Fake Windows Security Virus removed, caused more rootkits and problems.

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-09 21:44:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-10 04:44
ComboFix2.txt 2010-04-08 03:47

Pre-Run: 5,110,607,872 bytes free
Post-Run: 5,128,454,144 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 420B6FA475D27DFEC7098CF5EE0D231B

Thanks again for helping me out.
I am dying to install my copy of Windows 7, but I don't feel safe entering the product key while my computer is infected.

You cut out a lot of that ComboFix log. Luckily I caught the first part before it was cut, otherwise an important infection would not be removed.

-=-

I see you are running P2P applications: BitTorrent, uTorrent, and LimeWire. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

-=-

You are using Ask Toolbar. I suggest to remove it, as it tracks user habits on their search engine. But that choice is up to you.

-=-

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

-=-

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

-=-

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  killall:: File:: c:\windows\Igucur.dat c:\windows\Qgivodexadapeq.bin c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\m27f2z3pza.exe c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\avp32.exe c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\mplay32xe.exe RenV:: c:\program files\ATI\ATICustomerCare\aticustomercare .exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe c:\program files\Avira\AntiVir Desktop\avgnt .exe c:\program files\BitComet\bitcomet .exe c:\program files\CheckPoint\ZAForceField\forcefield .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\iTunes\ituneshelper .exe c:\program files\Messenger\msmsgs .exe c:\program files\QuickTime\qttask .exe c:\program files\Winamp Remote\bin\orbtray .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Zone Labs\ZoneAlarm\zlclient .exe c:\program files\Windows Live\Messenger\msnmsgr .exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hf8wefhuaihf8ewfydiujhfdsfdf] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf87efjhdsf87f3jfsdi7fhsujfd] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mplay32xe.exe] Driver:: kmtex anvjhxi Rootkit:: Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

I must apologize for that.
I was having a lot of trouble fitting the entire log, is there any way I can send you the file? Anyway...

ComboFix 10-04-10.02 - Spen 04/10/2010 22:51:55.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1429 [GMT -7:00]
Running from: c:\documents and settings\Spen\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Spen\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll"
"c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\avp32.exe"
"c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\m27f2z3pza.exe"
"c:\documents and settings\ADMINISTRATOR\Local Settings\Temp\mplay32xe.exe"
"c:\windows\Igucur.dat"
"c:\windows\Qgivodexadapeq.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\2269221376.dll
c:\windows\Igucur.dat
c:\windows\Qgivodexadapeq.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_anvjhxi
-------\Service_kmtex


((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 04:36 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-10 04:36 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-10 04:30 . 2010-04-10 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-08 19:28 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-08 19:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-08 19:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-08 19:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\system32\scripting
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\l2schemas
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\en
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\bits
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-08 11:10 . 2010-04-08 11:10 -------- d-sh--w- c:\documents and settings\Spen\IETldCache
2010-04-08 11:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-08 11:08 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-08 11:08 . 2010-04-09 14:43 -------- d-----w- c:\windows\ie8updates
2010-04-08 11:08 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-08 11:05 . 2010-04-08 11:05 -------- d-----w- c:\documents and settings\Spen\Pavark
2010-04-08 11:05 . 2010-04-08 11:08 -------- dc-h--w- c:\windows\ie8
2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- C:\b9366766186a5e08fc2c
2010-04-08 06:28 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-04-08 06:23 . 2010-04-08 19:14 -------- d-----w- c:\windows\ServicePackFiles
2010-04-08 06:19 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2010-04-08 06:17 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-04-08 06:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-08 06:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-08 06:14 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-08 06:14 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-08 06:13 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-11 05:51 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-07 19:31 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-04-10 08:50 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 05:59 . 2009-03-30 08:26 -------- d-----w- c:\documents and settings\Spen\Application Data\uTorrent
2010-04-11 05:46 . 2009-04-23 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 05:43 . 2008-10-30 07:24 -------- d-----w- c:\program files\BitComet
2010-04-11 05:42 . 2009-06-10 23:29 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-04-10 05:27 . 2009-05-08 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-09 04:31 . 2009-11-11 08:03 -------- d-----w- c:\documents and settings\Spen\Application Data\vlc
2010-04-09 01:24 . 2009-05-18 21:19 1 ----a-w- c:\documents and settings\Spen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-08 19:34 . 2008-11-03 02:27 -------- d-----w- c:\program files\uTorrent
2010-04-08 19:26 . 2009-03-28 21:08 18640 ----a-w- c:\documents and settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 19:18 . 2008-10-30 06:07 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-08 06:33 . 2009-12-11 04:29 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-08 04:32 . 2009-05-03 11:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\Spen\Application Data\Malwarebytes
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 19:39 . 2010-04-06 07:05 1323584 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-07 09:23 . 2009-06-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 02:43 . 2010-04-07 03:21 1601024 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-07 02:43 . 2010-04-07 03:21 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-07 02:39 . 2010-04-07 02:43 1601024 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-04-07 02:39 . 2010-04-07 02:43 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-04-07 02:23 . 2010-04-07 02:39 1601024 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-04-07 02:23 . 2010-04-07 02:39 8704 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-06 16:06 . 2010-04-07 02:23 8192 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-06 16:06 . 2010-04-07 02:23 1601024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-06 07:24 . 2010-04-06 07:24 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-06 07:18 . 2010-04-06 16:06 8704 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-06 07:18 . 2010-04-06 07:18 8192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-04-06 07:18 . 2010-04-06 07:18 1599488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-04-06 07:08 . 2010-04-06 07:17 864256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-06 06:36 . 2010-04-06 06:36 36864 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-04-06 06:36 . 2010-04-06 06:36 1572864 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-06 06:36 . 2009-12-11 06:42 -------- d-----w- c:\program files\Winamp Remote
2010-04-06 06:30 . 2010-04-06 06:30 -------- d-----w- c:\program files\CheckPoint
2010-04-06 06:30 . 2010-04-06 06:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-06 05:49 . 2008-11-03 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-05 15:10 . 2008-11-04 01:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 04:03 . 2008-10-31 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 07:48 . 2008-10-30 05:39 17864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 05:54 . 2008-10-30 05:36 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 18:37 . 2008-11-04 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-18 01:33 . 2008-10-31 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-14 19:45 . 2008-10-31 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-03-14 12:49 . 2009-08-13 01:34 -------- d-----w- c:\documents and settings\Alex\Application Data\vlc
2010-03-14 09:33 . 2008-11-07 01:52 -------- d-----w- c:\program files\PokerStars
2010-03-14 07:30 . 2008-10-30 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 06:32 . 2009-07-18 19:39 -------- d-----w- c:\documents and settings\Alex\Application Data\LimeWire
2010-03-13 02:21 . 2010-02-06 16:30 -------- d-----w- c:\documents and settings\Alex\Application Data\dvdcss
2010-03-03 04:21 . 2008-09-24 03:09 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2008-09-24 01:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 03:44 . 2008-09-24 02:09 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2008-09-24 02:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2008-09-24 01:54 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2008-09-24 02:17 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2008-09-24 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2008-09-24 01:38 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2008-09-24 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2008-09-24 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2008-09-24 01:38 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2008-09-24 01:38 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2008-09-24 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2008-09-24 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2008-09-24 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2008-09-24 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2008-09-24 01:20 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2008-09-24 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2008-09-24 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2008-09-24 01:18 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2008-09-24 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2008-09-24 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2008-09-24 01:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-02 14:23 . 2009-07-17 01:59 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2010-02-25 19:55 . 2008-09-17 19:17 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:24 . 2004-08-04 02:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\quicktime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-15 01:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\aticustomercare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\bitcomet .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 09:06 1667584 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 -c--a-w- c:\program files\Winamp Remote\bin\orbtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-03 06:26 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-08 10:55 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 22:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-10 23:02:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 06:02
ComboFix2.txt 2010-04-10 04:44
ComboFix3.txt 2010-04-08 03:47

Pre-Run: 5,141,135,360 bytes free
Post-Run: 5,123,846,144 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 907219E867BD6A96A3E30E6DEF6693DD

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  Code:

  killall::

RenV::
c:\program files\BitComet\bitcomet  .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Windows Live\Messenger\msnmsgr  .exe

Reboot::
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-04-10.02 - Spen 04/11/2010 3:53.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1581 [GMT -7:00]
Running from: c:\documents and settings\Spen\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Spen\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 04:36 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-10 04:36 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-10 04:30 . 2010-04-10 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-08 19:28 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-08 19:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-08 19:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-08 19:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\system32\scripting
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\l2schemas
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\en
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\bits
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-08 11:10 . 2010-04-08 11:10 -------- d-sh--w- c:\documents and settings\Spen\IETldCache
2010-04-08 11:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-08 11:08 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-08 11:08 . 2010-04-09 14:43 -------- d-----w- c:\windows\ie8updates
2010-04-08 11:08 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-08 11:05 . 2010-04-08 11:05 -------- d-----w- c:\documents and settings\Spen\Pavark
2010-04-08 11:05 . 2010-04-08 11:08 -------- dc-h--w- c:\windows\ie8
2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- C:\b9366766186a5e08fc2c
2010-04-08 06:28 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-04-08 06:23 . 2010-04-08 19:14 -------- d-----w- c:\windows\ServicePackFiles
2010-04-08 06:19 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2010-04-08 06:17 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-04-08 06:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-08 06:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-08 06:14 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-08 06:14 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-08 06:13 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-11 05:51 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-11 10:53 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-04-10 08:50 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 11:01 . 2009-03-30 08:26 -------- d-----w- c:\documents and settings\Spen\Application Data\uTorrent
2010-04-11 06:28 . 2009-05-08 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-11 05:46 . 2009-04-23 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 05:43 . 2008-10-30 07:24 -------- d-----w- c:\program files\BitComet
2010-04-11 05:42 . 2009-06-10 23:29 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-04-09 04:31 . 2009-11-11 08:03 -------- d-----w- c:\documents and settings\Spen\Application Data\vlc
2010-04-09 01:24 . 2009-05-18 21:19 1 ----a-w- c:\documents and settings\Spen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-08 19:34 . 2008-11-03 02:27 -------- d-----w- c:\program files\uTorrent
2010-04-08 19:26 . 2009-03-28 21:08 18640 ----a-w- c:\documents and settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 19:18 . 2008-10-30 06:07 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-08 06:33 . 2009-12-11 04:29 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-08 04:32 . 2009-05-03 11:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\Spen\Application Data\Malwarebytes
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 19:39 . 2010-04-06 07:05 1323584 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-07 09:23 . 2009-06-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 02:43 . 2010-04-07 03:21 1601024 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-07 02:43 . 2010-04-07 03:21 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-07 02:39 . 2010-04-07 02:43 1601024 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-04-07 02:39 . 2010-04-07 02:43 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-04-07 02:23 . 2010-04-07 02:39 1601024 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-04-07 02:23 . 2010-04-07 02:39 8704 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-06 16:06 . 2010-04-07 02:23 8192 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-06 16:06 . 2010-04-07 02:23 1601024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-06 07:24 . 2010-04-06 07:24 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-06 07:18 . 2010-04-06 16:06 8704 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-06 07:18 . 2010-04-06 07:18 8192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-04-06 07:18 . 2010-04-06 07:18 1599488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-04-06 07:08 . 2010-04-06 07:17 864256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-06 06:36 . 2010-04-06 06:36 36864 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-04-06 06:36 . 2010-04-06 06:36 1572864 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-06 06:36 . 2009-12-11 06:42 -------- d-----w- c:\program files\Winamp Remote
2010-04-06 06:30 . 2010-04-06 06:30 -------- d-----w- c:\program files\CheckPoint
2010-04-06 06:30 . 2010-04-06 06:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-06 05:49 . 2008-11-03 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-05 15:10 . 2008-11-04 01:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 04:03 . 2008-10-31 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 07:48 . 2008-10-30 05:39 17864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 05:54 . 2008-10-30 05:36 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 18:37 . 2008-11-04 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-18 01:33 . 2008-10-31 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-14 19:45 . 2008-10-31 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-03-14 12:49 . 2009-08-13 01:34 -------- d-----w- c:\documents and settings\Alex\Application Data\vlc
2010-03-14 09:33 . 2008-11-07 01:52 -------- d-----w- c:\program files\PokerStars
2010-03-14 07:30 . 2008-10-30 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 06:32 . 2009-07-18 19:39 -------- d-----w- c:\documents and settings\Alex\Application Data\LimeWire
2010-03-13 02:21 . 2010-02-06 16:30 -------- d-----w- c:\documents and settings\Alex\Application Data\dvdcss
2010-03-03 04:21 . 2008-09-24 03:09 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2008-09-24 01:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 03:44 . 2008-09-24 02:09 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2008-09-24 02:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2008-09-24 01:54 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2008-09-24 02:17 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2008-09-24 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2008-09-24 01:38 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2008-09-24 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2008-09-24 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2008-09-24 01:38 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2008-09-24 01:38 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2008-09-24 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2008-09-24 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2008-09-24 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2008-09-24 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2008-09-24 01:20 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2008-09-24 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2008-09-24 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2008-09-24 01:18 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2008-09-24 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2008-09-24 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2008-09-24 01:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-02 14:23 . 2009-07-17 01:59 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2010-02-25 19:55 . 2008-09-17 19:17 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:24 . 2004-08-04 02:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\quicktime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-15 01:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\aticustomercare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\bitcomet .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 09:06 1667584 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 -c--a-w- c:\program files\Winamp Remote\bin\orbtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-03 06:26 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-08 10:55 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 04:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(1120)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-11 04:04:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 11:04
ComboFix2.txt 2010-04-11 06:02
ComboFix3.txt 2010-04-10 04:44
ComboFix4.txt 2010-04-08 03:47

Pre-Run: 4,755,378,176 bytes free
Post-Run: 4,716,523,520 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - CBDD80CB2E8123BF2ED306DF9D06E6D6

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  Code:

  killall::

RenV::
c:\program files\BitComet\bitcomet  .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\program files\quicktime\qttask .exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-04-10.02 - Spen 04/11/2010 11:33:40.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1574 [GMT -7:00]
Running from: c:\documents and settings\Spen\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Spen\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 04:36 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-10 04:36 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-10 04:30 . 2010-04-10 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-08 19:28 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-08 19:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-08 19:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-08 19:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\system32\scripting
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\l2schemas
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\en
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\bits
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-08 11:10 . 2010-04-08 11:10 -------- d-sh--w- c:\documents and settings\Spen\IETldCache
2010-04-08 11:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-08 11:08 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-08 11:08 . 2010-04-09 14:43 -------- d-----w- c:\windows\ie8updates
2010-04-08 11:08 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-08 11:05 . 2010-04-08 11:05 -------- d-----w- c:\documents and settings\Spen\Pavark
2010-04-08 11:05 . 2010-04-08 11:08 -------- dc-h--w- c:\windows\ie8
2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- C:\b9366766186a5e08fc2c
2010-04-08 06:28 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-04-08 06:23 . 2010-04-08 19:14 -------- d-----w- c:\windows\ServicePackFiles
2010-04-08 06:19 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2010-04-08 06:17 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-04-08 06:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-08 06:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-08 06:14 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-08 06:14 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-08 06:13 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-11 05:51 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-11 10:53 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-04-10 08:50 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 18:47 . 2009-03-30 08:26 -------- d-----w- c:\documents and settings\Spen\Application Data\uTorrent
2010-04-11 06:28 . 2009-05-08 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-11 05:46 . 2009-04-23 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 05:43 . 2008-10-30 07:24 -------- d-----w- c:\program files\BitComet
2010-04-11 05:42 . 2009-06-10 23:29 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-04-09 04:31 . 2009-11-11 08:03 -------- d-----w- c:\documents and settings\Spen\Application Data\vlc
2010-04-09 01:24 . 2009-05-18 21:19 1 ----a-w- c:\documents and settings\Spen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-08 19:34 . 2008-11-03 02:27 -------- d-----w- c:\program files\uTorrent
2010-04-08 19:26 . 2009-03-28 21:08 18640 ----a-w- c:\documents and settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 19:18 . 2008-10-30 06:07 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-08 06:33 . 2009-12-11 04:29 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-08 04:32 . 2009-05-03 11:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\Spen\Application Data\Malwarebytes
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 19:39 . 2010-04-06 07:05 1323584 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-07 09:23 . 2009-06-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 02:43 . 2010-04-07 03:21 1601024 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-07 02:43 . 2010-04-07 03:21 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-07 02:39 . 2010-04-07 02:43 1601024 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-04-07 02:39 . 2010-04-07 02:43 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-04-07 02:23 . 2010-04-07 02:39 1601024 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-04-07 02:23 . 2010-04-07 02:39 8704 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-06 16:06 . 2010-04-07 02:23 8192 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-06 16:06 . 2010-04-07 02:23 1601024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-06 07:24 . 2010-04-06 07:24 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-06 07:18 . 2010-04-06 16:06 8704 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-06 07:18 . 2010-04-06 07:18 8192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-04-06 07:18 . 2010-04-06 07:18 1599488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-04-06 07:08 . 2010-04-06 07:17 864256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-06 06:36 . 2010-04-06 06:36 36864 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-04-06 06:36 . 2010-04-06 06:36 1572864 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-06 06:36 . 2009-12-11 06:42 -------- d-----w- c:\program files\Winamp Remote
2010-04-06 06:30 . 2010-04-06 06:30 -------- d-----w- c:\program files\CheckPoint
2010-04-06 06:30 . 2010-04-06 06:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-06 05:49 . 2008-11-03 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-05 15:10 . 2008-11-04 01:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 04:03 . 2008-10-31 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 07:48 . 2008-10-30 05:39 17864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 05:54 . 2008-10-30 05:36 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 18:37 . 2008-11-04 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-18 01:33 . 2008-10-31 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-14 19:45 . 2008-10-31 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-03-14 12:49 . 2009-08-13 01:34 -------- d-----w- c:\documents and settings\Alex\Application Data\vlc
2010-03-14 09:33 . 2008-11-07 01:52 -------- d-----w- c:\program files\PokerStars
2010-03-14 07:30 . 2008-10-30 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 06:32 . 2009-07-18 19:39 -------- d-----w- c:\documents and settings\Alex\Application Data\LimeWire
2010-03-13 02:21 . 2010-02-06 16:30 -------- d-----w- c:\documents and settings\Alex\Application Data\dvdcss
2010-03-03 04:21 . 2008-09-24 03:09 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2008-09-24 01:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 03:44 . 2008-09-24 02:09 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2008-09-24 02:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2008-09-24 01:54 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2008-09-24 02:17 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2008-09-24 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2008-09-24 01:38 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2008-09-24 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2008-09-24 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2008-09-24 01:38 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2008-09-24 01:38 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2008-09-24 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2008-09-24 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2008-09-24 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2008-09-24 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2008-09-24 01:20 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2008-09-24 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2008-09-24 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2008-09-24 01:18 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2008-09-24 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2008-09-24 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2008-09-24 01:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-02 14:23 . 2009-07-17 01:59 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2010-02-25 19:55 . 2008-09-17 19:17 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:24 . 2004-08-04 02:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
.


((((((((((((((((((((((((((((( SnapShot_2010-04-10_04.40.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-11 18:39 . 2010-04-11 18:39 16384 c:\windows\temp\Perflib_Perfdata_228.dat
+ 2010-04-11 05:46 . 2010-04-11 05:46 3940352 c:\windows\Installer\5603518.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-15 01:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\aticustomercare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 09:06 1667584 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 -c--a-w- c:\program files\Winamp Remote\bin\orbtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-03 06:26 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-08 10:55 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 11:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-11 11:49:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 18:49
ComboFix2.txt 2010-04-11 11:04
ComboFix3.txt 2010-04-11 06:02
ComboFix4.txt 2010-04-10 04:44
ComboFix5.txt 2010-04-11 18:32

Pre-Run: 4,723,154,944 bytes free
Post-Run: 4,679,782,400 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - FC30FA6F72A0B2F3977D4AA2EB1BC5F1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :filefind
* .exe
  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:23 on 11/04/2010 by Spen (Administrator - Elevation successful)

========== filefind ==========

Searching for "* .exe"
C:\Documents and Settings\Spen\Local Settings\Application Data\Google\Update\googleupdate .exe --a--- 136176 bytes [06:59 06/04/2010] [06:59 06/04/2010] F02A533F517EB38333CB12A9E8963773
C:\Program Files\BitComet\bitcomet .exe --a--c 2497336 bytes [07:53 10/10/2008] [07:53 10/10/2008] 39E1C0FA52D86C04DDBE47F308319E8A

-=End Of File=-

Good work. Now once more:

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  Code:

  killall::

RenV::
C:\Documents and Settings\Spen\Local Settings\Application Data\Google\Update\googleupdate .exe
C:\Program Files\BitComet\bitcomet .exe

Reboot::
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-04-11.02 - Spen 04/11/2010 22:09:10.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1468 [GMT -7:00]
Running from: c:\documents and settings\Spen\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Spen\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-10 04:36 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-10 04:36 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-10 04:30 . 2010-04-10 04:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-08 19:28 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-08 19:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-08 19:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-08 19:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-08 19:22 . 2010-04-08 19:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\system32\scripting
2010-04-08 19:17 . 2010-04-08 19:17 -------- d-----w- c:\windows\l2schemas
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\en
2010-04-08 19:16 . 2010-04-08 19:16 -------- d-----w- c:\windows\system32\bits
2010-04-08 11:15 . 2010-04-08 11:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-08 11:10 . 2010-04-08 11:10 -------- d-sh--w- c:\documents and settings\Spen\IETldCache
2010-04-08 11:08 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-08 11:08 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-08 11:08 . 2010-04-09 14:43 -------- d-----w- c:\windows\ie8updates
2010-04-08 11:08 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-08 11:05 . 2010-04-08 11:05 -------- d-----w- c:\documents and settings\Spen\Pavark
2010-04-08 11:05 . 2010-04-08 11:08 -------- dc-h--w- c:\windows\ie8
2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- C:\b9366766186a5e08fc2c
2010-04-08 06:28 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-04-08 06:23 . 2010-04-08 19:14 -------- d-----w- c:\windows\ServicePackFiles
2010-04-08 06:19 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2010-04-08 06:17 . 2004-08-04 05:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-04-08 06:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-08 06:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-08 06:14 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-08 06:14 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-08 06:13 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\FileASSASSIN
2010-04-07 19:46 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 19:46 . 2010-04-07 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 19:46 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-07 09:07 . 2010-04-07 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 09:05 . 2010-04-07 09:05 -------- d-----w- c:\program files\Trend Micro
2010-04-07 03:25 . 2010-04-07 04:07 -------- d-----w- c:\windows\system32\NtmsData
2010-04-07 03:22 . 2010-04-07 03:22 -------- d-----w- c:\documents and settings\Spen\Application Data\Avira
2010-04-07 03:04 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-07 03:04 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-07 03:04 . 2009-05-11 18:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-07 03:04 . 2009-05-11 18:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\program files\Avira
2010-04-07 03:04 . 2010-04-07 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-07 02:52 . 2010-04-07 02:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 06:52 . 2010-04-06 07:16 201728 --sha-w- c:\documents and settings\Spen\Local Settings\Application Data\2269221376.dll
2010-04-06 06:31 . 2010-04-06 06:31 -------- d-----w- c:\documents and settings\Spen\Application Data\CheckPoint
2010-04-06 06:21 . 2010-04-06 06:21 -------- d-----w- c:\program files\Zone Labs
2010-04-06 06:21 . 2010-04-07 09:18 -------- d-----w- c:\windows\Internet Logs
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\program files\iPod
2010-04-05 15:10 . 2010-04-11 05:51 -------- d-----w- c:\program files\iTunes
2010-04-05 15:10 . 2010-04-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 15:08 . 2010-04-11 10:53 -------- d-----w- c:\program files\QuickTime
2010-04-05 15:04 . 2010-04-05 15:04 -------- d-----w- c:\program files\Bonjour
2010-04-05 15:02 . 2010-04-05 15:02 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 03:17 . 2010-04-01 03:17 -------- d-----w- c:\program files\dumps
2010-03-29 06:18 . 2010-04-01 22:40 -------- d-----w- c:\program files\Steam
2010-03-26 07:39 . 2010-03-26 07:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-03-26 07:37 . 2010-04-06 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-24 05:56 . 2010-03-24 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-24 05:52 . 2010-03-03 04:02 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-24 05:52 . 2010-03-03 04:01 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-24 05:52 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-24 05:52 . 2010-03-03 03:07 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-24 05:52 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-03-24 05:52 . 2010-03-24 05:54 -------- d-----w- c:\program files\ATI
2010-03-21 21:05 . 2010-03-21 21:05 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\faabpk7i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-03-21 09:51 . 2010-04-01 07:39 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-21 09:51 . 2010-03-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-03-20 18:41 . 2010-03-20 18:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-17 21:18 . 2010-03-17 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-03-15 10:03 . 2010-03-15 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-03-15 08:37 . 2010-04-10 08:50 -------- d-----w- c:\program files\World of Warcraft
2010-03-15 08:35 . 2010-03-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-03-14 19:55 . 2010-03-21 09:59 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-14 19:47 . 2010-03-14 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-14 19:41 . 2010-03-14 19:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-03-14 19:41 . 2010-04-05 00:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-14 19:40 . 2010-03-14 19:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-03-14 06:26 . 2010-03-14 06:26 -------- d-----w- c:\documents and settings\Alex\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-12 05:17 . 2009-03-30 08:26 -------- d-----w- c:\documents and settings\Spen\Application Data\uTorrent
2010-04-11 06:28 . 2009-05-08 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-11 05:46 . 2009-04-23 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 05:43 . 2008-10-30 07:24 -------- d-----w- c:\program files\BitComet
2010-04-11 05:42 . 2009-06-10 23:29 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-04-09 04:31 . 2009-11-11 08:03 -------- d-----w- c:\documents and settings\Spen\Application Data\vlc
2010-04-09 01:24 . 2009-05-18 21:19 1 ----a-w- c:\documents and settings\Spen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-08 19:34 . 2008-11-03 02:27 -------- d-----w- c:\program files\uTorrent
2010-04-08 19:26 . 2009-03-28 21:08 18640 ----a-w- c:\documents and settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-08 19:18 . 2008-10-30 06:07 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-08 06:33 . 2009-12-11 04:29 -------- d-----w- c:\program files\Windows Desktop Search
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-08 06:28 . 2010-04-08 06:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-08 04:32 . 2009-05-03 11:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\Spen\Application Data\Malwarebytes
2010-04-07 19:46 . 2009-03-28 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 19:39 . 2010-04-06 07:05 1323584 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-07 09:23 . 2009-06-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-07 02:43 . 2010-04-07 03:21 1601024 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-07 02:43 . 2010-04-07 03:21 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-04-07 02:39 . 2010-04-07 02:43 1601024 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-04-07 02:39 . 2010-04-07 02:43 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-04-07 02:23 . 2010-04-07 02:39 1601024 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-04-07 02:23 . 2010-04-07 02:39 8704 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-04-06 16:06 . 2010-04-07 02:23 8192 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-06 16:06 . 2010-04-07 02:23 1601024 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-06 07:24 . 2010-04-06 07:24 699904 ----a-w- c:\windows\isRS-000.tmp
2010-04-06 07:18 . 2010-04-06 16:06 8704 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-06 07:18 . 2010-04-06 07:18 8192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-04-06 07:18 . 2010-04-06 07:18 1599488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-04-06 07:08 . 2010-04-06 07:17 864256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-06 06:36 . 2010-04-06 06:36 36864 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-04-06 06:36 . 2010-04-06 06:36 1572864 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-06 06:36 . 2009-12-11 06:42 -------- d-----w- c:\program files\Winamp Remote
2010-04-06 06:30 . 2010-04-06 06:30 -------- d-----w- c:\program files\CheckPoint
2010-04-06 06:30 . 2010-04-06 06:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-06 05:49 . 2008-11-03 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-05 15:10 . 2008-11-04 01:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 04:03 . 2008-10-31 03:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-04-01 07:48 . 2008-10-30 05:39 17864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 05:54 . 2008-10-30 05:36 -------- d-----w- c:\program files\ATI Technologies
2010-03-20 18:37 . 2008-11-04 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-03-18 01:33 . 2008-10-31 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-03-14 19:45 . 2008-10-31 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-03-14 12:49 . 2009-08-13 01:34 -------- d-----w- c:\documents and settings\Alex\Application Data\vlc
2010-03-14 09:33 . 2008-11-07 01:52 -------- d-----w- c:\program files\PokerStars
2010-03-14 07:30 . 2008-10-30 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 06:32 . 2009-07-18 19:39 -------- d-----w- c:\documents and settings\Alex\Application Data\LimeWire
2010-03-13 02:21 . 2010-02-06 16:30 -------- d-----w- c:\documents and settings\Alex\Application Data\dvdcss
2010-03-03 04:21 . 2008-09-24 03:09 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2008-09-24 01:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 03:44 . 2008-09-24 02:09 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2008-09-24 02:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2008-09-24 01:54 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2008-09-24 02:17 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2008-09-24 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2008-09-24 01:38 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2008-09-24 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2008-09-24 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2008-09-24 01:38 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2008-09-24 01:38 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2008-09-24 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2008-09-24 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2008-09-24 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2008-09-24 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2008-09-24 01:20 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2008-09-24 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2008-09-24 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2008-09-24 01:18 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2008-09-24 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2008-09-24 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2008-09-24 01:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-02 14:23 . 2009-07-17 01:59 -------- d-----w- c:\documents and settings\Alex\Application Data\Apple Computer
2010-02-25 19:55 . 2008-09-17 19:17 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:24 . 2004-08-04 02:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-08 319792]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-15 01:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\aticustomercare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 03:03 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COM+ Manager]
c:\documents and settings\Administrator\.COMMgr\complmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-06 06:59 136176 ----atw- c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\googleupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 07:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 09:06 1667584 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 -c--a-w- c:\program files\Winamp Remote\bin\orbtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 22:54 17021440 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
c:\program files\Software Informer\softinfo.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-03 06:26 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-01 03:17 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-08 10:55 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14634:TCP"= 14634:TCP:BitComet 14634 TCP
"14634:UDP"= 14634:UDP:BitComet 14634 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/6/2010 8:04 PM 135336]
S2 gupdate1c9cfcb98311892;Google Update Service (gupdate1c9cfcb98311892);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 3:56 AM 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/30/2008 12:04 AM 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-04-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:55]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 10:56]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ʹÓÃѸÀ×ÏÂÔØ - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm
IE: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\documents and settings\Spen\Desktop\thunder\Thunder\Program\getallurl.htm
FF - ProfilePath - c:\documents and settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Spen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 22:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1935655697-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,43,1b,e5,21,0f,a6,e6,42,fb,76,42,c0,36,94,8e,fe,02,91,09,1e,
d6,00,e0,bc,02,7f,c0,ad,40,8b,26,85,c8,39,53,a1,27,f8,1e,4a,12,cb,45,01,07,\
"rkeysecu"=hex:04,5a,e4,57,be,78,e9,65,76,e7,15,b6,48,67,f8,26
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wpabaln.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-04-11 22:19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-12 05:19
ComboFix2.txt 2010-04-11 18:49
ComboFix3.txt 2010-04-11 11:04
ComboFix4.txt 2010-04-11 06:02
ComboFix5.txt 2010-04-12 05:08

Pre-Run: 4,728,664,064 bytes free
Post-Run: 4,694,097,920 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - BD9C80CBDE99B57EE366627C175BA91D

This just does not want to go away, does it?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :filefind
* .exe
*  .exe
*  .exe
*    .exe
*    .exe
*      .exe
*      .exe
*        .exe
*        .exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Yeah I just don't understand why we cant seem to get rid of it, have you ever experienced anything like this? Thanks again man you are so patient with my inexperience.


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:12 on 12/04/2010 by Spen (Administrator - Elevation successful)

========== filefind ==========

Searching for "* .exe"
C:\Program Files\BitComet\bitcomet .exe --a--c 2497336 bytes [07:53 10/10/2008] [07:53 10/10/2008] 39E1C0FA52D86C04DDBE47F308319E8A

Searching for "* .exe"
C:\Program Files\BitComet\bitcomet .exe --a--c 2497336 bytes [07:53 10/10/2008] [07:53 10/10/2008] 39E1C0FA52D86C04DDBE47F308319E8A

Searching for "* .exe"
C:\Program Files\BitComet\bitcomet .exe --a--c 2497336 bytes [07:53 10/10/2008] [07:53 10/10/2008] 39E1C0FA52D86C04DDBE47F308319E8A

Searching for "* .exe"
No files found.

Searching for "* .exe"
No files found.

Searching for "* .exe"
No files found.

Searching for "* .exe"
No files found.

Searching for "* .exe"
No files found.

Searching for "* .exe"
No files found.

-=End Of File=-

I am rather confused on why it will not go away.

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:dir
C:\Program Files\BitComet

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Please wrap it in a Code tag.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please open OTL -- Click None and paste this in the Custom Scans box:


Then click Run Scan. It shall launch a log. Please post it in your next reply.

Open OTL. Click on Quick Scan, then post a log.

OTL logfile created on: 4/12/2010 10:45:08 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Spen\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 4.23 Gb Free Space | 1.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX-ROOM
Current User Name: Spen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/08 18:09:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spen\Desktop\OTL.exe
PRC - [2010/04/02 17:05:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 17:12:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 18:09:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spen\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/05/12 16:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 08:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/10 22:46:18 | 000,000,000 | ---D | M]

[2009/03/28 14:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Mozilla\Extensions
[2010/04/11 23:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\extensions
[2010/04/09 08:56:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/06 23:35:52 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Profiles\a0hc1fm0.default\searchplugins\bing.xml
[2010/04/11 23:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/04/11 22:14:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Documents and Settings\Spen\Desktop\thunder\Thunder\Program\getAllurl.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spen\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/29 23:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/12 21:11:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Spen\PrivacIE
[2010/04/12 21:10:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/11 22:12:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/10 23:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Desktop\Pure.Pwnage.TV.S01E05.HDTV.XviD-aAF - [ www.torrentday.com ]
[2010/04/10 01:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\My Documents\StarCraft II Beta
[2010/04/08 21:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Desktop\666
[2010/04/08 18:09:51 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spen\Desktop\OTL.exe
[2010/04/08 12:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/08 12:22:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/08 12:17:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/08 12:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/08 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/08 12:16:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/08 12:07:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/08 04:10:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Spen\IETldCache
[2010/04/08 04:08:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/08 04:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Pavark
[2010/04/08 04:05:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/08 03:07:06 | 000,000,000 | ---D | C] -- C:\b9366766186a5e08fc2c
[2010/04/07 23:23:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/07 20:26:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/07 20:25:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 20:25:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 20:25:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 20:25:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 20:24:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/07 20:22:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/07 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2010/04/07 13:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Desktop\SmitfraudFix
[2010/04/07 12:46:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 12:46:20 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 12:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 06:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/07 06:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/07 02:18:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Spen\Recent
[2010/04/07 02:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/07 02:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/06 21:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/06 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 20:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/06 20:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Application Data\Avira
[2010/04/06 20:04:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/06 20:04:01 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/06 20:04:01 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/04/06 20:04:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/06 20:04:01 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/06 20:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/06 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/05 23:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/05 23:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\My Documents\ForceField Shared Files
[2010/04/05 23:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spen\Application Data\CheckPoint
[2010/04/05 23:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/05 23:30:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/05 23:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/05 23:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/05 08:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/05 08:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/05 08:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 08:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 08:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/31 20:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2010/03/29 19:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/10 21:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/13 00:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/05/08 03:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/10 19:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/29 23:11:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/29 23:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/12 22:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 18:48:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/12 14:23:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 12:35:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/12 12:02:42 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/11 23:42:41 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Spen\NTUSER.DAT
[2010/04/11 22:14:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/11 22:14:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/11 22:14:31 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 22:14:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 22:14:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/11 22:13:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Spen\ntuser.ini
[2010/04/11 22:13:03 | 006,442,408 | -H-- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\IconCache.db
[2010/04/11 21:22:41 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\SystemLook.exe
[2010/04/11 19:42:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/10 23:49:49 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 22:46:18 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/09 21:28:22 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\commy.exe.lnk
[2010/04/09 07:46:47 | 000,518,514 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 07:46:47 | 000,454,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/09 07:46:47 | 000,074,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/09 07:44:47 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/08 18:24:32 | 000,181,642 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\OTL.doc
[2010/04/08 18:09:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spen\Desktop\OTL.exe
[2010/04/08 12:45:25 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/08 12:34:15 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/04/08 12:29:15 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/08 12:26:59 | 000,018,640 | ---- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/08 12:24:11 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/08 12:12:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/08 02:00:22 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\khq
[2010/04/08 00:39:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100408-021417.backup
[2010/04/07 23:28:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/07 23:28:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/07 22:19:22 | 000,007,882 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\bQT88M2c
[2010/04/07 22:19:22 | 000,007,882 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bQT88M2c
[2010/04/07 21:32:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 20:26:54 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/07 12:46:26 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pokemon Gold.lnk
[2010/04/07 02:42:50 | 000,000,090 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/07 02:07:40 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\Spybot - Search & Destroy.lnk
[2010/04/07 02:05:18 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\HijackThis.lnk
[2010/04/06 19:52:17 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/06 00:18:30 | 000,012,848 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GbW53PfLB
[2010/04/06 00:18:30 | 000,012,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\GbW53PfLB
[2010/04/06 00:16:43 | 000,201,728 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\2269221376.dll
[2010/04/06 00:03:12 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Spen\Desktop\trojan_fakerean_exe_fix.reg
[2010/04/05 23:31:36 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/05 23:30:47 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/05 23:07:41 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-021746.backup
[2010/04/05 08:08:28 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/11 21:22:41 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\SystemLook.exe
[2010/04/10 22:46:18 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/09 21:28:22 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\commy.exe.lnk
[2010/04/08 18:24:32 | 000,181,642 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\OTL.doc
[2010/04/08 12:34:15 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/04/08 12:29:15 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/08 02:00:22 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\khq
[2010/04/08 02:00:10 | 000,734,581 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rydxuu.exe
[2010/04/07 23:28:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/04/07 23:28:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/07 23:22:33 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/07 23:20:27 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/07 23:17:44 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/07 23:17:43 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/07 23:17:43 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/07 22:14:05 | 000,007,882 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bQT88M2c
[2010/04/07 22:14:04 | 000,007,882 | -HS- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\bQT88M2c
[2010/04/07 20:26:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/07 20:26:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/07 20:25:10 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 20:25:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 20:25:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 20:25:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 20:25:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/07 12:46:26 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pokemon Gold.lnk
[2010/04/07 02:42:50 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/07 02:07:40 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\Spybot - Search & Destroy.lnk
[2010/04/07 02:05:18 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\HijackThis.lnk
[2010/04/06 19:52:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/06 00:03:12 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Spen\Desktop\trojan_fakerean_exe_fix.reg
[2010/04/05 23:52:20 | 000,201,728 | -HS- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\2269221376.dll
[2010/04/05 23:39:03 | 000,012,848 | -HS- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GbW53PfLB
[2010/04/05 23:30:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/05 23:30:38 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/05 23:08:05 | 000,012,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\GbW53PfLB
[2010/04/05 08:10:34 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/05 08:08:28 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/12 21:34:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\fusioncache.dat
[2009/05/31 15:49:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
[2009/05/18 13:56:09 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/11 12:15:27 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Spen\default.pls
[2009/03/28 17:06:14 | 000,203,264 | ---- | C] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/28 15:31:22 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/28 15:31:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/28 15:31:09 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/28 15:31:09 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/28 15:31:01 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/28 15:31:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/28 14:07:50 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Spen\ntuser.dat.LOG
[2009/03/28 14:07:50 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Spen\ntuser.ini
[2009/03/28 14:07:49 | 008,650,752 | -H-- | C] () -- C:\Documents and Settings\Spen\NTUSER.DAT
[2009/02/15 07:43:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/12/03 23:28:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vzcontextmenu.dll
[2008/12/03 23:28:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DetectDxQT.dll
[2008/11/05 19:36:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/01 16:57:24 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/12/08 09:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/10 23:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/07/04 02:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/12/03 23:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shctxex.vb
[2009/12/18 02:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/12/18 02:21:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2010/04/05 08:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 09:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/16 19:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/13 14:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Braid
[2010/04/05 23:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\CheckPoint
[2009/03/31 15:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\DAEMON Tools
[2009/05/24 00:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\EVEMon
[2009/06/27 20:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\IObit
[2010/01/04 19:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\LimeWire
[2009/05/18 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\OpenOffice.org
[2009/03/31 15:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\SPORE
[2010/04/11 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\uTorrent
[2009/12/10 21:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Windows Desktop Search
[2009/12/10 22:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spen\Application Data\Windows Search

========== Purity Check ==========


< End of report >

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :otl
  O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
  O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
  O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
  [2010/04/08 03:07:06 | 000,000,000 | ---D | C] -- C:\b9366766186a5e08fc2c
  [2010/04/07 22:19:22 | 000,007,882 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\bQT88M2c
  [2010/04/07 22:19:22 | 000,007,882 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bQT88M2c
  [2010/04/06 00:18:30 | 000,012,848 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\GbW53PfLB
  [2010/04/06 00:18:30 | 000,012,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\GbW53PfLB
  [2010/04/06 00:16:43 | 000,201,728 | -HS- | M] () -- C:\Documents and Settings\Spen\Local Settings\Application Data\2269221376.dll
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Program Files\PartyGaming\PartyPoker\RunApp.exe not found.
C:\b9366766186a5e08fc2c\i386 folder moved successfully.
C:\b9366766186a5e08fc2c\amd64 folder moved successfully.
C:\b9366766186a5e08fc2c folder moved successfully.
C:\Documents and Settings\Spen\Local Settings\Application Data\bQT88M2c moved successfully.
C:\Documents and Settings\All Users\Application Data\bQT88M2c moved successfully.
C:\Documents and Settings\Spen\Local Settings\Application Data\GbW53PfLB moved successfully.
C:\Documents and Settings\All Users\Application Data\GbW53PfLB moved successfully.
C:\Documents and Settings\Spen\Local Settings\Application Data\2269221376.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 160065 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43258504 bytes
->Flash cache emptied: 405 bytes

User: Alex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 11377128 bytes
->Flash cache emptied: 14674 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 4288 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 39 bytes
->Flash cache emptied: 1489 bytes

User: Spen
->Temp folder emptied: 11904 bytes
->Temporary Internet Files folder emptied: 3731832 bytes
->Java cache emptied: 1243 bytes
->FireFox cache emptied: 69254972 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2739 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1925431 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112350 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04122010_234740

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

Nothing showing in known infections, that a good sign?

Let's see this one check..

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe.
  
• Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
  
• Go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

Please remove any e-mail address in the RootRepeal report (if present).

Didn't display much.

Nope. How is your computer running? Any other popups?

It's running really smooth after those first few scans and deletions we did, and now I think it's back up to speed.
If those scans aren't finding anything I'm thinking we did it.
Thanks so much Jay, I think it's safe for me to set up my Windows 7 now.

Let's clean up.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Let me know when that is done.

All done! Man you really have helped me tremendously.
I don't even know what to say.

You're welcome.

Happy Safe Surfing!