I just wanna check if the virus is still alive

I scanned my computer earlier and my AV found trojans on my pc. my Av moved it to the "quarantine" folder and i deleted it from there. So i just want to know if the trojan is still lurking in my pc. or is it really gone.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:16 AM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Avie\Application Data\Microsoft\svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\mod\Explorer2.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Avie\My Documents\HijackThis\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekpolice.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F2 - REG:system.ini: Shell=mod\Explorer2.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-M2BMT.exe" /REG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08AXLRD_25878656] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [svchost.exe] C:\Documents and Settings\Avie\Application Data\Microsoft\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Avie\Desktop\New folder\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Avie\Desktop\New folder\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Avie\Desktop\New folder\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200679934546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: rGMHN - {0837049D-A29D-AE37-A429-02CA4DB18520} - C:\WINDOWS\system32\usw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Premier Health Partners\PHP VPN Client\cvpnd.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Google Update Service (gupdate1c95c4184f44380) (gupdate1c95c4184f44380) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice129.exe

--
End of file - 12961 bytes

Hi

Please download ComboFix by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

sir. im scare of disabling my AV. is there other ways of checking? i might do it the wrong way and it may result to my computer to be broken T_T

Hi

If you do not disable the protection, then ComboFix will do it for you. Go ahead and run it, please. As long as you install the recovery console, you will be fine.

ComboFix 09-10-01.05 - Avie 10/04/2009 13:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.447 [GMT 4:00]
Running from: c:\documents and settings\Avie\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\ruby\bin\erb
c:\windows\Installer\1240383.msi
c:\windows\Installer\238818.msi
c:\windows\Installer\238819.msp
c:\windows\Installer\23881a.msp
c:\windows\Installer\23881b.msp
c:\windows\Installer\23881c.msp
c:\windows\Installer\23881d.msp
c:\windows\Installer\23881e.msp
c:\windows\Installer\23881f.msp
c:\windows\Installer\238820.msp
c:\windows\Installer\238821.msp
c:\windows\Installer\9e6b3.msi
c:\windows\system32\ctfmon .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\unrar.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABEL
-------\Legacy_gaopdxserv.sys
-------\Service_Abel
-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-09-26 06:58 . 2009-09-26 06:58 -------- d-----w- C:\0a42e74732b8ec784c2549
2009-09-26 06:54 . 2009-09-26 06:54 -------- d-----w- C:\105046ac981aabfb8a
2009-09-23 16:18 . 2009-09-23 19:10 -------- d-----w- c:\program files\Any Video Converter
2009-09-22 16:44 . 2009-09-25 09:01 -------- d-----w- c:\program files\Cool Music Converter
2009-09-21 18:34 . 2009-09-21 18:34 -------- d-----w- c:\documents and settings\Avie\Local Settings\Application Data\Yahoo!
2009-09-14 09:58 . 2009-09-14 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-14 09:58 . 2009-09-14 09:58 -------- d-----w- c:\program files\NOS
2009-09-09 06:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 20:01 . 2008-01-19 03:47 -------- d-----w- c:\program files\Java
2009-10-02 19:44 . 2009-01-23 19:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 14:40 . 2008-06-12 02:13 -------- d-----w- c:\documents and settings\Avie\Application Data\gtk-2.0
2009-10-02 09:24 . 2009-01-07 09:38 -------- d-----w- c:\documents and settings\Avie\Application Data\uTorrent
2009-09-30 15:20 . 2009-06-25 18:23 -------- d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2009-09-29 09:44 . 2009-02-13 17:21 -------- d-----w- c:\documents and settings\Avie\Application Data\Eltima Software
2009-09-24 06:50 . 2009-07-15 07:16 -------- d-----w- c:\program files\SeekService
2009-09-23 16:23 . 2009-01-07 16:49 -------- d-----w- c:\documents and settings\Avie\Application Data\Any Video Converter
2009-09-23 08:28 . 2009-07-15 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-09-09 15:20 . 2008-06-24 01:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 15:06 . 2008-04-06 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 07:13 . 2008-01-19 02:34 -------- d-----w- c:\program files\Google
2009-09-02 06:01 . 2008-08-05 23:16 -------- d-----w- c:\program files\Notepad++
2009-09-02 06:01 . 2008-08-05 23:16 -------- d-----w- c:\documents and settings\Avie\Application Data\Notepad++
2009-09-02 06:01 . 2009-03-02 00:34 -------- d-----w- c:\program files\jHeidi
2009-08-30 09:56 . 2009-08-30 09:44 -------- d-----w- c:\program files\Farm Frenzy
2009-08-30 09:43 . 2009-08-30 09:43 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-21 09:42 . 2009-08-13 08:11 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-21 09:34 . 2009-04-03 12:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-20 14:43 . 2009-08-20 14:43 70656 ----a-w- c:\windows\system32\drivers\qmcepuftyyuecwxv.sys
2009-08-13 09:06 . 2008-04-06 10:07 -------- d-----w- c:\program files\Winamp
2009-08-13 07:41 . 2009-03-05 06:05 -------- d-----w- c:\program files\Orbitdownloader
2009-08-10 18:39 . 2009-08-10 10:21 -------- d-----w- c:\program files\NCH Software
2009-08-10 10:29 . 2009-03-05 06:05 -------- d-----w- c:\documents and settings\Avie\Application Data\Orbit
2009-08-10 10:22 . 2009-08-10 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-08-10 10:21 . 2009-08-10 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-10 10:21 . 2009-08-10 10:21 -------- d-----w- c:\documents and settings\Avie\Application Data\NCH Swift Sound
2009-08-10 10:14 . 2009-08-10 10:13 5 ----a-w- c:\windows\system32\SySatm.dat
2009-08-10 10:12 . 2009-08-10 10:08 -------- d-----w- c:\program files\AimOne_AlltoMP3
2009-08-10 10:12 . 2009-08-10 10:12 -------- d-----w- c:\program files\Crystal Software
2009-08-10 05:51 . 2008-04-06 09:53 123240 ----a-w- c:\documents and settings\Avie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 08:01 . 2008-12-04 06:53 -------- d-----w- c:\documents and settings\Avie\Application Data\mIRC
2009-08-07 07:20 . 2008-12-04 06:53 -------- d-----w- c:\program files\mIRC
2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 12:29 . 2008-04-06 09:53 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-07-25 12:29 . 2008-04-06 09:53 88 --sh--r- c:\documents and settings\All Users\Application Data\D01097A1C9.sys
2009-07-19 08:41 . 2008-01-19 19:05 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-07-19 06:32 . 2008-04-13 02:52 40 ----a-w- c:\windows\RSoftInfo.dat
2009-07-18 10:46 . 2009-07-18 10:46 4 --sh--r- c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2009-07-17 19:01 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:53 . 2009-05-07 04:09 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-16 10:45 . 2009-07-16 10:45 0 ----a-w- c:\windows\PowerReg.dat
2009-07-13 19:43 . 2004-08-04 04:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:36 . 2009-01-17 23:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 09:36 . 2009-01-17 23:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-08-18 04:59 . 2008-05-01 02:32 28160 ----a-w- c:\program files\UnFREEz.exe
2009-03-18 13:29 . 2009-03-18 13:29 132 --sha-r- c:\windows\Regbak.dat
.

------- Sigcheck -------

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 111104 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 58880 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . A3CA636B0E52751D4E6FD7237B20A873 . 1033216 . . [6.00.2900.5512] . . c:\windows\mod\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 9784E0719124E4A23989AEF9E7CA02D6 . 975360 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08AXLRD_25878656"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Avie\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rGMHN"= {0837049D-A29D-AE37-A429-02CA4DB18520} - c:\windows\system32\usw.dll [2008-04-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Premier Health Partners PHP VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Premier Health Partners PHP VPN Client.lnk
backup=c:\windows\pss\Premier Health Partners PHP VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^Multiply AutoUploader.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
backup=c:\windows\pss\Multiply AutoUploader.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L08AXLRD_262921"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
"TransBar"=c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s
"ChikkaDefault"=c:\progra~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\JetBrains\\IntelliJ IDEA 8.0.1\\bin\\idea.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 1.2\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 1.2\\jre\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\mod\\Explorer2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:PHP VPN
"10000:TCP"= 10000:TCP:PHP VPN
"4500:UDP"= 4500:UDP:PHP VPN
"14207:TCP"= 14207:TCP:BitCometLite 14207 TCP
"14207:UDP"= 14207:UDP:BitCometLite 14207 UDP

R2 HopperP;WiFi Hopper;c:\windows\system32\drivers\hopperp.sys [3/15/2006 12:31 AM 21376]
R2 SeekService Service;SeekService Service;c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [9/23/2009 12:28 PM 54784]
S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [6/14/2008 9:02 PM 17408]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 8:56 AM 17408]
S3 gupdate1c95c4184f44380;Google Update Service (gupdate1c95c4184f44380);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 2:08 PM 133104]
S3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 7:35 PM 50704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-19 08:58]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 14:54]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 14:54]

2009-10-03 c:\windows\Tasks\User_Feed_Synchronization-{DDCA4945-A534-4983-B74D-550F5CD343EC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.geekpolice.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\documents and settings\Avie\Desktop\New folder\IEGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download FLV video content with IDM - c:\documents and settings\Avie\Desktop\New folder\IEGetVL.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download with IDM - c:\documents and settings\Avie\Desktop\New folder\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Avie\Application Data\Mozilla\Firefox\Profiles\9q3x8dwv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geekpolice.net
FF - component: c:\documents and settings\Avie\Application Data\Mozilla\Firefox\Profiles\9q3x8dwv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Avie\Application Data\Mozilla\Firefox\Profiles\9q3x8dwv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Avie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-tdlserv.sys
AddRemove-HijackThis - c:\documents and settings\Avie\My Documents\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-261478967-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10951b60-869b-4ad9-a5e7-895f9565e991}]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,46,da,ab,31,ee,16,41,8b,df,46,a8,99,6f,b4,b1,19,8e,83,6a,c7,
41,1f,21,32,cf,58,6c,d2,14,12,4b,ad,d9,cd,a9,ea,9b,79,f3,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):22,7f,79,42,c7,33,dd,8e,41,be,f5,96,75,42,3e,a8,05,07,0e,68,e6,
90,f5,12,8c,6d,45,90,f6,82,5d,6a,9c,bd,1f,64,37,3c,f9,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c6bd3847-33fb-4d8d-9479-2f2675216ede}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008a
"Therad"=dword:00000015

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1464)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'lsass.exe'(1568)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\WININET.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\program files\SeekService\seekservice.dll
c:\program files\Windows Media Player\wmpband.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\COMMON~1\stardock\SDMCP.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\SeekService\seekservice.exe
.
**************************************************************************
.
Completion time: 2009-10-04 13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 09:49

Pre-Run: 3,365,261,312 bytes free
Post-Run: 3,386,748,928 bytes free

410 --- E O F --- 2009-10-04 08:55

Hi

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Folder::
   c:\program files\SeekService
   c:\documents and settings\All Users\Application Data\SeekService
   
   File::
   c:\windows\system32\drivers\qmcepuftyyuecwxv.sys
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

==

Please download SpiderKill and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

==

Please include the SpiderKill and ComboFix logs in your next reply.

ComboFix 09-10-03.01 - Avie 10/04/2009 23:57.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.689 [GMT 4:00]
Running from: c:\documents and settings\Avie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Avie\Desktop\CFScript.txt
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\qmcepuftyyuecwxv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SeekService
c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe
c:\documents and settings\Avie\Application Data\Microsoft\svchost.exe
c:\program files\SeekService
c:\program files\SeekService\seekservice.dll
c:\program files\SeekService\seekservice.exe
c:\program files\SeekService\uninstall.exe
c:\windows\system32\drivers\qmcepuftyyuecwxv.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 15:00 . 2009-10-04 15:00 -------- d-----w- c:\windows\LastGood
2009-10-04 12:10 . 2009-10-04 12:11 -------- d-----w- c:\program files\RocketDock
2009-10-04 09:54 . 2009-10-04 09:54 -------- d-sh--w- c:\documents and settings\Avie\IECompatCache
2009-09-26 06:58 . 2009-09-26 06:58 -------- d-----w- C:\0a42e74732b8ec784c2549
2009-09-26 06:54 . 2009-09-26 06:54 -------- d-----w- C:\105046ac981aabfb8a
2009-09-23 16:18 . 2009-09-23 19:10 -------- d-----w- c:\program files\Any Video Converter
2009-09-22 16:44 . 2009-09-25 09:01 -------- d-----w- c:\program files\Cool Music Converter
2009-09-21 18:34 . 2009-09-21 18:34 -------- d-----w- c:\documents and settings\Avie\Local Settings\Application Data\Yahoo!
2009-09-14 09:58 . 2009-09-14 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-14 09:58 . 2009-09-14 09:58 -------- d-----w- c:\program files\NOS
2009-09-09 06:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 13:30 . 2008-06-12 02:13 -------- d-----w- c:\documents and settings\Avie\Application Data\gtk-2.0
2009-10-04 12:02 . 2008-01-20 04:08 -------- d-----w- c:\program files\CACE Technologies
2009-10-04 09:55 . 2009-03-05 06:05 -------- d-----w- c:\program files\Orbitdownloader
2009-10-02 20:01 . 2008-01-19 03:47 -------- d-----w- c:\program files\Java
2009-10-02 19:44 . 2009-01-23 19:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 09:24 . 2009-01-07 09:38 -------- d-----w- c:\documents and settings\Avie\Application Data\uTorrent
2009-09-30 15:20 . 2009-06-25 18:23 -------- d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2009-09-29 09:44 . 2009-02-13 17:21 -------- d-----w- c:\documents and settings\Avie\Application Data\Eltima Software
2009-09-23 16:23 . 2009-01-07 16:49 -------- d-----w- c:\documents and settings\Avie\Application Data\Any Video Converter
2009-09-09 15:20 . 2008-06-24 01:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 15:06 . 2008-04-06 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 07:13 . 2008-01-19 02:34 -------- d-----w- c:\program files\Google
2009-09-02 06:01 . 2008-08-05 23:16 -------- d-----w- c:\program files\Notepad++
2009-09-02 06:01 . 2008-08-05 23:16 -------- d-----w- c:\documents and settings\Avie\Application Data\Notepad++
2009-09-02 06:01 . 2009-03-02 00:34 -------- d-----w- c:\program files\jHeidi
2009-08-30 09:56 . 2009-08-30 09:44 -------- d-----w- c:\program files\Farm Frenzy
2009-08-30 09:43 . 2009-08-30 09:43 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-21 09:42 . 2009-08-13 08:11 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-21 09:34 . 2009-04-03 12:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-13 09:06 . 2008-04-06 10:07 -------- d-----w- c:\program files\Winamp
2009-08-10 18:39 . 2009-08-10 10:21 -------- d-----w- c:\program files\NCH Software
2009-08-10 10:29 . 2009-03-05 06:05 -------- d-----w- c:\documents and settings\Avie\Application Data\Orbit
2009-08-10 10:22 . 2009-08-10 10:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-08-10 10:21 . 2009-08-10 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-10 10:21 . 2009-08-10 10:21 -------- d-----w- c:\documents and settings\Avie\Application Data\NCH Swift Sound
2009-08-10 10:14 . 2009-08-10 10:13 5 ----a-w- c:\windows\system32\SySatm.dat
2009-08-10 10:12 . 2009-08-10 10:08 -------- d-----w- c:\program files\AimOne_AlltoMP3
2009-08-10 10:12 . 2009-08-10 10:12 -------- d-----w- c:\program files\Crystal Software
2009-08-10 05:51 . 2008-04-06 09:53 123240 ----a-w- c:\documents and settings\Avie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 08:01 . 2008-12-04 06:53 -------- d-----w- c:\documents and settings\Avie\Application Data\mIRC
2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 12:29 . 2008-04-06 09:53 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-07-25 12:29 . 2008-04-06 09:53 88 --sh--r- c:\documents and settings\All Users\Application Data\D01097A1C9.sys
2009-07-19 08:41 . 2008-01-19 19:05 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-07-19 06:32 . 2008-04-13 02:52 40 ----a-w- c:\windows\RSoftInfo.dat
2009-07-18 10:46 . 2009-07-18 10:46 4 --sh--r- c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2009-07-17 19:01 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:53 . 2009-05-07 04:09 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-16 10:45 . 2009-07-16 10:45 0 ----a-w- c:\windows\PowerReg.dat
2009-07-13 19:43 . 2004-08-04 04:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:36 . 2009-01-17 23:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 09:36 . 2009-01-17 23:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-08-18 04:59 . 2008-05-01 02:32 28160 ----a-w- c:\program files\UnFREEz.exe
2009-03-18 13:29 . 2009-03-18 13:29 132 --sha-r- c:\windows\Regbak.dat
.

------- Sigcheck -------

[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 111104 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 58880 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L08AXLRD_25878656"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Avie\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rGMHN"= {0837049D-A29D-AE37-A429-02CA4DB18520} - c:\windows\system32\usw.dll [2008-04-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Premier Health Partners PHP VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Premier Health Partners PHP VPN Client.lnk
backup=c:\windows\pss\Premier Health Partners PHP VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^Multiply AutoUploader.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
backup=c:\windows\pss\Multiply AutoUploader.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Avie^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=c:\documents and settings\Avie\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L08AXLRD_262921"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
"TransBar"=c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s
"ChikkaDefault"=c:\progra~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\JetBrains\\IntelliJ IDEA 8.0.1\\bin\\idea.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 1.2\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio 1.2\\jre\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\mod\\Explorer2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:PHP VPN
"10000:TCP"= 10000:TCP:PHP VPN
"4500:UDP"= 4500:UDP:PHP VPN
"14207:TCP"= 14207:TCP:BitCometLite 14207 TCP
"14207:UDP"= 14207:UDP:BitCometLite 14207 UDP

R2 HopperP;WiFi Hopper;c:\windows\system32\drivers\hopperp.sys [3/15/2006 12:31 AM 21376]
S2 SeekService Service;SeekService Service;"c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe" "c:\program files\SeekService\seekservice.dll" Service --> c:\documents and settings\All Users\Application Data\SeekService\seekservice129.exe [?]
S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [6/14/2008 9:02 PM 17408]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 8:56 AM 17408]
S3 gupdate1c95c4184f44380;Google Update Service (gupdate1c95c4184f44380);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 2:08 PM 133104]
S3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 7:35 PM 50704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-19 08:58]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 14:54]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 14:54]

2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{DDCA4945-A534-4983-B74D-550F5CD343EC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.geekpolice.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\documents and settings\Avie\Desktop\New folder\IEGetAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download FLV video content with IDM - c:\documents and settings\Avie\Desktop\New folder\IEGetVL.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Download with IDM - c:\documents and settings\Avie\Desktop\New folder\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Avie\Application Data\Mozilla\Firefox\Profiles\9q3x8dwv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geekpolice.net
FF - component: c:\documents and settings\Avie\Application Data\Mozilla\Firefox\Profiles\9q3x8dwv.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Avie\Application Data\Mozilla\Firefox\Profiles\9q3x8dwv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Avie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-SeekService - c:\program files\SeekService\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-261478967-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10951b60-869b-4ad9-a5e7-895f9565e991}]
@Denied: (Full) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,46,da,ab,31,ee,16,41,8b,df,46,a8,99,6f,b4,b1,19,8e,83,6a,c7,
41,1f,21,32,cf,58,6c,d2,14,12,4b,ad,d9,cd,a9,ea,9b,79,f3,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):22,7f,79,42,c7,33,dd,8e,41,be,f5,96,75,42,3e,a8,05,07,0e,68,e6,
90,f5,12,8c,6d,45,90,f6,82,5d,6a,9c,bd,1f,64,37,3c,f9,df,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c6bd3847-33fb-4d8d-9479-2f2675216ede}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008a
"Therad"=dword:00000015

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1464)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'lsass.exe'(1568)
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-04 0:15
ComboFix-quarantined-files.txt 2009-10-04 20:14
ComboFix2.txt 2009-10-04 09:49

Pre-Run: 3,810,947,072 bytes free
Post-Run: 3,773,075,456 bytes free

318 --- E O F --- 2009-10-04 15:00

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 0837-049C

Directory of C:\Windows\System32\Drivers

10/05/2009 12:10 AM .
10/05/2009 12:10 AM ..
04/13/2008 10:46 PM 53,376 1394bus.sys
04/13/2008 10:36 PM 187,776 acpi.sys
08/23/2001 04:00 PM 11,648 acpiec.sys
04/14/2008 04:11 AM 4,255 adv01nt5.dll
04/14/2008 04:11 AM 3,967 adv02nt5.dll
04/14/2008 04:11 AM 3,615 adv05nt5.dll
04/14/2008 04:11 AM 3,647 adv07nt5.dll
04/14/2008 04:11 AM 3,135 adv08nt5.dll
04/14/2008 04:11 AM 3,711 adv09nt5.dll
04/14/2008 04:11 AM 3,775 adv11nt5.dll
04/13/2008 08:39 PM 142,592 aec.sys
08/14/2008 02:04 PM 138,496 afd.sys
10/08/2004 05:16 AM 35,840 AFS2K.SYS
04/13/2008 10:36 PM 42,368 agp440.sys
04/13/2008 10:36 PM 44,928 agpcpq.sys
04/13/2008 10:36 PM 42,752 alim1541.sys
04/13/2008 10:36 PM 43,008 amdagp.sys
04/13/2008 10:31 PM 37,376 amdk6.sys
04/13/2008 10:31 PM 37,760 amdk7.sys
04/13/2008 10:51 PM 60,800 arp1394.sys
04/13/2008 10:57 PM 14,336 asyncmac.sys
04/13/2008 10:40 PM 96,512 atapi.sys
08/04/2004 07:29 AM 56,623 ati1btxx.sys
08/04/2004 07:29 AM 11,615 ati1mdxx.sys
08/04/2004 07:29 AM 12,047 ati1pdxx.sys
08/04/2004 07:29 AM 30,671 ati1raxx.sys
08/04/2004 07:29 AM 63,663 ati1rvxx.sys
08/04/2004 07:29 AM 26,367 ati1snxx.sys
08/04/2004 07:29 AM 21,343 ati1ttxx.sys
08/04/2004 07:29 AM 36,463 ati1tuxx.sys
08/04/2004 07:29 AM 29,455 ati1xbxx.sys
08/04/2004 07:29 AM 34,735 ati1xsxx.sys
08/04/2004 07:29 AM 327,040 ati2mtaa.sys
08/04/2004 07:29 AM 701,440 ati2mtag.sys
08/04/2004 07:29 AM 57,856 atinbtxx.sys
08/04/2004 07:29 AM 13,824 atinmdxx.sys
08/04/2004 07:29 AM 14,336 atinpdxx.sys
08/04/2004 07:29 AM 52,224 atinraxx.sys
08/04/2004 07:29 AM 104,960 atinrvxx.sys
08/04/2004 07:29 AM 28,672 atinsnxx.sys
08/04/2004 07:29 AM 13,824 atinttxx.sys
08/04/2004 07:29 AM 73,216 atintuxx.sys
08/04/2004 07:29 AM 31,744 atinxbxx.sys
08/04/2004 07:29 AM 63,488 atinxsxx.sys
07/17/2004 08:36 PM 64,352 ativmc20.cod
04/13/2008 10:51 PM 59,904 atmarpc.sys
08/23/2001 04:00 PM 31,360 atmepvc.sys
04/13/2008 10:51 PM 55,808 atmlane.sys
08/23/2001 04:00 PM 352,256 atmuni.sys
04/14/2008 04:11 AM 21,183 atv01nt5.dll
04/14/2008 04:11 AM 11,359 atv02nt5.dll
04/14/2008 04:11 AM 25,471 atv04nt5.dll
04/14/2008 04:11 AM 14,143 atv06nt5.dll
04/14/2008 04:11 AM 17,279 atv10nt5.dll
08/17/2001 05:59 PM 3,072 audstub.sys
04/13/2008 10:36 PM 14,208 battc.sys
08/05/2005 08:32 PM 45,312 bcm4sbxp.sys
08/23/2001 04:00 PM 4,224 beep.sys
04/13/2008 10:53 PM 71,552 bridge.sys
04/13/2008 10:46 PM 17,024 bthenum.sys
04/13/2008 10:46 PM 37,888 bthmodem.sys
04/13/2008 10:51 PM 101,120 bthpan.sys
06/13/2008 03:05 PM 272,128 bthport.sys
04/13/2008 10:46 PM 36,480 bthprint.sys
04/13/2008 10:46 PM 18,944 bthusb.sys
08/23/2001 04:00 PM 13,952 cbidf2k.sys
04/13/2008 01:46 PM 17,024 CCDECODE.sys
08/23/2001 04:00 PM 18,688 cdaudio.sys
04/13/2008 11:14 PM 63,744 cdfs.sys
03/08/2007 03:51 AM 9,336 cdr4_xp.sys
03/08/2007 03:51 AM 9,464 cdralw2k.sys
04/13/2008 10:40 PM 62,976 cdrom.sys
04/14/2008 04:11 AM 15,423 ch7xxnt5.dll
08/23/2001 04:00 PM 262,528 cinemst2.sys
04/13/2008 11:16 PM 49,536 classpnp.sys
04/13/2008 10:36 PM 13,952 cmbatt.sys
04/13/2008 10:36 PM 10,240 compbatt.sys
08/23/2001 04:00 PM 11,776 cpqdap01.sys
04/13/2008 10:31 PM 36,736 crusoe.sys
05/01/2003 10:26 PM 5,220 CVirtA.sys
10/18/2003 01:42 AM 268,360 CVPNDRVA.sys
07/18/2004 07:55 AM 129,045 cxthsfs2.cty
12/01/2005 08:39 AM 141,497 del1028.cty
01/17/2008 11:26 AM disdn
04/13/2008 10:40 PM 36,352 disk.sys
04/13/2008 10:40 PM 14,208 diskdump.sys
04/13/2008 10:44 PM 799,744 dmboot.sys
04/13/2008 10:44 PM 153,344 dmio.sys
08/23/2001 04:00 PM 5,888 dmload.sys
04/13/2008 10:45 PM 52,864 dmusic.sys
07/25/2003 04:55 AM 139,604 dne2000.sys
04/13/2008 10:45 PM 60,160 drmk.sys
04/13/2008 10:45 PM 2,944 drmkaud.sys
08/23/2001 04:00 PM 10,496 dxapi.sys
04/13/2008 10:38 PM 71,168 dxg.sys
08/23/2001 04:00 PM 3,328 dxgthk.sys
08/17/2001 05:46 PM 6,400 enum1394.sys
10/04/2009 01:40 PM etc
04/13/2008 11:14 PM 143,744 fastfat.sys
04/13/2008 10:40 PM 27,392 fdc.sys
04/13/2008 10:33 PM 44,544 fips.sys
04/13/2008 10:40 PM 20,480 flpydisk.sys
04/13/2008 10:32 PM 129,792 fltmgr.sys
08/23/2001 04:00 PM 12,160 fsvga.sys
08/23/2001 04:00 PM 7,936 fs_rec.sys
08/23/2001 04:00 PM 125,056 ftdisk.sys
04/13/2008 10:36 PM 46,464 gagp30kx.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
08/23/2001 04:00 PM 3,440,660 gm.dls
08/23/2001 04:00 PM 646 gmreadme.txt
04/13/2008 08:36 PM 144,384 hdaudbus.sys
01/08/2005 02:07 AM 145,920 Hdaudio.sys
04/13/2008 10:46 PM 25,600 hidbth.sys
04/13/2008 10:45 PM 36,864 hidclass.sys
04/13/2008 10:45 PM 19,200 hidir.sys
04/13/2008 10:45 PM 24,960 hidparse.sys
04/13/2008 07:11 PM 21,504 hidserv.dll
04/13/2008 10:45 PM 10,368 hidusb.sys
03/15/2006 12:31 AM 21,376 hopperp.sys
12/14/2004 08:07 PM 51,120 HPZid412.sys
12/14/2004 08:07 PM 16,496 HPZipr12.sys
12/14/2004 08:07 PM 21,744 HPZius12.sys
08/04/2004 07:41 AM 220,032 hsfbs2s2.sys
08/04/2004 07:41 AM 685,056 hsfcxts2.sys
08/04/2004 07:41 AM 1,041,536 hsfdpsp2.sys
12/01/2005 10:40 AM 192,512 HSXHWAZL.sys
12/01/2005 10:40 AM 669,696 HSX_CNXT.sys
12/01/2005 10:40 AM 936,960 HSX_DPV.sys
04/13/2008 10:53 PM 264,832 http.sys
04/13/2008 11:18 PM 52,480 i8042prt.sys
03/31/2007 06:34 AM 5,704,672 igxpmp32.sys
04/13/2008 10:40 PM 42,112 imapi.sys
04/13/2008 10:31 PM 36,352 intelppm.sys
04/13/2008 10:53 PM 36,608 ip6fw.sys
08/23/2001 04:00 PM 32,896 ipfltdrv.sys
04/13/2008 10:57 PM 20,864 ipinip.sys
04/13/2008 10:57 PM 152,832 ipnat.sys
04/13/2008 11:19 PM 75,264 ipsec.sys
04/13/2008 10:45 PM 46,592 irbus.sys
04/13/2008 10:54 PM 11,264 irenum.sys
04/13/2008 10:36 PM 37,248 isapnp.sys
04/13/2008 10:39 PM 24,576 kbdclass.sys
04/13/2008 10:45 PM 172,416 kmixer.sys
04/13/2008 11:16 PM 141,056 ks.sys
06/24/2009 03:18 PM 92,928 ksecdd.sys
07/13/2009 01:36 PM 19,096 mbam.sys
07/13/2009 01:36 PM 38,160 mbamswissarmy.sys
08/23/2001 04:00 PM 7,680 mcd.sys
10/05/2005 08:57 AM 12,544 mdmxsdk.sys
04/13/2008 10:36 PM 63,744 mf.sys
08/23/2001 04:00 PM 4,224 mnmdd.sys
04/13/2008 11:00 PM 30,080 modem.sys
04/13/2008 10:39 PM 23,040 mouclass.sys
08/17/2001 10:48 PM 12,160 mouhid.sys
04/13/2008 10:39 PM 42,368 mountmgr.sys
04/13/2008 10:39 PM 92,544 mqac.sys
04/13/2008 10:32 PM 180,608 mrxdav.sys
10/24/2008 03:21 PM 455,296 mrxsmb.sys
04/13/2008 10:32 PM 19,072 msfs.sys
04/13/2008 10:56 PM 35,072 msgpc.sys
04/13/2008 10:39 PM 7,552 mskssrv.sys
04/13/2008 10:39 PM 5,376 mspclock.sys
04/13/2008 10:39 PM 4,992 mspqm.sys
04/13/2008 10:36 PM 15,488 mssmbios.sys
04/13/2008 01:39 PM 5,504 MSTEE.sys
08/04/2004 07:41 AM 126,686 mtlmnt5.sys
08/04/2004 07:41 AM 1,309,184 mtlstrm.sys
08/04/2004 07:29 AM 452,736 mtxparhm.sys
04/13/2008 11:17 PM 105,344 mup.sys
04/13/2008 10:43 PM 12,672 mutohpen.sys
04/13/2008 01:46 PM 85,248 NABTSFEC.sys
09/29/2003 04:10 PM 83,008 naiavf5x.sys
04/13/2008 11:20 PM 182,656 ndis.sys
04/13/2008 01:46 PM 10,880 NdisIP.sys
04/13/2008 10:57 PM 10,112 ndistapi.sys
04/13/2008 10:55 PM 14,592 ndisuio.sys
04/13/2008 11:20 PM 91,520 ndiswan.sys
04/13/2008 10:57 PM 40,576 ndproxy.sys
04/13/2008 10:56 PM 34,688 netbios.sys
04/13/2008 11:21 PM 162,816 netbt.sys
11/15/2006 08:48 AM 1,711,488 NETw3x32.sys
07/17/2004 08:35 PM 67,866 netwlan5.img
04/13/2008 10:51 PM 61,824 nic1394.sys
08/23/2001 04:00 PM 12,032 nikedrv.sys
04/13/2008 10:53 PM 40,320 nmnt.sys
12/23/2008 07:35 PM 50,704 npf.sys
04/13/2008 10:32 PM 30,848 npfs.sys
04/13/2008 11:15 PM 574,976 ntfs.sys
08/04/2004 07:41 AM 180,360 ntmtlfax.sys
05/09/2009 01:14 AM 14,736 nuidfltr.sys
08/23/2001 04:00 PM 2,944 null.sys
08/04/2004 07:29 AM 1,897,408 nv4_mini.sys
08/23/2001 04:00 PM 12,416 nwlnkflt.sys
08/23/2001 04:00 PM 32,512 nwlnkfwd.sys
04/13/2008 10:56 PM 88,320 nwlnkipx.sys
08/23/2001 04:00 PM 63,232 nwlnknb.sys
08/23/2001 04:00 PM 55,936 nwlnkspx.sys
04/13/2008 10:34 PM 163,584 nwrdr.sys
04/13/2008 10:46 PM 61,696 ohci1394.sys
08/23/2001 04:00 PM 3,456 oprghdlr.sys
04/13/2008 10:31 PM 42,752 p3.sys
04/13/2008 10:40 PM 80,128 parport.sys
04/13/2008 10:40 PM 19,712 partmgr.sys
08/23/2001 04:00 PM 6,784 parvdm.sys
04/13/2008 10:36 PM 68,224 pci.sys
08/17/2001 10:51 PM 3,328 pciide.sys
04/13/2008 10:40 PM 24,960 pciidex.sys
04/13/2008 10:36 PM 120,192 pcmcia.sys
04/13/2008 11:19 PM 146,048 portcls.sys
04/13/2008 10:31 PM 35,840 processr.sys
04/13/2008 10:56 PM 69,120 psched.sys
08/23/2001 04:00 PM 17,792 ptilink.sys
03/08/2007 03:51 AM 43,528 PxHelp20.sys
08/23/2001 04:00 PM 8,832 rasacd.sys
04/13/2008 11:19 PM 51,328 rasl2tp.sys
04/13/2008 10:57 PM 41,472 raspppoe.sys
04/13/2008 11:19 PM 48,384 raspptp.sys
08/23/2001 04:00 PM 16,512 raspti.sys
08/23/2001 04:00 PM 34,432 rawwan.sys
04/13/2008 11:28 PM 175,744 rdbss.sys
08/23/2001 04:00 PM 4,224 rdpcdd.sys
04/13/2008 10:32 PM 196,224 rdpdr.sys
04/14/2008 04:13 AM 139,656 rdpwd.sys
08/04/2004 07:41 AM 13,776 recagent.sys
04/13/2008 10:40 PM 57,600 redbook.sys
04/13/2008 10:46 PM 59,136 rfcomm.sys
08/23/2001 04:00 PM 12,032 rio8drv.sys
08/23/2001 04:00 PM 12,032 riodrv.sys
05/08/2008 06:02 PM 203,136 rmcast.sys
04/13/2008 10:56 PM 30,592 rndismp.sys
04/13/2008 10:56 PM 30,592 rndismpx.sys
08/23/2001 04:00 PM 5,888 rootmdm.sys
08/04/2004 07:29 AM 166,912 s3gnbm.sys
04/13/2008 10:40 PM 96,384 scsiport.sys
04/13/2008 10:36 PM 79,232 sdbus.sys
11/13/2007 02:25 PM 20,480 secdrv.sys
04/13/2008 10:40 PM 15,744 serenum.sys
04/13/2008 11:15 PM 64,512 serial.sys
04/13/2008 10:40 PM 11,904 sffdisk.sys
04/13/2008 10:40 PM 10,240 sffp_mmc.sys
04/13/2008 10:40 PM 11,008 sffp_sd.sys
04/13/2008 10:40 PM 11,392 sfloppy.sys
04/14/2008 04:12 AM 3,901 siint5.dll
04/13/2008 10:36 PM 40,960 sisagp.sys
04/13/2008 01:46 PM 11,136 SLIP.sys
08/04/2004 07:41 AM 129,535 slnt7554.sys
08/04/2004 07:41 AM 404,990 slntamr.sys
08/04/2004 07:41 AM 95,424 slnthal.sys
08/04/2004 07:41 AM 13,240 slwdmsup.sys
04/13/2008 10:36 PM 5,888 smbali.sys
08/23/2001 04:00 PM 14,592 smclib.sys
04/13/2008 10:46 PM 25,344 sonydcam.sys
04/13/2008 10:45 PM 6,272 splitter.sys
04/13/2008 10:36 PM 73,472 sr.sys
12/11/2008 02:57 PM 333,952 srv.sys
05/10/2007 07:24 PM 1,222,840 sthda.sys
04/13/2008 10:45 PM 49,408 stream.sys
04/13/2008 01:46 PM 15,232 StreamIP.sys
04/13/2008 10:39 PM 4,352 swenum.sys
04/13/2008 10:45 PM 56,576 swmidi.sys
04/13/2008 11:15 PM 60,800 sysaudio.sys
04/13/2008 10:40 PM 14,976 tape.sys
06/20/2008 03:51 PM 361,600 tcpip.sys
06/20/2008 03:08 PM 225,856 tcpip6.sys
04/13/2008 11:00 PM 19,072 tdi.sys
04/14/2008 04:13 AM 12,040 tdpipe.sys
04/14/2008 04:13 AM 21,896 tdtcp.sys
04/14/2008 04:13 AM 40,840 termdd.sys
08/23/2001 04:00 PM 51,712 tosdvd.sys
07/19/2009 12:41 PM 217,664 truecrypt.sys
08/23/2001 04:00 PM 21,376 tsbvcap.sys
04/13/2008 10:56 PM 12,288 tunmp.sys
04/13/2008 10:36 PM 44,672 uagp35.sys
04/13/2008 10:32 PM 66,048 udfs.sys
01/08/2009 03:39 PM UMDF
04/13/2008 10:39 PM 384,768 update.sys
04/13/2008 10:56 PM 12,800 usb8023.sys
04/13/2008 10:56 PM 12,800 usb8023x.sys
04/13/2008 10:45 PM 25,600 usbcamd.sys
04/13/2008 10:45 PM 25,728 usbcamd2.sys
04/13/2008 10:45 PM 32,128 usbccgp.sys
08/23/2001 04:00 PM 4,736 usbd.sys
04/13/2008 10:45 PM 30,208 usbehci.sys
04/13/2008 10:45 PM 59,520 usbhub.sys
04/13/2008 10:45 PM 15,872 usbintel.sys
04/13/2008 10:45 PM 143,872 usbport.sys
04/13/2008 10:47 PM 25,856 usbprint.sys
04/13/2008 10:45 PM 15,104 usbscan.sys
04/13/2008 10:45 PM 26,368 usbstor.sys
04/13/2008 10:45 PM 20,608 usbuhci.sys
04/13/2008 10:46 PM 121,984 usbvideo.sys
04/14/2008 04:12 AM 11,325 vchnt5.dll
08/23/2001 04:00 PM 58,112 vdmindvd.sys
04/13/2008 10:44 PM 20,992 vga.sys
04/13/2008 10:36 PM 42,240 viaagp.sys
04/13/2008 10:44 PM 81,664 videoprt.sys
04/13/2008 10:41 PM 52,352 volsnap.sys
04/13/2008 10:43 PM 14,208 wacompen.sys
08/04/2004 07:29 AM 11,807 wadv07nt.sys
08/04/2004 07:29 AM 11,295 wadv08nt.sys
08/04/2004 07:29 AM 11,871 wadv09nt.sys
08/04/2004 07:29 AM 11,935 wadv11nt.sys
04/13/2008 10:57 PM 34,560 wanarp.sys
08/04/2004 07:29 AM 22,271 watv06nt.sys
08/04/2004 07:29 AM 25,471 watv10nt.sys
11/02/2006 07:22 AM 492,000 wdf01000.sys
11/02/2006 07:22 AM 32,224 wdfldr.sys
04/13/2008 11:17 PM 83,072 wdmaud.sys
08/23/2001 04:00 PM 4,352 wmilib.sys
10/19/2006 05:00 AM 38,528 wpdusb.sys
08/23/2001 04:00 PM 12,032 ws2ifsl.sys
04/13/2008 01:46 PM 19,200 WSTCODEC.SYS
09/29/2006 03:55 AM 77,568 WudfPf.sys
09/29/2006 04:00 AM 82,944 WudfRd.sys
311 File(s) 38,964,650 bytes

Directory of C:\Windows\System32\Drivers\disdn

01/17/2008 11:26 AM .
01/17/2008 11:26 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/04/2009 01:40 PM .
10/04/2009 01:40 PM ..
10/04/2009 01:40 PM 27 hosts
10/04/2009 01:40 PM 434 hosts.ics
08/23/2001 04:00 PM 3,683 lmhosts.sam
08/23/2001 04:00 PM 407 networks
08/23/2001 04:00 PM 799 protocol
08/23/2001 04:00 PM 7,116 services
6 File(s) 12,466 bytes

Directory of C:\Windows\System32\Drivers\UMDF

01/08/2009 03:39 PM .
01/08/2009 03:39 PM ..
10/19/2006 06:47 AM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
318 File(s) 39,648,348 bytes
11 Dir(s) 3,805,360,128 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 0837-049C

Directory of C:\Windows\System32\Drivers

07/06/2009 11:39 AM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
07/06/2009 11:39 AM 0 Msft_Kernel_NuidFltr_01005.Wdf
2 File(s) 0 bytes
0 Dir(s) 3,805,372,416 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 968 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 1300 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 1464 High C:\WINDOWS\system32\winlogon.exe
services.exe 1556 Normal C:\WINDOWS\system32\services.exe
lsass.exe 1568 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1788 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1944 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1992 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 2040 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 220 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 484 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 824 Normal C:\WINDOWS\system32\spoolsv.exe
AppleMobileDeviceService.exe 984 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 1012 Normal C:\Program Files\Bonjour\mDNSResponder.exe
crypserv.exe 1028 High C:\WINDOWS\system32\crypserv.exe
FrameworkService.exe 1192 Normal C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Mcshield.exe 1220 High C:\Program Files\Network Associates\VirusScan\Mcshield.exe
VsTskMgr.exe 1052 Normal C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
HPZipm12.exe 1316 Normal C:\WINDOWS\system32\HPZipm12.exe
naPrdMgr.exe 1332 Normal C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
PsiService_2.exe 1348 Normal c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
sqlwriter.exe 1412 Normal c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe 1436 Normal C:\WINDOWS\system32\svchost.exe
SDMCP.exe 1508 Normal C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
GoogleCrashHandler.exe 760 Normal C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
SHSTAT.EXE 1064 Normal C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
EDICT.EXE 2136 Normal C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
GoogleToolbarNotifier.exe 3396 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
sgmain.exe 2104 Normal C:\Program Files\SpywareGuard\sgmain.exe
sgbhp.exe 2740 Normal C:\Program Files\SpywareGuard\sgbhp.exe
alg.exe 1696 Normal C:\WINDOWS\System32\alg.exe
svchost.exe 3128 Normal C:\WINDOWS\System32\svchost.exe
ctfmon.exe 1896 Normal C:\WINDOWS\system32\ctfmon.exe
notepad.exe 2640 Normal C:\WINDOWS\system32\notepad.exe
explorer.exe 2384 Normal C:\WINDOWS\explorer.exe
NOTEPAD.EXE 3940 Normal C:\WINDOWS\system32\NOTEPAD.EXE
cmd.exe 1396 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 940 Normal C:\Documents and Settings\Avie\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'explorer.exe'(2384)
MODULE BASE SIZE PATH
explorer.exe 1000000 1044480 C:\WINDOWS\explorer.exe 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 716800 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5512 (xpsp.080413-2111) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5512 (xpsp.080413-2113) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
AcSignIcon.dll 60560000 208896 C:\WINDOWS\system32\AcSignIcon.dll 17.0.54.0 AcSignIcon Module
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1100000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
wmpband.dll 13420000 106496 C:\Program Files\Windows Media Player\wmpband.dll 11.0.5721.5145 (WMP_11.061018-2006) Windows Media Player Deskband
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
MCPCore.dll 10000000 90112 C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll 0, 0, 5, 4 Stardock MCP API Dll
AcSignCore16.dll 60610000 397312 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll 17.0.54.110 AcSignCore Module
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 3e1c0000 11083776 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812 (longhorn_ie8_gdr.090717-2100) Internet Explorer
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
msvcp60.dll 76080000 413696 C:\WINDOWS\System32\msvcp60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
webcheck.dll 1bd0000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
ICMP.dll 74290000 16384 C:\WINDOWS\system32\ICMP.dll 5.1.2600.5512 (xpsp.080413-0852) ICMP DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
MSNLNamespaceMgr.dll 2430000 315392 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500) Windows Search Namespace Manager
spywareguard.dll 22200000 126976 C:\Program Files\SpywareGuard\spywareguard.dll 2.02 SpywareGuard Protection
MSVBVM60.DLL 73420000 1388544 C:\WINDOWS\system32\MSVBVM60.DLL 6.00.9802 Visual Basic Virtual Machine
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
DWFShellExtension.dll 2660000 1818624 C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll 1.1.0.278 Autodesk DWF ShellExtension Module
MSVCP71.dll 7c3a0000 503808 C:\Program Files\Common Files\Autodesk shared\dwf common\MSVCP71.dll 7.10.3077.0 Microsoft C++ Runtime Library
MSVCR71.dll 7c340000 352256 C:\Program Files\Common Files\Autodesk shared\dwf common\MSVCR71.dll 7.10.3052.4 Microsoft C Runtime Library
shext.dll 3400000 1081344 C:\Program Files\Network Associates\VirusScan\shext.dll 7.1.0.187 Shell Extension
ShExtRes.dll 1b80000 12288 C:\Program Files\Network Associates\VirusScan\Res09\ShExtRes.dll 7.1.0.187 English(09) Shell Extension Resources
mbamext.dll 2500000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
rarext.dll 2520000 188416 C:\Program Files\WinRAR\rarext.dll
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
dlprotect.dll 11000000 192512 C:\Program Files\SpywareGuard\dlprotect.dll 2.02 SpywareGuard Download Protection
SDHelper.dll 3c10000 1925120 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 1, 6, 2, 14 SBSD IE Protection
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
faultrep.dll 69450000 90112 C:\WINDOWS\system32\faultrep.dll 5.1.2600.5512 (xpsp.080413-2108) Windows Error Reporting
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.5512 5.1.2600.5512
jsproxy.dll 42b80000 36864 C:\WINDOWS\system32\jsproxy.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Jscript Proxy Auto-Configuration
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
msohevi.dll 6bd10000 65536 C:\Program Files\Microsoft Office\Office12\msohevi.dll 12.0.4518.1014 2007 Microsoft Office component
MSVCR80.dll 4340000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft C Runtime Library
ShellXP.dll 66270000 249856 c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll 14.0.0.567 Windows XP Shell Extension
FileInfoProvider.dll 65750000 606208 c:\Program Files\Common Files\Corel\Shared\Shell Extension\FileInfoProvider.dll 14.0.0.567 Windows XP Shell Extension
gdiplus.dll 4ec50000 1728512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416) Microsoft GDI+
PDFShell.dll 44a0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
wzcdlg.dll 5df10000 393216 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service UI
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL



******************************************
EOF



____________________________________________________________________

did you made that SpiderKill setup? coz it has your name on it ^^

............................................................................................

THIS SIGNATURE IS BY::: AGENT COSMIC ----------QUOTE BY:::TECHY

Hi

I sure did make SpiderKill.

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.41
Database version: 2908
Windows 5.1.2600 Service Pack 3

10/5/2009 4:25:39 PM
mbam-log-2009-10-05 (16-25-39).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 359186
Time elapsed: 3 hour(s), 32 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{91748A0D-C5C0-4011-AF7E-FD7BF53AC7BD}\RP75\A0012520.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91748A0D-C5C0-4011-AF7E-FD7BF53AC7BD}\RP77\A0014207.sys (Worm.Agent) -> Quarantined and deleted successfully.

Hi

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==

Please include the Security Check log in your next reply. Also, please tell me how your computer is running.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
SpywareGuard v2.2
Spybot - Search & Destroy
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 2
Java(TM) SE Development Kit 6 Update 11
Java DB 10.4.1.3
Adobe Flash Player 10
Adobe Reader 9.1.3
Japanese Fonts Support For Adobe Reader 9
``````````````````````````````
Process Check:
objlist.exe by Laurent
Network Associates VirusScan Mcshield.exe
Network Associates VirusScan VsTskMgr.exe
Network Associates VirusScan SHSTAT.EXE
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````




____________________________________________________________

I think my pc is rather ok now than before. it used to lag and the screen freezes but now, it doesn't. But i still receive this error box every time i start up pm pc. it pops-up just before i click on my account.

this is the error box.

[img][/img]

Hi

Please re-open HijackThis and scan. Check the box next to this entry:

O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-M2BMT.exe" /REG

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer.

Then, please let me know if this error message is giving you any more problems.

i tried what you instructed above. but then the error box is still there.
and i tried running HJT and did a system scan, and then i checked the one you indicated, and then i clicked fix, and then clicked OK. and then i closed HJT. i did a scan again and the same checkbox is there. it's still there. T_T does that mean. it'll stay there and pop-up every startup? i can handle that i think as long as the pop-up is not connected to something XD

Hi

Please go to Start > All Programs > Accessories > System Tools > System Restore and Create A System Restore Point. Call it anything you can remember.

Please delete this file and tell me what happens:

C:\WINDOWS\is-M2BMT.exe

but there's no executable file of that name in my WINDOW directory...

Hi

It is time to manually edit the Registry. Please do exactly as said, to avoid any damage. This is safe, as long as you do exactly as stated.

Please open Registry Editor by going to Start > Run > Type in regedit and hit Enter or press OK.

Using the ( + ) signs by clicking them, navigate to the following key:
+ HKEY_LOCAL_MACHINE
  + SOFTWARE
   + Microsoft
    + Windows
     + CurrentVersion
      + RunOnce

You should see in the status bar the following:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

On the right, you might see entries listed there. One of them will be an entry called {ab} Default -- < That one is automatic so do not delete it.

Look for an entry that has a value C:\WINDOWS\is-M2BMT.exe
If you see the entry, right-click on the entry and click Delete.

Exit the Registry, reboot your computer, and then tell me in your next reply if the popup happened again or not.

the popup appeared again. and when i checked my registry after the reboot, the thing that i deleted was there again.

Hi

It appears to be placed there by some software that had got set up. No way to change it now, as it seems you would have to uninstall and reinstall every program. It is not worth the risk, as it can be any program your computer has.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

ok. thank you so much for helping me i'll just leav ethat error box. it's no harm really.