2009 Spyware spams and BankerFox.A and Win32/Nuqel.E

Computer is auto scanning and throwing 34 viruses at me a couple being BankerFox.A and Win32/Nuqel.E There are others. I keep getting spammed with a 2009 Spyware thing. My desktop has a flashing message that says:


(WARNING
Dangerous Spyware
Following viruses were found on your computer: Trojan horse, PassCapture, and etc.
Your private information may be potentially transferred to third parties.

Please check computer using advanced software.
Thanks.)

So whatever you got throw it my way lol!

It says the posted message is too big. I can't send it.

Split it up, use more than one post.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Bryan Pickett at 17:45:14.93 on Tue 04/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526.893 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ntdll64.exe
C:\WINDOWS\sysguard.exe
C:\DOCUME~1\BRYANP~1\LOCALS~1\Temp\1158143692.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Bryan Pickett\Local Settings\Temporary Internet Files\Content.IE5\UZ3GKTIT\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = https://mail.msu.edu/imp/login.php
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: c:\windows\system32\yhs783ijfo3fe.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\yhs783ijfo3fe.dll
BHO: : {f7b1ace6-6e5a-4511-bbe6-8857a864633e} - c:\windows\system32\tyudmfn.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [system tool] c:\windows\sysguard.exe
uRun: [Diagnostic Manager] c:\docume~1\bryanp~1\locals~1\temp\1158143692.exe
uRun: [autochk] rundll32.exe c:\docume~1\bryanp~1\protect.dll,_IWMPEvents@16
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Framework Windows] frmwrk32.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
dRun: [] c:\windows\temp\h6ob7etrn.exe
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\bryan pickett\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\bryanp~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\temp\ntdll64.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156895688352
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - hxxp://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: cbfesphb - tyudmfn.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\yhs783ijfo3fe.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\yhs783ijfo3fe.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 haoklppn;Keyboard HID Support;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-10 24652]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\naveng.sys [2009-4-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\navex15.sys [2009-4-24 876144]
R3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

=============== Created Last 30 ================

2009-04-28 17:45 --d----- c:\docume~1\bryanp~1\applic~1\pbzwkcla
2009-04-28 17:39 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-04-28 17:39 24,064 a--sh--- c:\documents and settings\bryan pickett\protect.dll
2009-04-28 17:39 27,648 a------- c:\windows\system32\lmppcsetup.exe
2009-04-28 17:25 104,960 a------- c:\windows\system32\ntdll64.exe
2009-04-27 17:20 1,400 a------- c:\windows\system32\ahtn.htm
2009-04-27 17:20 4,785 a------- c:\windows\system32\warning.gif
2009-04-27 17:19 439 a------- c:\windows\system32\win32hlp.cnf
2009-04-27 17:19 104,960 a------- c:\windows\system32\dllcache\userinit.exe
2009-04-27 17:19 1 a------- c:\windows\system32\uniq.tll
2009-04-27 17:18 29,696 a------- c:\windows\system32\frmwrk32.exe
2009-04-27 17:18 29,696 a------- c:\windows\system32\loader49.exe
2009-04-27 17:13 15,000 a------- c:\windows\system32\yhs783ijfo3fe.dll
2009-04-27 17:13 21,504 a------- c:\windows\system32\ak1.exe
2009-04-27 17:08 10,752 a------- c:\windows\system32\iehelper.dll
2009-04-27 16:58 292,368 a------- c:\windows\sysguard.exe
2009-04-15 19:59 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:59 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 19:59 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-15 19:59 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-15 19:59 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:59 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:59 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 19:59 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:59 617,984 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:58 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 19:58 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-04 20:24 --d----- c:\docume~1\bryanp~1\applic~1\Acreon
2009-04-01 16:51 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-04-01 16:51 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-04-01 16:51 140,800 a------- c:\windows\system32\tm20dec.ax
2009-04-01 16:51 63,488 a------- c:\windows\system32\unam4ie.exe
2009-04-01 16:51 4,639 a------- c:\windows\system32\dllcache\mplayer2.exe
2009-04-01 16:50 194,320 a------- c:\windows\system32\qcut.dll
2009-04-01 16:50 11,776 a------- c:\windows\system32\mciqtz.drv
2009-04-01 16:50 10,240 a------- c:\windows\system32\vidx16.dll
2009-04-01 16:50 5,672 a------- c:\windows\system32\quartz.vxd
2009-04-01 16:50 4,608 a------- c:\windows\system32\w95inf32.dll
2009-04-01 16:50 2,272 a------- c:\windows\system32\w95inf16.dll
2009-04-01 16:50 --d----- C:\TELL ME MORE CJ

==================== Find3M ====================

2009-04-27 17:19 104,960 a------- c:\windows\system32\userinit.exe
2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 18:31 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 06:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:01 728,576 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 06:32 2,186,112 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:29 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 05:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 05:49 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 05:49 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 16:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll
2009-04-28 17:45 24,064 a--sh--- c:\windows\system32\autochk.dll
2006-03-23 15:18 104 ---shr-- c:\windows\system32\D1D2F33274.sys
2006-03-23 15:18 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:47:03.70 ===============

Hello.
What a mess you have here. We'll need to use Combofix.

Hello.
What a mess you have here. We'll need to use Combofix.

• Download combofix from here
  Link 1
  Link 2
  
• We need to rename Combofix before we can use it, the malware you have will block it.
  
  If you are using Firefox, make sure that your download settings are as follows:
  
  Tools->Options->Main tab
  Set to "Always ask me where to Save the files".
  
  During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  It is important you rename Combofix during the download, but not after.
  Please do not rename Combofix to other names, but only to the one indicated.
  Close any open browsers.
  
  
• We also need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (Symantec)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I did as instructed exact and it seems to me that I am virus free. How can I be sure that everything my pc had on it prior is gone now?... And... is there a way to prevent what happened to my computer in the future? Did I do something to bring the virus' on?

I can't know anything until you can post the Combofix log.

ComboFix 09-04-29.01 - Bryan Pickett 04/29/2009 16:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526.1103 [GMT -4:00]
Running from: c:\documents and settings\Bryan Pickett\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\BRYANP~1\LOCALS~1\Temp\mousehook.dll
c:\docume~1\BRYANP~1\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\All Users\Start Menu\Online Security Guide.url
c:\documents and settings\All Users\Start Menu\Security Troubleshooting.url
c:\documents and settings\Bryan Pickett\protect.dll
c:\documents and settings\Bryan Pickett\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Bryan Pickett\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\program files\Altnet
c:\program files\screensavers.com
c:\program files\screensavers.com\Wallpaper\swpstart.exe
c:\windows\IE4 Error Log.txt
c:\windows\sysguard.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\bszip.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\frmwrk32.exe
c:\windows\system32\iehelper.dll
c:\windows\system32\loader49.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\ntdll64.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\yhs783ijfo3fe.dll
c:\windows\Tasks\At1.job
c:\windows\TEMP\ntdll64.dll
c:\windows\system32\pvcgwobs.dll . . . . failed to delete
c:\windows\system32\tyudmfn.dll . . . . failed to delete

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\i386\userinit.exe

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\i386\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HAOKLPPN
-------\Legacy_SFC
-------\Service_haoklppn
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 21:39 . 2009-04-28 21:39 27648 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-21 18:25 . 2009-04-21 18:25 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-15 23:59 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:59 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-15 23:59 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 23:59 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:59 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 23:59 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:59 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:59 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:59 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:58 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-05 00:24 . 2009-04-05 00:24 -------- d-----w c:\documents and settings\Bryan Pickett\Application Data\Acreon
2009-04-05 00:23 . 2009-04-19 18:03 -------- d-----w c:\documents and settings\Bryan Pickett\Local Settings\Application Data\._Revolution_
2009-04-01 20:51 . 1998-09-02 08:28 38160 ----a-w c:\windows\system32\LMRTREND.dll
2009-04-01 20:51 . 1998-08-27 04:51 182032 ----a-w c:\windows\system32\dxtmsft3.dll
2009-04-01 20:51 . 1998-09-02 08:28 63488 ----a-w c:\windows\system32\unam4ie.exe
2009-04-01 20:51 . 2004-08-10 11:00 4639 ----a-w c:\windows\system32\dllcache\mplayer2.exe
2009-04-01 20:50 . 1998-08-17 09:21 10240 ----a-w c:\windows\system32\vidx16.dll
2009-04-01 20:50 . 1998-08-17 09:21 11776 ----a-w c:\windows\system32\mciqtz.drv
2009-04-01 20:50 . 1998-09-02 08:02 194320 ----a-w c:\windows\system32\qcut.dll
2009-04-01 20:50 . 2009-04-01 20:50 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-04-01 20:50 . 2009-04-01 20:50 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-04-01 20:50 . 2009-04-01 20:51 -------- d-----w C:\TELL ME MORE CJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 21:04 . 2006-03-27 16:51 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-29 21:02 . 2005-08-16 10:18 143872 ----a-w c:\windows\system32\pvcgwobs.dll
2009-04-29 21:01 . 2005-08-16 10:18 105472 ----a-w c:\windows\system32\zkxupuf.dll
2009-04-22 23:07 . 2008-06-08 15:19 -------- d-----w c:\program files\World of Warcraft
2009-04-04 17:07 . 2006-01-05 19:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 17:06 . 2008-09-09 22:41 -------- d-----w c:\program files\Electronic Arts
2009-03-06 14:00 . 2005-08-16 10:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 10:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-08-16 10:18 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2005-08-16 10:18 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-08-16 10:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-08-16 10:18 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-08-16 10:18 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-08-16 10:18 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2005-08-16 10:18 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2005-08-16 10:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2005-08-16 10:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 04:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-08-16 10:18 55808 ----a-w c:\windows\system32\secur32.dll
2006-03-23 19:18 . 2006-01-24 13:06 104 --sh--r c:\windows\system32\D1D2F33274.sys
2006-03-23 19:18 . 2006-01-24 13:06 4184 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51DF787E-37EC-4AF0-9634-191425954967}]
2009-04-29 21:02 143872 ----a-w c:\windows\system32\pvcgwobs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7B1ACE6-6E5A-4511-BBE6-8857A864633E}]
2004-08-10 11:00 105472 ----a-w c:\windows\system32\tyudmfn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-2-12 315392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan Pickett^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Bryan Pickett\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S0 czqcydel;czqcydel;c:\windows\system32\drivers\czqcydel.sys [2004-08-10 23424]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-03-16 101936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
WebBrowser-{07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-autochk - c:\windows\system32\autochk.dll
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll

.
------- Supplementary Scan -------
.
uStart Page = https://mail.msu.edu/imp/login.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - hxxp://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 17:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthxswvjntrd.sys 81408 bytes executable
c:\windows\system32\ovfsthxaixjxybv.dll 18432 bytes executable
c:\windows\system32\ovfsthxfvwhkywb.dat 43 bytes
c:\windows\system32\ovfsthxkvxfmqxw.dll 59904 bytes executable
c:\windows\system32\ovfsthxumqmulbt.dat 33490 bytes
c:\windows\system32\ovfsthxwbutehgb.dll 18432 bytes executable

scan completed successfully
hidden files: 6

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2843965866-2509467514-2980951161-1005\Software\SecuROM\License information*]
"datasecu"=hex:28,2e,40,a4,2a,59,55,f9,fc,0a,20,f8,2d,0e,3c,f4,ab,05,ea,59,f7,
1a,57,10,2b,6a,74,13,bb,ba,1d,47,57,3e,8d,73,92,ee,1a,4a,91,3c,2a,54,ca,67,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(436)
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\VentSrv\ventrilo_svc.exe
c:\program files\VentSrv\ventrilo_srv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Symantec AntiVirus\DoScan.exe
.
**************************************************************************
.
Completion time: 2009-04-29 17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 21:11

Pre-Run: 31,128,342,528 bytes free
Post-Run: 31,641,169,920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

280 --- E O F --- 2009-04-16 02:47

Still more to do, you really got yourself into a mess here.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
czqcydel

File::
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\pvcgwobs.dll
c:\windows\system32\tyudmfn.dll
c:\windows\system32\drivers\czqcydel.sys

DirLook::
C:\TELL ME MORE CJ

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51DF787E-37EC-4AF0-9634-191425954967}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7B1ACE6-6E5A-4511-BBE6-8857A864633E}]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Rootkit::
c:\windows\system32\drivers\ovfsthxswvjntrd.sys
c:\windows\system32\ovfsthxaixjxybv.dll
c:\windows\system32\ovfsthxfvwhkywb.dat
c:\windows\system32\ovfsthxkvxfmqxw.dll
c:\windows\system32\ovfsthxumqmulbt.dat
c:\windows\system32\ovfsthxwbutehgb.dll

DDS::
DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - hxxp://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Sorry took me a while to get back to ya again. Here's the next combofix log.

ComboFix 09-04-29.01 - Bryan Pickett 05/04/2009 12:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526.1017 [GMT -4:00]
Running from: c:\documents and settings\Bryan Pickett\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Bryan Pickett\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\czqcydel.sys
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\pvcgwobs.dll
c:\windows\system32\tyudmfn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\czqcydel.sys
c:\windows\system32\ovfsthxfvwhkywb.dat
c:\windows\system32\ovfsthxkvxfmqxw.dll
c:\windows\system32\ovfsthxumqmulbt.dat
c:\windows\system32\pvcgwobs.dll
c:\windows\system32\tyudmfn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CZQCYDEL
-------\Service_czqcydel


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-5-4 )))))))))))))))))))))))))))))))
.

2009-05-01 20:07 . 2009-05-01 20:07 -------- d-----w c:\program files\Norton Support
2009-05-01 19:41 . 2009-03-12 08:42 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-05-01 19:41 . 2009-05-01 19:51 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-05-01 19:41 . 2009-05-01 19:51 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-01 19:41 . 2009-05-01 19:56 -------- d-----w c:\windows\system32\drivers\NIS
2009-05-01 19:41 . 2009-05-01 19:41 -------- d-----w c:\program files\Norton Internet Security
2009-05-01 19:41 . 2009-05-01 19:41 -------- d-----w c:\program files\Windows Sidebar
2009-05-01 19:41 . 2009-05-01 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-01 19:39 . 2009-05-01 19:39 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-01 19:39 . 2009-05-01 19:39 -------- d-----w c:\program files\NortonInstaller
2009-04-21 18:25 . 2009-04-21 18:25 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-15 23:59 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:59 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-15 23:59 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 23:59 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:59 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 23:59 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:59 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:59 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:59 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:58 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-05 00:24 . 2009-04-05 00:24 -------- d-----w c:\documents and settings\Bryan Pickett\Application Data\Acreon
2009-04-05 00:23 . 2009-05-02 00:15 -------- d-----w c:\documents and settings\Bryan Pickett\Local Settings\Application Data\._Revolution_

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 16:26 . 2005-08-16 10:18 23424 ----a-w c:\windows\system32\drivers\pkywidyh.sys
2009-05-02 00:12 . 2008-06-08 15:19 -------- d-----w c:\program files\World of Warcraft
2009-05-01 20:18 . 2006-03-27 16:51 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-01 19:51 . 2009-05-01 19:41 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-01 19:51 . 2009-05-01 19:41 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-01 19:51 . 2006-03-27 16:51 -------- d-----w c:\program files\Symantec
2009-05-01 19:22 . 2006-03-27 16:51 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-29 21:01 . 2005-08-16 10:18 105472 ----a-w c:\windows\system32\zkxupuf.dll
2009-04-04 17:07 . 2006-01-05 19:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 17:06 . 2008-09-09 22:41 -------- d-----w c:\program files\Electronic Arts
2009-04-01 20:50 . 2009-04-01 20:50 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-04-01 20:50 . 2009-04-01 20:50 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-03-06 14:00 . 2005-08-16 10:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 10:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-08-16 10:18 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2005-08-16 10:18 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-08-16 10:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-08-16 10:18 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-08-16 10:18 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-08-16 10:18 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2005-08-16 10:18 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2005-08-16 10:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2005-08-16 10:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 04:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-08-16 10:18 55808 ----a-w c:\windows\system32\secur32.dll
2006-03-23 19:18 . 2006-01-24 13:06 104 --sh--r c:\windows\system32\D1D2F33274.sys
2006-03-23 19:18 . 2006-01-24 13:06 4184 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\TELL ME MORE CJ ----

2009-04-01 20:58 . 2009-04-01 21:46 668 ----a-w c:\tell me more cj\Users\BRYAN00\Count.dat
2009-04-01 20:58 . 2009-04-01 20:58 25 ----a-w c:\tell me more cj\Users\BRYAN00\MailBox\Mailbox.inv
2009-04-01 20:57 . 2009-04-01 20:57 32 ----a-w c:\tell me more cj\Users\BRYAN00\script.aur
2009-04-01 20:56 . 2009-04-01 20:56 43172 ----a-w c:\tell me more cj\Users\BRYAN00\wav\Q4R2P1.wav
2009-04-01 20:56 . 2009-04-01 20:56 47132 ----a-w c:\tell me more cj\Users\BRYAN00\wav\Q3R1P1.wav
2009-04-01 20:56 . 2009-04-01 20:56 64292 ----a-w c:\tell me more cj\Users\BRYAN00\wav\Q2R1P1.wav
2009-04-01 20:56 . 2009-04-01 20:56 79692 ----a-w c:\tell me more cj\Users\BRYAN00\wav\Q1R1P1.wav
2009-04-01 20:52 . 2009-04-01 20:52 106 ----a-w c:\tell me more cj\bin\Temp\ASR1602\user\JPN10001\Pack4b97\package.ini
2009-04-01 20:52 . 2009-04-01 20:52 4720 ----a-w c:\tell me more cj\bin\Temp\ASR1602\user\JPN10001\Pack4b97\userlex.ulx
2009-04-01 20:52 . 2009-04-01 20:52 117 ----a-w c:\tell me more cj\bin\Temp\ASR1602\user\JPN10001\user.ini
2009-04-01 20:52 . 2009-04-01 20:52 98 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax3\syntax.ini
2009-04-01 20:52 . 2009-04-01 20:52 31 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax2\iws.slx
2009-04-01 20:52 . 2009-04-01 20:52 38 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax2\iws.syn
2009-04-01 20:52 . 2009-04-01 20:52 97 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax2\syntax.ini
2009-04-01 20:52 . 2009-04-01 20:52 86 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax3\kws.slx
2009-04-01 20:52 . 2009-04-01 20:52 66 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax3\kws.syn
2009-04-01 20:52 . 2009-04-01 20:52 722 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax1\condig.slx
2009-04-01 20:52 . 2009-04-01 20:52 42 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax1\condig.syn
2009-04-01 20:52 . 2009-04-01 20:52 102 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\Syntax1\syntax.ini
2009-04-01 20:52 . 2009-04-01 20:52 299 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\dict1.dct
2009-04-01 20:52 . 2009-04-01 20:52 336896 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\JPJG2P60.DLL
2009-04-01 20:52 . 2009-04-01 20:52 930258 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\jpn_jpn.lng
2009-04-01 20:52 . 2009-04-01 20:52 63248 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\jpn_jpn.sus
2009-04-01 20:52 . 2009-04-01 20:52 657 ----a-w c:\tell me more cj\bin\Temp\ASR1602\lang\JPN_JPN\language.ini
2009-04-01 20:52 . 2009-04-01 20:52 5927 ----a-w c:\tell me more cj\bin\Temp\ASR1602\asr1602.dat
2009-04-01 20:52 . 2009-04-01 20:52 32 ----a-w c:\tell me more cj\bin\Temp\ASR1602\asr1602.ini
2009-04-01 20:52 . 2009-04-01 20:52 48 ----a-w c:\tell me more cj\bin\Temp\ASR1602\asr16DEC.ini
2009-04-01 20:52 . 2009-04-01 20:52 376 ----a-w c:\tell me more cj\bin\Temp\ASR1602\database.ini
2009-04-01 20:52 . 2009-04-01 20:52 87 ----a-w c:\tell me more cj\bin\Temp\ASR1602\userdata.ini
2009-04-01 20:52 . 2009-04-01 21:46 16384 ----a-w c:\tell me more cj\Users\BRYAN00\Tracking.atf
2009-04-01 20:52 . 2009-04-01 21:46 1471 ----a-w c:\tell me more cj\Users\BRYAN00\options.ini
2009-04-01 20:51 . 2009-04-01 20:52 16 ----a-w c:\tell me more cj\Users\UserList.dat
2009-04-01 20:51 . 2009-04-01 20:51 0 ----a-w c:\tell me more cj\bin\Temp\intro1.tmp
2009-04-01 20:51 . 2009-04-01 20:51 10682 ----a-w c:\tell me more cj\UnSetup.aui
2009-04-01 20:50 . 2003-03-31 09:51 299008 ----a-w c:\tell me more cj\bin\ame45.lan
2009-04-01 20:50 . 2002-01-04 08:35 663470 ----a-w c:\tell me more cj\bin\angum.pdf
2009-04-01 20:50 . 2001-07-26 16:20 6531 ----a-w c:\tell me more cj\bin\ang.cnt
2009-04-01 20:50 . 2001-07-26 16:20 1040438 ----a-w c:\tell me more cj\bin\ang.hlp
2009-04-01 20:50 . 2003-04-01 14:30 171 ----a-w c:\tell me more cj\bin\readme.txt
2009-04-01 20:50 . 2003-04-02 14:04 1453 ----a-w c:\tell me more cj\bin\pupildef.ini
2009-04-01 20:50 . 2009-04-01 21:46 537 ----a-w c:\tell me more cj\bin\tmm.ini
2009-04-01 20:50 . 2009-04-01 20:50 2912304 ----a-w c:\tell me more cj\bin\tmm.exe
2009-04-01 20:50 . 2009-04-01 20:50 108961 ----a-w c:\tell me more cj\bin\Intro1.png

2009-04-01 20:50 . 2009-04-01 20:50 28672 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\tosexe.exe
2009-04-01 20:50 . 2009-04-01 20:50 28672 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\tos.dll
2009-04-01 20:50 . 2009-04-01 20:50 192512 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\spi1602.dll
2009-04-01 20:50 . 2009-04-01 20:50 8192 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\sharemem.dll
2009-04-01 20:50 . 2009-04-01 20:50 32768 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\spe1602.dll
2009-04-01 20:50 . 2009-04-01 20:50 27648 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\SH22W32.DLL
2009-04-01 20:50 . 2009-04-01 20:50 49152 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\p2su.dll
2009-04-01 20:50 . 2009-04-01 20:50 12288 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\nameseao.dll
2009-04-01 20:50 . 2009-04-01 20:50 69632 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\p2sp.dll
2009-04-01 20:50 . 2009-04-01 20:50 77878 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\MSVCIRT.DLL
2009-04-01 20:50 . 2009-04-01 20:50 94208 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\msgramco.dll
2009-04-01 20:50 . 2009-04-01 20:50 24576 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\exphdecw.dll
2009-04-01 20:50 . 2009-04-01 20:50 184320 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\grammar.dll
2009-04-01 20:50 . 2009-04-01 20:50 20480 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\exphdeca.dll
2009-04-01 20:50 . 2009-04-01 20:50 36864 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\encio.dll
2009-04-01 20:50 . 2009-04-01 20:50 12288 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\debugout.dll
2009-04-01 20:50 . 2009-04-01 20:50 172032 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\cw3215mt.DLL
2009-04-01 20:50 . 2009-04-01 20:50 143360 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\clgramco.dll
2009-04-01 20:50 . 2009-04-01 20:50 40960 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\casrapi.dll
2009-04-01 20:50 . 2009-04-01 20:50 36864 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\binimp.dll
2009-04-01 20:50 . 2009-04-01 20:50 409600 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\asrapicl.dll
2009-04-01 20:50 . 2009-04-01 20:52 937 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\Asrapi.ini
2009-04-01 20:50 . 2009-04-01 20:50 86016 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\asr1602.dll
2009-04-01 20:50 . 2009-04-01 20:50 12288 ----a-w c:\tell me more cj\bin\Asr1602\LhAsrBin\1602_exp.dll
2009-04-01 20:50 . 2009-04-01 20:50 81920 ----a-w c:\tell me more cj\bin\Asr1602\asr3234.dll
2009-04-01 20:50 . 2009-04-01 20:50 335872 ----a-w c:\tell me more cj\bin\LH34Int.dll
2009-04-01 20:50 . 2009-04-01 20:50 2333715 ----a-w c:\tell me more cj\bin\Fonts\Mheigbmd.tal
2009-04-01 20:50 . 2009-04-01 20:50 2331551 ----a-w c:\tell me more cj\bin\Fonts\MheigbAU.tal
2009-04-01 20:50 . 2009-04-01 20:50 2497919 ----a-w c:\tell me more cj\bin\Fonts\Hgrgmsj.tal
2009-04-01 20:50 . 2009-04-01 20:50 294672 ----a-w c:\tell me more cj\bin\riched20.dll
2009-04-01 20:50 . 2009-04-01 20:50 397824 ----a-w c:\tell me more cj\bin\E10Video.ECE
2009-04-01 20:50 . 2009-04-01 20:50 55808 ----a-w c:\tell me more cj\bin\E10Titre.ECE
2009-04-01 20:50 . 2009-04-01 20:50 19456 ----a-w c:\tell me more cj\bin\E10Pave.ECE
2009-04-01 20:50 . 2009-04-01 20:50 469504 ----a-w c:\tell me more cj\bin\E10Pron.ECE
2009-04-01 20:50 . 2009-04-01 20:50 694784 ----a-w c:\tell me more cj\bin\E10Ident.ECE
2009-04-01 20:50 . 2009-04-01 20:50 251904 ----a-w c:\tell me more cj\bin\E10Dlg.ECE
2009-04-01 20:50 . 2009-04-01 20:50 424448 ----a-w c:\tell me more cj\bin\E10DIAPO.ECE
2009-04-01 20:50 . 2009-04-01 20:50 377856 ----a-w c:\tell me more cj\bin\E10Dial.ECE
2009-04-01 20:50 . 2009-04-01 20:50 140288 ----a-w c:\tell me more cj\bin\E10Credi.ECE
2009-04-01 20:50 . 2009-04-01 20:50 428544 ----a-w c:\tell me more cj\bin\E10CHOP.ECE
2009-04-01 20:50 . 2009-04-01 20:50 378368 ----a-w c:\tell me more cj\bin\E10Choc.ECE
2009-04-01 20:50 . 2009-04-01 20:50 1171456 ----a-w c:\tell me more cj\bin\E10Barre.ECE
2009-04-01 20:50 . 2009-04-01 20:50 135168 ----a-w c:\tell me more cj\bin\E10Att.ECE
2009-04-01 20:50 . 2009-04-01 20:50 785408 ----a-w c:\tell me more cj\bin\E10Aide.ECE
2009-04-01 20:50 . 2009-04-01 20:50 131584 ----a-w c:\tell me more cj\bin\L06Video.ECE
2009-04-01 20:50 . 2009-04-01 20:50 28672 ----a-w c:\tell me more cj\bin\L06Titre.ECE
2009-04-01 20:50 . 2009-04-01 20:50 10240 ----a-w c:\tell me more cj\bin\L06Pave.ECE
2009-04-01 20:50 . 2009-04-01 20:50 158208 ----a-w c:\tell me more cj\bin\L06Pron.ECE
2009-04-01 20:50 . 2009-04-01 20:50 244224 ----a-w c:\tell me more cj\bin\L06Ident.ECE
2009-04-01 20:50 . 2009-04-01 20:50 77312 ----a-w c:\tell me more cj\bin\L06Dlg.ECE
2009-04-01 20:50 . 2009-04-01 20:50 95232 ----a-w c:\tell me more cj\bin\L06DIAPO.ECE
2009-04-01 20:50 . 2009-04-01 20:50 123392 ----a-w c:\tell me more cj\bin\L06Dial.ECE
2009-04-01 20:50 . 2009-04-01 20:50 44032 ----a-w c:\tell me more cj\bin\L06Credi.ECE
2009-04-01 20:50 . 2009-04-01 20:50 124416 ----a-w c:\tell me more cj\bin\L06CHOP.ECE
2009-04-01 20:50 . 2009-04-01 20:50 150016 ----a-w c:\tell me more cj\bin\L06Choc.ECE
2009-04-01 20:50 . 2009-04-01 20:50 561152 ----a-w c:\tell me more cj\bin\L06Barre.ECE
2009-04-01 20:50 . 2009-04-01 20:50 50688 ----a-w c:\tell me more cj\bin\L06Att.ECE
2009-04-01 20:50 . 2009-04-01 20:50 287232 ----a-w c:\tell me more cj\bin\L06Aide.ECE
2009-04-01 20:50 . 2009-04-01 20:50 290304 ----a-w c:\tell me more cj\bin\E10ChiSynth.ECE
2009-04-01 20:50 . 2009-04-01 20:50 851456 ----a-w c:\tell me more cj\bin\E10ChiOpt.ECE
2009-04-01 20:50 . 2009-04-01 20:50 172032 ----a-w c:\tell me more cj\bin\E10CHIGraDi.ECE
2009-04-01 20:50 . 2009-04-01 20:50 1828864 ----a-w c:\tell me more cj\bin\E10ChiExo.ECE
2009-04-01 20:50 . 2009-04-01 20:50 1099264 ----a-w c:\tell me more cj\bin\E10ChiBarre.ECE
2009-04-01 20:50 . 2009-04-01 20:50 3421184 ----a-w c:\tell me more cj\bin\E10CHIAcc.ECE
2009-04-01 20:50 . 2009-04-01 20:50 122368 ----a-w c:\tell me more cj\bin\L06ChiSynth.ECE
2009-04-01 20:50 . 2009-04-01 20:50 341504 ----a-w c:\tell me more cj\bin\L06ChiOpt.ECE
2009-04-01 20:50 . 2009-04-01 20:50 74752 ----a-w c:\tell me more cj\bin\L06CHIGraDi.ECE
2009-04-01 20:50 . 2009-04-01 20:50 662016 ----a-w c:\tell me more cj\bin\L06ChiExo.ECE
2009-04-01 20:50 . 2009-04-01 20:50 524288 ----a-w c:\tell me more cj\bin\L06ChiBarre.ECE
2009-04-01 20:50 . 2009-04-01 20:50 2003968 ----a-w c:\tell me more cj\bin\L06CHIAcc.ECE
2009-04-01 20:50 . 2009-04-01 20:50 270848 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\SPA_EL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 333824 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\ITA_IL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 313344 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\GER_DL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 379904 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\FRE_FL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 699392 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\ENG_UL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 625152 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\ENG_GL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 183296 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\G2P\DUT_NL50.DLL
2009-04-01 20:50 . 2009-04-01 20:50 108544 ----a-w c:\tell me more cj\bin\Asr1600\Lhsp\Ttsdct32.dll
2009-04-01 20:50 . 2009-04-01 20:50 24576 ----a-w c:\tell me more cj\bin\Asr1600\TOSEXE.EXE
2009-04-01 20:50 . 2009-04-01 20:50 28672 ----a-w c:\tell me more cj\bin\Asr1600\TOS.DLL
2009-04-01 20:50 . 2009-04-01 20:50 39936 ----a-w c:\tell me more cj\bin\Asr1600\SPE1600.DLL
2009-04-01 20:50 . 2009-04-01 20:50 163840 ----a-w c:\tell me more cj\bin\Asr1600\SPI1600.DLL
2009-04-01 20:50 . 2009-04-01 20:50 8192 ----a-w c:\tell me more cj\bin\Asr1600\SHAREMEM.DLL
2009-04-01 20:50 . 2009-04-01 20:50 27648 ----a-w c:\tell me more cj\bin\Asr1600\SH22W32.DLL
2009-04-01 20:50 . 2009-04-01 20:50 12288 ----a-w c:\tell me more cj\bin\Asr1600\NAMESEAO.DLL
2009-04-01 20:50 . 2009-04-01 20:50 65536 ----a-w c:\tell me more cj\bin\Asr1600\P2SP.DLL
2009-04-01 20:50 . 2009-04-01 20:50 77878 ----a-w c:\tell me more cj\bin\Asr1600\MSVCIRT.DLL
2009-04-01 20:50 . 2009-04-01 20:50 200704 ----a-w c:\tell me more cj\bin\Asr1600\GRAMMAR.DLL
2009-04-01 20:50 . 2009-04-01 20:50 56740 ----a-w c:\tell me more cj\bin\Asr1600\DEBUGOUT.DLL
2009-04-01 20:50 . 2009-04-01 20:50 36864 ----a-w c:\tell me more cj\bin\Asr1600\ENCIO.DLL
2009-04-01 20:50 . 2009-04-01 20:50 167936 ----a-w c:\tell me more cj\bin\Asr1600\CW3215.DLL
2009-04-01 20:50 . 2009-04-01 20:50 36864 ----a-w c:\tell me more cj\bin\Asr1600\CASRAPI.DLL
2009-04-01 20:50 . 2009-04-01 20:50 36864 ----a-w c:\tell me more cj\bin\Asr1600\BINIMP.DLL
2009-04-01 20:50 . 2009-04-01 20:50 2940 ----a-w c:\tell me more cj\bin\Asr1600\ASRAPI.INI
2009-04-01 20:50 . 2009-04-01 20:50 421888 ----a-w c:\tell me more cj\bin\Asr1600\ASRAPICL.DLL
2009-04-01 20:50 . 2009-04-01 20:50 114688 ----a-w c:\tell me more cj\bin\Asr1600\ASR1600.DLL
2009-04-01 20:50 . 2009-04-01 20:50 77824 ----a-w c:\tell me more cj\bin\ASR32313.DLL
2009-04-01 20:50 . 2009-04-01 20:50 7414 ----a-w c:\tell me more cj\bin\TONE.WAV
2009-04-01 20:50 . 2009-04-01 20:50 886900 ----a-w c:\tell me more cj\bin\PENDU1.WAV
2009-04-01 20:50 . 2009-04-01 20:50 240342 ----a-w c:\tell me more cj\bin\GOOD5.WAV
2009-04-01 20:50 . 2009-04-01 20:50 222734 ----a-w c:\tell me more cj\bin\GOOD4.WAV
2009-04-01 20:50 . 2009-04-01 20:50 210514 ----a-w c:\tell me more cj\bin\GOOD3.WAV
2009-04-01 20:50 . 2009-04-01 20:50 366102 ----a-w c:\tell me more cj\bin\GOOD2.WAV
2009-04-01 20:50 . 2009-04-01 20:50 82310 ----a-w c:\tell me more cj\bin\GOOD1.WAV
2009-04-01 20:50 . 2009-04-01 20:50 121134 ----a-w c:\tell me more cj\bin\Bad8.wav
2009-04-01 20:50 . 2009-04-01 20:50 262282 ----a-w c:\tell me more cj\bin\Bad7.wav
2009-04-01 20:50 . 2009-04-01 20:50 215388 ----a-w c:\tell me more cj\bin\Bad6.wav
2009-04-01 20:50 . 2009-04-01 20:50 209454 ----a-w c:\tell me more cj\bin\Bad5.wav
2009-04-01 20:50 . 2009-04-01 20:50 126510 ----a-w c:\tell me more cj\bin\Bad4.wav
2009-04-01 20:50 . 2009-04-01 20:50 318510 ----a-w c:\tell me more cj\bin\Bad3.wav
2009-04-01 20:50 . 2009-04-01 20:50 114142 ----a-w c:\tell me more cj\bin\BAD2.WAV
2009-04-01 20:50 . 2009-04-01 20:50 158050 ----a-w c:\tell me more cj\bin\BAD1.WAV
2009-04-01 20:50 . 2009-04-01 20:50 865 ----a-w c:\tell me more cj\bin\PALETTE.PNG
2009-04-01 20:50 . 2009-04-01 20:50 550 ----a-w c:\tell me more cj\bin\PALPHON.PNG
2009-04-01 20:50 . 2009-04-01 20:50 867 ----a-w c:\tell me more cj\bin\PALACC.PNG
2009-04-01 20:50 . 2009-04-01 20:50 887 ----a-w c:\tell me more cj\bin\PALBANDE.PNG
2009-04-01 20:50 . 2009-04-01 20:50 924 ----a-w c:\tell me more cj\bin\PALCHOIX.PNG
2009-04-01 20:50 . 2009-04-01 20:50 9550 ----a-w c:\tell me more cj\bin\FONMENUE.PNG
2009-04-01 20:50 . 2009-04-01 20:50 4316 ----a-w c:\tell me more cj\bin\FONMENUL.PNG
2009-04-01 20:50 . 2009-04-01 20:50 10207 ----a-w c:\tell me more cj\bin\FONDLGSE.PNG
2009-04-01 20:50 . 2009-04-01 20:50 32107 ----a-w c:\tell me more cj\bin\FONDLGSL.PNG
2009-04-01 20:50 . 2009-04-01 20:50 11845 ----a-w c:\tell me more cj\bin\FONDLGE.PNG
2009-04-01 20:50 . 2009-04-01 20:50 24620 ----a-w c:\tell me more cj\bin\FONDLGL.PNG
2009-04-01 20:50 . 2009-04-01 20:50 21724 ----a-w c:\tell me more cj\bin\FONDLGCE.PNG
2009-04-01 20:50 . 2009-04-01 20:50 27564 ----a-w c:\tell me more cj\bin\FONDLGCL.PNG
2009-04-01 20:50 . 2009-04-01 20:50 705372 ----a-w c:\tell me more cj\bin\Fonts\Times.tal
2009-04-01 20:50 . 2009-04-01 20:50 711016 ----a-w c:\tell me more cj\bin\Fonts\Courier.tal
2009-04-01 20:50 . 2009-04-01 20:50 59087 ----a-w c:\tell me more cj\bin\Fonts\AuraPhone.tal
2009-04-01 20:50 . 2009-04-01 20:50 586356 ----a-w c:\tell me more cj\bin\Fonts\Arial.tal
2009-04-01 20:50 . 2009-04-01 20:50 77824 ----a-w c:\tell me more cj\bin\zlib.dll
2009-04-01 20:50 . 2009-04-01 20:50 792204 ----a-w c:\tell me more cj\bin\Vocablos.dic
2009-04-01 20:50 . 2009-04-01 20:50 204800 ----a-w c:\tell me more cj\bin\Unsetup.exe
2009-04-01 20:50 . 2009-04-01 20:50 188416 ----a-w c:\tell me more cj\bin\Trace.dll
2009-04-01 20:50 . 2009-04-01 20:50 129536 ----a-w c:\tell me more cj\bin\snf.dll
2009-04-01 20:50 . 2009-04-01 20:50 174352 ----a-w c:\tell me more cj\bin\RichEd32.dll
2009-04-01 20:50 . 2009-04-01 20:50 1441857 ----a-w c:\tell me more cj\bin\Receiver.exe
2009-04-01 20:50 . 2009-04-01 20:50 174352 ----a-w c:\tell me more cj\bin\RchedTUR.dll
2009-04-01 20:50 . 2009-04-01 20:50 174352 ----a-w c:\tell me more cj\bin\RchedPOL.dll
2009-04-01 20:50 . 2009-04-01 20:50 174352 ----a-w c:\tell me more cj\bin\RchedJPN.dll
2009-04-01 20:50 . 2009-04-01 20:50 174352 ----a-w c:\tell me more cj\bin\RchedHUN.dll
2009-04-01 20:50 . 2009-04-01 20:50 174352 ----a-w c:\tell me more cj\bin\RchEdGRE.dll
2009-04-01 20:50 . 2009-04-01 20:50 197392 ----a-w c:\tell me more cj\bin\RchedCHT.dll
2009-04-01 20:50 . 2009-04-01 20:50 194560 ----a-w c:\tell me more cj\bin\RchEdCHS.dll
2009-04-01 20:50 . 2009-04-01 20:50 266293 ----a-w c:\tell me more cj\bin\MSVCRT.DLL
2009-04-01 20:50 . 2009-04-01 20:50 401462 ----a-w c:\tell me more cj\bin\MSVCP60.DLL
2009-04-01 20:50 . 2009-04-01 20:50 77878 ----a-w c:\tell me more cj\bin\MSVCIRT.DLL
2009-04-01 20:50 . 2009-04-01 20:50 1667210 ----a-w c:\tell me more cj\bin\MoteurFrancais.dll
2009-04-01 20:50 . 2009-04-01 20:50 995328 ----a-w c:\tell me more cj\bin\MoteurEspagnol.dll
2009-04-01 20:50 . 2009-04-01 20:50 995383 ----a-w c:\tell me more cj\bin\MFC42.DLL
2009-04-01 20:50 . 2009-04-01 20:50 425984 ----a-w c:\tell me more cj\bin\LibImg.dll
2009-04-01 20:50 . 2009-04-01 20:50 311296 ----a-w c:\tell me more cj\bin\LH16Int.dll
2009-04-01 20:50 . 2009-04-01 20:50 450560 ----a-w c:\tell me more cj\bin\INSOsh.dll
2009-04-01 20:50 . 2009-04-01 20:50 3289885 ----a-w c:\tell me more cj\bin\Grammar.lex
2009-04-01 20:50 . 2009-04-01 20:50 1511769 ----a-w c:\tell me more cj\bin\GEN3MEN0.DAT
2009-04-01 20:50 . 2009-04-01 20:50 79984 ----a-w c:\tell me more cj\bin\gapi32.dll
2009-04-01 20:50 . 2009-04-01 20:50 217145 ----a-w c:\tell me more cj\bin\CorrectorMS.dll
2009-04-01 20:50 . 2009-04-01 20:50 815173 ----a-w c:\tell me more cj\bin\CorrectorLH.dll
2009-04-01 20:50 . 2009-04-01 20:50 602181 ----a-w c:\tell me more cj\bin\CorrectorES.dll
2009-04-01 20:50 . 2009-04-01 20:50 1761532 ----a-w c:\tell me more cj\bin\corr101.dic
2009-04-01 20:50 . 2009-04-01 20:50 1080600 ----a-w c:\tell me more cj\bin\CorLex.dic
2009-04-01 20:50 . 2009-04-01 20:50 143360 ----a-w c:\tell me more cj\bin\ConjuITA.dll
2009-04-01 20:50 . 2009-04-01 20:50 114688 ----a-w c:\tell me more cj\bin\ConjuFRA.dll
2009-04-01 20:50 . 2009-04-01 20:50 122880 ----a-w c:\tell me more cj\bin\ConjuESP.dll
2009-04-01 20:50 . 2009-04-01 20:50 118784 ----a-w c:\tell me more cj\bin\ConjuDUT.dll
2009-04-01 20:50 . 2009-04-01 20:50 69632 ----a-w c:\tell me more cj\bin\ConjuANG.dll
2009-04-01 20:50 . 2009-04-01 20:50 69632 ----a-w c:\tell me more cj\bin\ConjuAME.dll
2009-04-01 20:50 . 2009-04-01 20:50 188416 ----a-w c:\tell me more cj\bin\ConjuALL.dll

((((((((((((((((((((((((((((( SnapShot@2009-04-29_21.06.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-04 16:33 . 2009-05-04 16:33 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat
+ 2009-05-01 19:51 . 2009-03-12 08:43 39984 c:\windows\system32\drivers\NIS\1005000.087\symndisv.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 37296 c:\windows\system32\drivers\NIS\1005000.087\symndis.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 34736 c:\windows\system32\drivers\NIS\1005000.087\symids.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 89776 c:\windows\system32\drivers\NIS\1005000.087\symfw.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 43696 c:\windows\system32\drivers\NIS\1005000.087\srtspx.sys
- 2006-01-14 08:31 . 2009-04-29 21:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-01-14 08:31 . 2009-05-01 19:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-01-14 08:31 . 2009-04-29 21:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-01-14 08:31 . 2009-05-01 19:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-14 08:31 . 2009-04-29 21:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-01-14 08:31 . 2009-05-01 19:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-27 17:12 . 2009-04-29 23:26 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-05-01 19:51 . 2009-03-12 08:43 217392 c:\windows\system32\drivers\NIS\1005000.087\symtdi.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 310320 c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 307760 c:\windows\system32\drivers\NIS\1005000.087\srtsp.sys
+ 2009-05-01 19:51 . 2009-05-01 19:51 482352 c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys
+ 2009-05-01 19:51 . 2009-03-12 08:43 258608 c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys
+ 2006-03-27 17:12 . 2009-04-29 23:26 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-03-27 17:12 . 2009-04-29 23:26 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-03-27 17:12 . 2009-04-16 02:45 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-2-12 315392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan Pickett^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Bryan Pickett\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-05-01 482352]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - CZQCYDEL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = https://mail.msu.edu/imp/login.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 12:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2843965866-2509467514-2980951161-1005\Software\SecuROM\License information*]
"datasecu"=hex:28,2e,40,a4,2a,59,55,f9,fc,0a,20,f8,2d,0e,3c,f4,ab,05,ea,59,f7,
1a,57,10,2b,6a,74,13,bb,ba,1d,47,57,3e,8d,73,92,ee,1a,4a,91,3c,2a,54,ca,67,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\VentSrv\ventrilo_svc.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\VentSrv\ventrilo_srv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-04 12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 16:38
ComboFix2.txt 2009-04-29 21:11

Pre-Run: 31,728,250,880 bytes free
Post-Run: 31,756,283,904 bytes free

485 --- E O F --- 2009-04-29 23:26

One more round, then that should do it.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
CZQCYDEL

File::
c:\windows\system32\drivers\pkywidyh.sys

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Belahzur wrote:

I can't know anything until you can post the Combofix log.

I also had the same issue with my computer and I read the posts that you sent delete the items. Can you also let me know if i have all the infected files deleted? i would really appreciate it.
Here's the next combofix log.

ComboFix 09-05-08.03 - MO 05/08/2009 21:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.504.101 [GMT -4:00]
Running from: c:\documents and settings\MO\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\sysguard.exe
c:\windows\system32\iehelper.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.

2009-05-06 10:00 . 2009-05-06 10:00 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\SupportSoft
2009-05-06 07:05 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-06 07:05 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-06 07:05 . 2009-05-06 07:05 -------- d-----w c:\windows\system32\KB905474
2009-04-10 16:10 . 2009-05-08 17:07 -------- d--h--w C:\$AVG8.VAULT$
2009-04-09 19:09 . 2009-05-01 13:30 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-09 19:09 . 2009-05-01 13:30 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-09 19:09 . 2009-05-01 13:30 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-09 19:09 . 2009-05-08 22:37 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-09 19:09 . 2009-05-06 16:00 -------- d-----w c:\documents and settings\MO\Application Data\AVGTOOLBAR
2009-04-09 19:08 . 2009-04-09 19:08 -------- d-----w c:\program files\AVG
2009-04-09 19:08 . 2009-04-09 19:08 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 01:01 . 2007-07-06 20:20 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-30 18:11 . 2009-04-30 18:11 0 ----a-w C:\LOG60A.tmp
2009-04-26 23:51 . 2007-07-11 21:59 78240 -c--a-w c:\documents and settings\MO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 15:05 . 2007-07-07 02:55 -------- d-----w c:\program files\Common Files\Adobe
2009-04-25 14:40 . 2008-10-26 22:41 -------- d-----w c:\program files\Free Ride Games
2009-04-24 17:55 . 2008-07-24 03:10 -------- d-----w c:\program files\NokiaFREE Unlock Codes Calculator
2009-04-22 18:58 . 2008-06-01 16:32 -------- d-----w c:\program files\Google
2009-04-22 13:36 . 2009-04-22 13:36 0 ----a-w C:\LOG44D.tmp
2009-04-20 02:30 . 2009-04-20 02:30 0 ----a-w C:\LOG238.tmp
2009-04-17 15:25 . 2009-04-17 15:25 0 ----a-w C:\LOG4A7.tmp
2009-04-10 13:13 . 2009-04-10 13:13 0 ----a-w C:\LOG1B1.tmp
2009-04-03 11:07 . 2008-12-31 22:25 -------- d-----w c:\program files\FrostWire
2009-03-27 03:52 . 2009-03-27 03:52 0 ----a-w C:\LOGB44D.tmp
2009-03-23 15:31 . 2009-03-23 15:31 0 ----a-w C:\LOG13F6.tmp
2009-03-18 13:38 . 2009-03-18 13:38 0 ----a-w C:\LOG767B.tmp
2009-03-17 13:44 . 2009-03-17 13:44 0 ----a-w C:\LOG6BD.tmp
2009-03-12 14:26 . 2009-03-12 14:26 0 ----a-w C:\LOG198A.tmp
2009-03-10 00:25 . 2009-03-10 00:25 0 ----a-w C:\LOG57F9.tmp
2009-03-06 14:44 . 2004-08-04 04:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 19:37 . 2009-03-05 19:37 0 ----a-w C:\LOG1A14.tmp
2009-03-04 11:32 . 2009-03-04 11:32 0 ----a-w C:\LOG19E7.tmp
2009-03-03 00:18 . 2004-08-04 04:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-25 04:48 . 2009-02-25 04:48 0 ----a-w C:\LOG8416.tmp
2009-02-24 14:32 . 2009-02-24 14:32 0 ----a-w C:\LOG8286.tmp
2009-02-23 17:37 . 2009-02-23 17:37 0 ----a-w C:\LOG8021.tmp
2009-02-20 18:09 . 2004-08-04 04:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 16:54 . 2009-04-28 02:04 195288 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-02-19 16:12 . 2009-02-19 16:12 0 ------w C:\LOG2D.tmp
2009-02-19 07:41 . 2009-02-19 07:41 0 ------w C:\LOGEC1.tmp
2009-02-12 05:03 . 2008-09-17 01:08 256 -c--a-w c:\windows\system32\pool.bin
2009-02-09 15:48 . 2009-02-09 15:48 0 ------w C:\LOG3185.tmp
2009-02-09 10:20 . 2004-08-04 04:56 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-04 04:56 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-04 04:56 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-04 04:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:19 . 2004-08-04 03:17 1846272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 03:08 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-06-17 2057728]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2008-08-13 3244032]
"PC SpeedScan Pro"="c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2008-08-21 2093056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-04 1695744]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-06 185632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"au"="c:\program files\Dealio\DealioAU.exe" [2007-10-09 492896]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-06-17 2057728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\MO\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-7-25 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-01 13:30 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/9/2009 3:09 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/9/2009 3:09 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/9/2009 3:08 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/18/2008 9:10 PM 24652]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [10/26/2008 6:41 PM 29856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/6/2009 9:03 PM 101936]
S2 gupdate1c8c405274a01c2;Google Update Service (gupdate1c8c405274a01c2);c:\program files\Google\Update\GoogleUpdate.exe [7/15/2008 9:09 PM 133104]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 6:34 AM 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9b24f4-cd69-11dd-b63d-000ea60eb10b}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-05-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 22:34]

2009-05-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - c:\windows\system32\iehelper.dll
HKCU-Run-ares - c:\program files\Ares\Ares.exe

Here is the rest:

---- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/comcast.html
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: Compare Prices with &Dealio - c:\documents and settings\MO\Application Data\Dealio\kb124\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MO\Application Data\Mozilla\Firefox\Profiles\2eauyr0w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\MO\Application Data\Mozilla\Firefox\Profiles\2eauyr0w.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 21:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-113007714-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1202660629-113007714-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1202660629-113007714-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1202660629-113007714-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
Completion time: 2009-05-09 21:11
ComboFix-quarantined-files.txt 2009-05-09 01:10

Pre-Run: 6,030,262,272 bytes free
Post-Run: 6,241,120,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

235 --- E O F --- 2009-05-06 07:05

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.