfilePath - c:\documents and settings\Kimina\Application Data\Mozilla\Firefox\Profiles\aba8c5y6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bigpond.com/internet/mybigpond/
FF - plugin: c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 01:46:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-09 1:48:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 15:48:53
ComboFix2.txt 2009-04-06 16:22:36

Pre-Run: 180,815,441,920 bytes free
Post-Run: 180,757,225,472 bytes free

293 --- E O F --- 2009-03-20 00:13:17

Lets run another CFScript.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
Lbd

File::
C:\w2ksect.bin

DirLook::
C:\Share
C:\XPSetup

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\java.exe"=-
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{015fc16c-09fb-11de-b244-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1c4bc2-1a54-11de-9a3b-001cc0755738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0ec9e34-f4cf-11dd-8da3-001cc0755738}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-04-04.01 - Kimina 2009-04-09 9:00:37.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1587 [GMT 10:00]
Running from: c:\documents and settings\Kimina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kimina\Desktop\CFscript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
C:\w2ksect.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\w2ksect.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LBD
-------\Service_FNHOJE
-------\Service_I386P
-------\Service_Lbd
-------\Service_QWER78
-------\Service_WER32
-------\Service_XPDX


((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 13:42 . 2009-04-07 13:42 d---s---- c:\documents and settings\Mum&Dad\UserData
2009-04-06 19:15 . 2009-04-07 13:59 d-------- c:\program files\SpywareBlaster
2009-04-06 19:14 . 2009-04-09 01:51 d-------- c:\program files\SpywareGuard
2009-04-05 15:57 . 2009-04-05 15:57 d-------- c:\documents and settings\Mum&Dad\Application Data\Simply Super Software
2009-04-05 11:28 . 2009-04-05 11:28 d-------- c:\program files\Eraser
2009-04-05 11:28 . 2009-04-05 11:28 d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-04-04 22:22 . 2009-04-04 22:22 d-------- c:\documents and settings\Mum&Dad\Application Data\PlayFirst
2009-04-04 22:22 . 2009-04-07 10:04 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-04 20:23 . 2009-04-04 20:23 d-------- c:\documents and settings\Mum&Dad\Application Data\URSoft
2009-04-04 18:37 . 2009-04-04 18:37 d-------- c:\program files\Rockstar Games
2009-04-04 18:35 . 2009-04-04 20:54 d-------- c:\program files\DAEMON Tools
2009-04-04 18:35 . 2009-04-04 18:35 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-04-04 18:34 . 2009-04-04 18:34 d-------- c:\documents and settings\Mum&Dad\Application Data\ImgBurn
2009-04-04 15:39 . 2009-04-04 16:23 d-------- c:\windows\system32\NtmsData
2009-04-04 14:09 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll
2009-04-04 14:09 . 2009-04-09 08:54 350,192 --a------ c:\windows\system32\vsconfig.xml
2009-04-04 00:40 . 2009-04-04 00:48 d-------- c:\documents and settings\Kimina\Application Data\ImgBurn
2009-04-04 00:39 . 2009-04-04 00:39 d-------- c:\program files\ImgBurn
2009-04-04 00:00 . 2009-04-04 00:21 d-------- C:\XPSetup
2009-04-03 22:44 . 2009-04-04 10:28 27,612 --a------ c:\windows\syscall.dat
2009-04-03 15:41 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-04-03 15:41 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-03 15:41 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-04-03 15:41 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-04-03 15:41 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-04-03 15:40 . 2009-04-06 01:27 d-------- c:\program files\Trojan Remover
2009-04-03 15:40 . 2009-04-03 15:40 d-------- c:\documents and settings\Kimina\Application Data\Simply Super Software
2009-04-03 15:40 . 2009-04-03 15:40 d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-02 15:27 . 2009-04-02 15:27 d-------- c:\documents and settings\Mum&Dad\Application Data\TypingMaster7
2009-04-02 15:26 . 2009-04-02 15:26 d-------- c:\documents and settings\Mum&Dad\Application Data\Malwarebytes
2009-04-02 09:30 . 2009-04-02 09:35 d-------- c:\program files\Spybot - Search & Destroy
2009-04-01 13:21 . 2009-04-01 13:26 d-------- c:\documents and settings\Kimina\Application Data\TypingMaster7
2009-04-01 12:51 . 2009-04-01 12:51 2,802 --a------ c:\windows\Sobotta.sam
2009-04-01 12:47 . 2009-04-01 12:47 338 --a------ c:\windows\Sobotta.ntz
2009-04-01 12:47 . 2009-04-01 12:48 29 --a------ c:\windows\BSL.INI
2009-04-01 08:54 . 2009-04-04 10:28 d--h-c--- c:\documents and settings\All Users\Application Data\{298A24DC-2111-4597-BF26-E3847C84C04B}
2009-03-31 14:02 . 2009-03-31 14:02 d-------- c:\documents and settings\Kimina\Application Data\XemiComputers
2009-03-30 17:03 . 2009-03-30 17:03 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-30 16:06 . 2009-03-30 16:06 d-------- c:\documents and settings\Kimina\Application Data\Nero
2009-03-30 15:53 . 2009-03-30 15:53 d-------- c:\program files\Nero
2009-03-30 15:53 . 2009-04-02 15:39 d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-30 12:01 . 2009-03-30 12:01 d-------- c:\program files\SEC
2009-03-30 11:56 . 2009-03-30 11:56 d-------- c:\documents and settings\Kimina\Application Data\InstallShield
2009-03-29 16:12 . 2009-03-29 16:12 d-------- C:\Share
2009-03-29 16:12 . 2009-03-29 16:20 d-------- c:\documents and settings\Mum&Dad\Application Data\Thinstall
2009-03-27 17:03 . 2009-04-07 16:08 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 17:03 . 2009-03-27 17:03 d-------- c:\documents and settings\Kimina\Application Data\Malwarebytes
2009-03-27 17:03 . 2009-03-27 17:03 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 17:03 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 17:03 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-27 13:55 . 2009-03-27 13:55 d-------- c:\program files\SonicWallES
2009-03-27 10:52 . 2009-03-31 19:20 72,584 --a------ c:\windows\zllsputility.exe
2009-03-27 08:18 . 2008-04-14 04:40 43,904 --a------ c:\windows\system32\drivers\sbp2port.sys
2009-03-27 08:18 . 2008-04-14 04:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2009-03-25 19:31 . 2009-03-25 19:31 d-------- c:\program files\Zone Labs
2009-03-25 12:01 . 2004-01-22 19:06 157,696 --a------ c:\windows\system32\unrar.dll
2009-03-25 11:52 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-03-22 19:53 . 2009-03-27 17:06 d-------- c:\program files\FLAC
2009-03-22 14:55 . 2009-04-02 20:57 dr------- c:\program files\TypingMaster
2009-03-18 10:48 . 2009-03-31 23:31 490 --a------ c:\windows\system32\spupdsvc.inf
2009-03-18 10:43 . 2009-03-18 10:43 d-------- c:\windows\system32\URTTEMP
2009-03-18 09:59 . 2009-03-18 09:59 d-------- c:\windows\system32\windows media
2009-03-18 09:56 . 2009-03-18 09:59 d--h----- c:\windows\msdownld.tmp
2009-03-18 09:55 . 2009-03-18 09:55 d-------- c:\program files\Windows Media Components
2009-03-14 09:43 . 2008-04-07 05:38 45,392 --a------ c:\windows\system32\AdobePDF.dll
2009-03-14 09:43 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\program files\iTunes
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\program files\iPod
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 19:34 . 2009-03-13 19:34 d-------- c:\program files\Innovative Logic
2009-03-13 19:34 . 1998-10-02 07:00 1,674,280 --a------ c:\windows\system32\OLCH2X32.OCX
2009-03-13 19:34 . 1999-11-16 11:09 222,416 --a------ c:\windows\system32\mhlist32.ocx
2009-03-13 19:34 . 2000-05-22 01:00 203,976 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-13 19:34 . 1999-05-06 23:00 140,288 --a------ c:\windows\system32\comdlg32.ocx
2009-03-13 19:34 . 1998-12-17 09:29 139,264 --a------ c:\windows\system32\ccrpfd.ocx
2009-03-13 19:34 . 2000-01-03 11:50 122,880 --a------ c:\windows\system32\ftpx.ocx
2009-03-13 19:34 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-03-13 19:34 . 1999-12-20 15:53 57,344 --a------ c:\windows\system32\BC32R60.dll
2009-03-12 18:06 . 2004-07-14 12:54 676,864 --a------ c:\windows\system32\drivers\hardlock.sys
2009-03-12 18:06 . 2009-03-12 18:06 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-03-12 18:06 . 2009-03-12 18:06 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-03-12 18:06 . 2009-02-02 21:07 2,577 --a------ c:\windows\system32\config.hsp
2009-03-12 18:06 . 2009-03-12 18:06 383 --a------ c:\windows\system32\haspdos.sys
2009-03-11 19:11 . 2009-04-01 13:15 d-------- c:\program files\Common Files\LightScribe
2009-03-11 13:45 . 2009-03-11 13:45 d-------- c:\documents and settings\Mum&Dad\Application Data\Ashampoo
2009-03-10 23:09 . 2009-03-10 23:09 d-------- c:\program files\LizardTech
2009-03-09 17:12 . 2009-03-25 19:36 d-------- c:\documents and settings\All Users\Application Data\Soulseek
2009-03-09 17:05 . 2009-03-09 17:11 d-------- c:\program files\SoulseekNS
2009-03-09 15:02 . 2008-04-14 10:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-09 13:47 . 2009-03-09 14:02 d-------- c:\program files\Windows Media Connect 2
2009-03-09 13:45 . 2009-03-10 23:53 d-------- c:\windows\system32\LogFiles
2009-03-09 13:45 . 2009-03-09 13:46 d-------- c:\windows\system32\drivers\UMDF
2009-03-08 12:38 . 2009-03-08 17:23 d-------- c:\program files\CheckPoint
2009-03-08 12:38 . 2009-03-08 12:38 144 --a------ c:\windows\system32\lkfl.dat
2009-03-08 12:38 . 2009-03-08 17:22 96 --a------ c:\windows\system32\pdfl.dat
2009-03-08 12:38 . 2009-03-08 12:38 80 --a------ c:\windows\system32\ibfl.dat
2009-03-08 11:12 . 2008-04-14 10:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-08 11:12 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 13:18 --------- d-----w c:\documents and settings\Kimina\Application Data\Adobe-BackupByPhotoshopPortable
2009-04-08 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 00:24 --------- d-----w c:\program files\QuickTime
2009-04-05 05:12 --------- d-----w c:\documents and settings\Kimina\Application Data\Thinstall
2009-04-05 02:45 --------- d-----w c:\program files\ESET
2009-04-04 08:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 00:38 --------- d-----w c:\program files\Java
2009-04-04 00:28 --------- d-----w c:\program files\AntiLogger
2009-04-03 22:48 --------- d-----w c:\program files\Common Files\Apple
2009-04-03 06:22 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\SolSuite
2009-04-01 10:00 --------- d-----w c:\documents and settings\Kimina\Application Data\SolSuite
2009-04-01 03:12 --------- d-----w c:\program files\Ashampoo
2009-03-30 09:00 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-30 05:35 --------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-28 14:05 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-25 09:55 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 09:55 --------- d-----w c:\program files\Lavasoft
2009-03-25 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-23 02:03 --------- d-----w c:\program files\SolSuite
2009-03-18 14:45 --------- d-----w c:\documents and settings\Kimina\Application Data\Apple Computer
2009-03-13 23:43 --------- d-----w c:\program files\Common Files\Adobe
2009-03-11 03:03 --------- d-----w c:\program files\Your Uninstaller 2008
2009-03-07 07:09 --------- d-----w c:\program files\JockerSoft
2009-03-07 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-06 04:57 --------- d-----w c:\documents and settings\Kimina\Application Data\Vso
2009-03-06 04:55 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-06 04:55 47,360 ----a-w c:\documents and settings\Kimina\Application Data\pcouffin.sys
2009-03-06 04:55 --------- d-----w c:\program files\VSO
2009-03-06 04:43 --------- d-----w c:\documents and settings\Kimina\Application Data\Ashampoo
2009-03-06 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-03-06 04:41 --------- d-----w c:\program files\Xilisoft
2009-03-05 04:55 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\Apple Computer
2009-03-05 01:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-04 07:05 --------- d-----w c:\program files\Common Files\OverDrive Shared
2009-03-04 07:04 --------- d-----w c:\program files\Common Files\L&H
2009-03-04 07:03 --------- d-----w c:\program files\Microsoft Reader
2009-03-04 07:02 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-04 06:55 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-04 03:54 --------- d-----w c:\documents and settings\Kimina\Application Data\Librarian Pro
2009-03-04 03:53 --------- d-----w c:\program files\Koingo Software
2009-03-03 10:00 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-03 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-03-03 03:31 --------- d-----w c:\program files\DFX
2009-03-03 03:31 --------- d-----w c:\program files\Common Files\DFX
2009-02-23 05:33 --------- d-----w c:\program files\TechSmith
2009-02-23 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-02-20 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2009-02-17 11:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-17 09:04 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\eGames
2009-02-16 00:54 --------- d-----w c:\program files\Windows Sidebar
2009-02-14 03:13 --------- d-----w c:\program files\MSXML 4.0
2009-02-12 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2009-02-12 04:05 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-11 15:02 --------- d-----w c:\program files\Family Tree Maker 2009
2009-02-11 15:02 --------- d-----w c:\program files\AoA MP4 Converter
2009-02-11 07:47 --------- d-----w c:\program files\DivX
2009-02-11 07:46 --------- d-----w c:\program files\DirectX 9.0c
2009-02-10 04:57 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\TuneUp Software
2009-02-09 07:17 --------- d-----w c:\program files\Google
2009-02-09 07:09 --------- d-----w c:\documents and settings\Kimina\Application Data\URSoft
2009-02-09 07:00 --------- d-----w c:\program files\Yahoo!
2009-02-09 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-09 06:40 --------- d-----w c:\documents and settings\Kimina\Application Data\TuneUp Software
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-02-09 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-02-08 06:34 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\Canon

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Share ----

2009-03-29 16:14 425984 --a------ c:\share\123\123 Previews.lrdata\thumbnail-cache.db
2009-03-29 16:13 54384 --a------ c:\share\123\123 Previews.lrdata\3\3F0D\3F0DA113-9CC0-4603-B02A-F255739CA2E8-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 49200 --a------ c:\share\123\123 Previews.lrdata\4\495A\495A0CEA-A330-437D-B0EA-3DC9FCEE0C8C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 47792 --a------ c:\share\123\123 Previews.lrdata\3\36EB\36EB9C0E-5943-4900-B397-E4B07CC59479-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 46448 --a------ c:\share\123\123 Previews.lrdata\8\8C9D\8C9D79D2-179B-49EB-8E42-5C1E102E67E2-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 43344 --a------ c:\share\123\123 Previews.lrdata\1\18A8\18A8DE76-D334-4A32-80A3-6395FB4423A8-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 42256 --a------ c:\share\123\123 Previews.lrdata\1\11A4\11A4DE69-938B-46EF-B045-60E94AA647D6-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 41280 --a------ c:\share\123\123 Previews.lrdata\E\E0F4\E0F4A186-902F-438A-AA45-A6566892A31C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 39776 --a------ c:\share\123\123 Previews.lrdata\F\FE39\FE393920-6C34-4446-B6A2-CFB431936E00-8865ddc80544b1a7b3f0a5961fe3a476-83.lr-preview.noindex
2009-03-29 16:13 39280 --a------ c:\share\123\123 Previews.lrdata\2\2C58\2C580518-E7CF-42A7-83F1-2E209D6DBDED-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 38944 --a------ c:\share\123\123 Previews.lrdata\7\7D59\7D5965F5-250C-4BD1-921B-B37C7D1123AC-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 38880 --a------ c:\share\123\123 Previews.lrdata\0\0E9D\0E9D74C9-9430-47DC-8366-7FEFA3CE9EC6-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 37360 --a------ c:\share\123\123 Previews.lrdata\1\175A\175A2FAF-105A-4564-AFC1-60FD285482B0-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 36880 --a------ c:\share\123\123 Previews.lrdata\B\BA74\BA74BC1C-F0B5-487E-90C0-C83D84219E9C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 35056 --a------ c:\share\123\123 Previews.lrdata\C\C79C\C79C3BF6-7041-4CF3-8679-421E706DFA9A-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 30288 --a------ c:\share\123\123 Previews.lrdata\2\2A77\2A7703B5-0001-4EDC-9AF1-5B922E3B6BC9-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 29920 --a------ c:\share\123\123 Previews.lrdata\5\543A\543AF073-5962-4CE9-94E7-DDB83E2B8E4C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 26160 --a------ c:\share\123\123 Previews.lrdata\B\B799\B799A05A-0344-4530-8845-3DDA4FB22752-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 26000 --a------ c:\share\123\123 Previews.lrdata\5\55A9\55A95D90-56F9-4E6F-8525-2613D24DF5BA-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex

---- Directory of C:\XPSetup ----

2009-04-04 00:08 10 --------- c:\xpsetup\WIN51IC.SP2
2009-04-04 00:07 10 --------- c:\xpsetup\WIN51IC.SP1
2009-04-04 00:07 10 --------- c:\xpsetup\WIN51IC
2009-04-04 00:05 10 --------- c:\xpsetup\WIN51
2008-07-06 22:06 89088 --------- c:\xpsetup\i386\filterpipelineprintproc.dll
2008-07-06 22:06 765440 --------- c:\xpsetup\i386\mxdwdrv.dll
2008-07-06 22:06 1676288 --------- c:\xpsetup\i386\xpssvcs.dll
2008-07-06 22:06 10929 --------- c:\xpsetup\i386\msxpsdrv.cat
2008-06-19 15:33 72 --------- c:\xpsetup\i386\msxpsinc.ppd
2008-06-19 15:33 2204 --------- c:\xpsetup\i386\msxpsdrv.inf
2008-06-19 11:03 73 --------- c:\xpsetup\i386\msxpsinc.gpd


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-03 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-03-31 2277232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kimina\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2009-03-31 115056]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-03 15424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-27 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-27 15504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-839522115-1004.job
- c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 17:38]

2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]

2009-04-08 c:\windows\Tasks\Malwarebytes' Scheduled Update for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/internet/mybigpond/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E1C2CA2F-B009-43DB-AAEB-3433D7E8F1E7} = 61.9.211.33,61.9.211.1
FF - ProfilePath - c:\documents and settings\Kimina\Application Data\Mozilla\Firefox\Profiles\aba8c5y6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bigpond.com/internet/mybigpond/
FF - plugin: c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 09:04:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-09 9:07:11 - machine was rebooted [Kimina]
ComboFix-quarantined-files.txt 2009-04-08 23:07:09
ComboFix2.txt 2009-04-08 15:48:56
ComboFix3.txt 2009-04-06 16:22:36

Pre-Run: 180,738,424,832 bytes free
Post-Run: 180,724,666,368 bytes free

323 --- E O F --- 2009-03-20 00:13:17

Hello.
This looks better now.
How is the machine running?