Tech Support Forum - View Single Post - system locked out of internet, no antiviruses will run

botbry · 05-21-2009, 06:58 PM

i hope you get my PM and reopen this because i had stated i would be on a trip and not have access to my computer. so here is the ComboFix log just in case.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 09-05-21.01 - Owner 05/21/2009 21:21.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1401 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\90fc5d76-97ca-4672-8bac-83b4c07a141b.ocx
c:\windows\system32\106c9aad-626d-444d-8ae2-ea706d4f42c6.dll
c:\windows\system32\drivers\gxvxcqyoyupugvrrfwfngwfodrgytrqstkvlu.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcjtgebixkmwntppelkijovmcxocugmndk.dll
D:\Autorun.inf
D:\Desktop.ini
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-17 06:04 . 2009-05-17 06:04 -------- d-----w c:\program files\Xvid
2009-05-17 06:04 . 2008-12-05 01:46 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-17 06:04 . 2008-12-05 01:42 815104 ----a-w c:\windows\system32\xvidcore.dll
2009-05-17 05:53 . 2009-05-17 06:04 3532 ----a-w C:\drmHeader.bin
2009-05-16 02:30 . 2009-05-18 02:42 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle FaceCreator
2009-05-16 02:30 . 2009-05-21 18:18 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games
2009-05-16 01:41 . 2009-05-16 01:41 -------- d-----w c:\program files\Encore
2009-05-15 18:42 . 2009-05-15 19:03 -------- d-----w c:\program files\VirtualDJ
2009-05-15 18:38 . 2009-05-15 18:38 -------- d-----w c:\program files\Free Fire Screensaver
2009-05-15 18:37 . 2009-05-15 18:37 -------- d-----w c:\documents and settings\Owner\Application Data\Laconic Software
2009-05-15 07:01 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-05-15 07:01 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-05-14 23:55 . 2009-05-22 01:04 -------- d-----w c:\program files\PeerGuardian2
2009-05-14 23:45 . 2003-03-29 20:45 89184 ----a-w c:\windows\system32\drivers\imagedrv.sys
2009-05-14 23:45 . 2001-07-06 22:24 283920 ----a-w c:\windows\system32\ImagXpr5.dll
2009-05-14 23:45 . 2001-07-06 18:41 569344 ----a-w c:\windows\system32\imagr5.dll
2009-05-14 23:45 . 2001-07-06 16:44 544768 ----a-w c:\windows\system32\imagx5.dll
2009-05-14 23:45 . 2001-06-26 12:15 38912 ----a-w c:\windows\system32\picn20.dll
2009-05-14 23:45 . 2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w c:\program files\Windows Sidebar
2009-05-14 12:24 . 2009-05-08 21:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-14 12:24 . 2009-05-08 21:35 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-14 12:24 . 2009-05-08 21:35 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-14 12:24 . 2009-05-08 21:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-14 12:24 . 2009-05-08 21:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-14 12:24 . 2009-05-08 21:35 1262880 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-05-14 12:24 . 2009-05-08 21:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-14 06:52 . 2003-01-26 17:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
2009-05-14 01:16 . 2009-05-14 01:17 -------- d-----w c:\program files\FixTunes
2009-05-14 00:58 . 2009-05-14 01:43 -------- d-----w c:\program files\TuneUpMedia
2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUpMedia
2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-05-12 07:18 . 2009-05-12 18:52 -------- d--h--w c:\windows\Icons
2009-05-12 06:47 . 2009-05-12 07:24 2328704 ----a-w c:\windows\system32\TUKernel.exe
2009-05-12 05:54 . 2009-05-12 05:54 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-12 05:54 . 2008-12-11 17:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-12 05:54 . 2009-05-12 05:54 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-12 05:54 . 2009-05-12 05:54 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software
2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-12 05:52 . 2009-05-12 05:52 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-12 03:20 . 2009-05-18 13:05 -------- d--h--w C:\$AVG8.VAULT$
2009-05-11 23:03 . 2009-05-11 23:03 -------- d-----w c:\program files\Vista Drive Icon
2009-05-11 21:33 . 2009-05-11 22:18 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\K-Meleon
2009-05-11 16:15 . 2009-05-11 16:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Opera
2009-05-10 06:51 . 2006-03-01 09:21 117248 ----a-w c:\windows\system32\ribbons.scr
2009-05-10 06:51 . 2006-03-03 18:42 117248 ----a-w c:\windows\system32\Mystify.scr
2009-05-10 06:50 . 2006-03-01 08:53 773120 ----a-w c:\windows\system32\bubbles.scr
2009-05-10 06:50 . 2006-03-01 09:21 1263616 ----a-w c:\windows\system32\aurora.scr
2009-05-10 05:14 . 2009-05-10 05:14 -------- d-----w c:\program files\IconPhile
2009-05-10 04:55 . 2009-05-10 06:21 -------- d-----w c:\documents and settings\Owner\Application Data\Styler
2009-05-10 04:44 . 2009-05-10 06:20 -------- d-----w c:\program files\Styler
2009-05-10 01:12 . 2009-05-13 04:47 -------- d-----w c:\windows\system32\briblo dir
2009-05-10 00:53 . 2009-05-10 01:31 -------- d-----w c:\windows\system32\FLIQLO dir
2009-05-10 00:53 . 2009-05-10 00:53 532480 ----a-w c:\windows\system32\FLIQLO.scr
2009-05-09 23:44 . 2009-05-09 23:44 -------- d-----w c:\program files\Stardock
2009-05-09 22:09 . 2009-05-09 22:09 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Bump Technologies, Inc
2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w c:\documents and settings\Owner\Application Data\Bump Technologies, Inc
2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
2009-05-09 20:01 . 2009-05-09 20:01 -------- d-----w c:\documents and settings\Owner\Application Data\DonationCoder
2009-05-09 07:08 . 2009-05-09 07:08 -------- d-----w c:\program files\LightScribe Template Labeler
2009-05-09 07:07 . 2009-05-09 07:07 -------- d-----w c:\program files\Common Files\LightScribe
2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\documents and settings\Owner\Application Data\Canneverbe_Limited
2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\program files\CDBurnerXP
2009-05-09 00:05 . 2009-05-09 22:53 -------- d-----w c:\program files\TrueTransparency
2009-05-08 23:51 . 2009-05-09 18:10 -------- d-----w c:\program files\RocketDock
2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Owner\Application Data\UBitMenu
2009-05-08 22:39 . 2009-05-08 22:38 695642 ----a-w c:\documents and settings\Owner\Application Data\UBitMenu\unins000.exe
2009-05-08 21:36 . 2009-05-08 21:35 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-08 21:36 . 2009-05-07 22:29 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-05-08 21:36 . 2009-05-07 22:29 12552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
2009-05-08 21:36 . 2009-05-07 22:29 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-05-08 21:36 . 2009-05-07 22:29 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-05-08 21:36 . 2009-05-07 22:29 27656 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-05-08 21:32 . 2009-05-08 21:31 1083672 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-08 21:32 . 2009-05-08 21:31 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-08 21:32 . 2009-05-07 22:28 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-08 21:32 . 2009-05-07 22:28 1423640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-08 21:15 . 2009-05-08 21:15 -------- d-----w c:\program files\CCleaner
2009-05-08 21:11 . 2009-05-08 21:11 -------- d-----w c:\program files\VS Revo Group
2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\documents and settings\Owner\Application Data\iTunesControl
2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\program files\iTunesControl
2009-05-07 22:52 . 2009-05-07 22:52 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-07 22:52 . 2009-02-16 04:10 69000 ----a-w c:\windows\system32\zlcomm.dll
2009-05-07 22:52 . 2009-02-16 04:10 103816 ----a-w c:\windows\system32\zlcommdb.dll
2009-05-07 22:52 . 2009-02-16 04:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\program files\Zone Labs
2009-05-07 22:49 . 2009-05-22 01:22 -------- d-----w c:\windows\Internet Logs
2009-05-07 22:29 . 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-07 22:29 . 2009-05-08 21:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-07 22:29 . 2009-05-08 21:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-07 22:29 . 2009-05-08 21:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-07 22:29 . 2009-05-08 21:35 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-07 22:29 . 2009-05-21 22:26 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-07 22:28 . 2009-05-07 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-07 20:55 . 2009-05-07 20:56 -------- d-----w c:\documents and settings\Owner\Application Data\Launchy
2009-05-06 20:58 . 2009-05-06 21:13 -------- d-----w c:\documents and settings\Owner\Application Data\ImgBurn
2009-05-06 20:51 . 2009-05-06 20:51 -------- d-----w c:\program files\ImgBurn
2009-05-05 06:24 . 2009-05-05 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-05 06:13 . 2009-05-05 06:13 -------- d-----w c:\program files\Adobe Media Player
2009-05-05 06:09 . 2009-05-05 06:09 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-05 06:04 . 2009-05-05 06:04 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-01 14:59 . 2009-05-08 21:25 -------- d-----w c:\program files\iTunes
2009-05-01 14:59 . 2009-05-01 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 14:43 . 2009-05-01 14:43 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 20:38 . 2009-04-29 20:38 -------- d-----w c:\program files\Microsoft.NET
2009-04-29 20:35 . 2009-04-29 20:35 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-29 20:31 . 2009-04-29 20:31 -------- d--h--r C:\MSOCache
2009-04-29 20:10 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-29 19:59 . 2009-04-29 19:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-04-29 19:59 . 2009-05-07 20:17 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-28 22:24 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-04-28 22:24 . 2009-04-28 22:30 -------- d-----w c:\program files\AutoCAD 2009
2009-04-28 22:24 . 2009-04-28 22:24 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Autodesk
2009-04-28 22:10 . 2007-07-19 22:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-28 22:08 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\Owner\Application Data\Autodesk
2009-04-28 22:08 . 2009-04-28 22:30 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-28 22:08 . 2009-04-28 22:08 -------- d-----w c:\program files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 01:14 . 2009-05-22 01:19 1820672 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-05-18 03:37 . 2009-05-18 10:05 1129472 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-05-18 03:21 . 2009-02-28 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\FrostWire
2009-05-17 07:26 . 2006-02-01 19:37 -------- d-----w c:\program files\Common Files\Sierra On-Line
2009-05-17 06:39 . 2009-03-31 23:47 -------- d-----w c:\program files\trend micro
2009-05-16 07:19 . 2006-06-12 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 02:38 . 2008-12-01 21:27 -------- d-----w c:\program files\Diablo II
2009-05-16 02:32 . 2006-02-02 20:29 210376 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-15 07:20 . 2009-05-15 10:06 50176 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-05-15 07:00 . 2009-02-19 01:08 -------- d-----w c:\program files\Xilisoft
2009-05-14 23:46 . 2006-02-04 20:44 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Ahead
2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Common Files\Ahead
2009-05-14 23:16 . 2009-02-07 06:35 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-05-14 23:01 . 2006-03-14 00:57 -------- d-----w c:\program files\Nero
2009-05-14 22:53 . 2009-05-14 22:56 108544 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-05-14 22:31 . 2009-05-13 05:26 1184380 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-05-14 19:38 . 2007-04-29 06:08 -------- d-----w c:\documents and settings\Owner\Application Data\Nero
2009-05-14 17:50 . 2009-02-07 06:35 -------- d-----w c:\program files\Common Files\Nero
2009-05-13 05:03 . 2006-12-27 06:48 -------- d-----w c:\program files\DivX
2009-05-13 05:03 . 2005-11-07 17:10 -------- d-----w c:\program files\MSN Encarta Plus
2009-05-13 05:03 . 2006-07-30 22:11 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-05-13 04:54 . 2009-02-17 06:38 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-05-12 07:02 . 2009-05-12 07:03 249856 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-12 05:32 . 2009-01-23 00:39 -------- d-----w c:\documents and settings\Owner\Application Data\Thinstall
2009-05-10 04:29 . 2004-08-26 16:12 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-05-10 03:28 . 2005-11-07 17:05 -------- d-----w c:\program files\Google
2009-05-09 18:39 . 2006-06-10 23:59 45 -c--a-w c:\windows\popcinfo.dat
2009-05-09 01:53 . 2006-06-12 01:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 13:21 . 2007-06-19 03:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-08 04:09 . 2009-02-05 17:48 1060920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-07 15:55 . 2005-11-07 17:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 06:16 . 2005-11-07 17:10 -------- d-----w c:\program files\Common Files\Adobe
2009-05-01 14:59 . 2007-12-12 16:55 -------- d-----w c:\program files\Common Files\Apple
2009-05-01 14:59 . 2006-12-13 21:16 -------- d-----w c:\program files\iPod
2009-04-29 20:41 . 2005-11-07 17:03 -------- d-----w c:\program files\Microsoft Works
2009-04-29 20:40 . 2009-02-05 17:47 -------- d-----w c:\program files\MSBuild
2009-04-15 16:49 . 2006-06-12 20:40 -------- d-----w c:\program files\Yahoo!
2009-04-13 01:28 . 2009-04-06 17:43 -------- d-----w c:\documents and settings\Owner\Application Data\SPORE
2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\Oberon Media
2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\MSN Games
2009-04-12 18:24 . 2009-04-12 17:59 -------- d-----w c:\program files\Catan GmbH
2009-04-12 13:04 . 2007-03-16 00:44 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-11 18:38 . 2009-04-11 18:38 -------- d-----w c:\documents and settings\Owner\Application Data\rockbox.org
2009-04-11 16:41 . 2009-04-11 16:41 -------- d-----w c:\documents and settings\Owner\Application Data\XBMC
2009-04-09 20:40 . 2009-04-09 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-04-09 20:22 . 2006-02-04 20:29 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-04-06 05:06 . 2006-03-22 00:41 286720 ------w c:\windows\Setup1.exe
2009-04-03 23:03 . 2009-04-03 23:03 -------- d-----w c:\program files\AutoHotkey
2009-04-03 14:01 . 2009-04-03 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-03 13:59 . 2009-04-03 13:59 -------- d-----w c:\program files\QuickTime
2009-04-01 01:59 . 2008-10-09 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 00:39 . 2007-12-29 21:26 -------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-03-31 23:18 . 2009-03-31 23:18 -------- d-----w c:\documents and settings\Owner\Application Data\Songbird2
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:22 . 2009-04-01 00:47 1004081 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libglib-2.0-0.dll
2009-03-18 17:22 . 2009-04-01 00:47 892928 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\iconv.dll
2009-03-18 17:22 . 2009-04-01 00:47 45056 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\intl.dll
2009-03-18 17:22 . 2009-04-01 00:47 344064 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\sbIPDDevice.dll
2009-03-18 17:22 . 2009-04-01 00:47 417792 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgpod.dll
2009-03-18 17:22 . 2009-04-01 00:47 292108 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgobject-2.0-0.dll
2009-03-18 17:22 . 2009-04-01 00:47 8192 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\components\ComponentLoader.dll
2009-03-09 18:58 . 2009-03-31 23:22 548864 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll
2009-03-09 18:57 . 2009-03-31 23:22 159744 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-03-09 18:57 . 2009-03-31 23:22 106496 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 03:26 . 2009-02-28 03:26 0 ----a-w c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2007-01-23 19:07 . 2007-02-27 03:52 1847296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll
2008-03-10 05:01 . 2008-03-10 05:01 0 --sh--w c:\windows\S8A7177C2.tmp
2008-04-14 00:12 . 2008-12-01 06:23 60416 -csha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LyraUpdates"="c:\program files\RCA\Auto Updater\Auto Updater.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLDesktop.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/7/2009 6:29 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 6:29 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 6:29 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/7/2009 6:28 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 6:28 PM 298776]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/12/2009 1:54 AM 603904]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2008 2:36 AM 133104]
S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [3/16/2008 2:02 PM 23808]
S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [3/16/2008 2:02 PM 23936]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36]

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-06 06:44]

2009-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351953409-1454491506-409785693-1003.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iq2qy2i1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 21:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,f5,7a,db,1a,ae,74,cb,7a,8a,10,39,3b,3b,74,6d,a2,c7,eb,18,ae,
91,80,c9,6f,32,3e,d4,6a,00,c1,68,d1,bd,ee,55,84,3a,21,13,59,8a,76,10,35,85,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Completion time: 2009-05-22 21:28
ComboFix-quarantined-files.txt 2009-05-22 01:28

Pre-Run: 24,079,343,616 bytes free
Post-Run: 24,991,010,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=U4R753

393 --- E O F --- 2009-05-13 23:51

05-21-2009, 06:58 PM	#4 (permalink)
botbry Registered User Join Date: Mar 2009 Location: PA Posts: 151 OS: Windows 7 x64 Home Premium	Re: system locked out of internet, no antiviruses will run i hope you get my PM and reopen this because i had stated i would be on a trip and not have access to my computer. so here is the ComboFix log just in case. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix 09-05-21.01 - Owner 05/21/2009 21:21.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1401 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\90fc5d76-97ca-4672-8bac-83b4c07a141b.ocx c:\windows\system32\106c9aad-626d-444d-8ae2-ea706d4f42c6.dll c:\windows\system32\drivers\gxvxcqyoyupugvrrfwfngwfodrgytrqstkvlu.sys c:\windows\system32\gxvxccounter c:\windows\system32\gxvxcjtgebixkmwntppelkijovmcxocugmndk.dll D:\Autorun.inf D:\Desktop.ini K:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS ((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 ))))))))))))))))))))))))))))))) . 2009-05-17 06:04 . 2009-05-17 06:04 -------- d-----w c:\program files\Xvid 2009-05-17 06:04 . 2008-12-05 01:46 180224 ----a-w c:\windows\system32\xvidvfw.dll 2009-05-17 06:04 . 2008-12-05 01:42 815104 ----a-w c:\windows\system32\xvidcore.dll 2009-05-17 05:53 . 2009-05-17 06:04 3532 ----a-w C:\drmHeader.bin 2009-05-16 02:30 . 2009-05-18 02:42 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle FaceCreator 2009-05-16 02:30 . 2009-05-21 18:18 -------- d-----w c:\documents and settings\Owner\Application Data\Hoyle Puzzle and Board Games 2009-05-16 01:41 . 2009-05-16 01:41 -------- d-----w c:\program files\Encore 2009-05-15 18:42 . 2009-05-15 19:03 -------- d-----w c:\program files\VirtualDJ 2009-05-15 18:38 . 2009-05-15 18:38 -------- d-----w c:\program files\Free Fire Screensaver 2009-05-15 18:37 . 2009-05-15 18:37 -------- d-----w c:\documents and settings\Owner\Application Data\Laconic Software 2009-05-15 07:01 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL 2009-05-15 07:01 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS 2009-05-14 23:55 . 2009-05-22 01:04 -------- d-----w c:\program files\PeerGuardian2 2009-05-14 23:45 . 2003-03-29 20:45 89184 ----a-w c:\windows\system32\drivers\imagedrv.sys 2009-05-14 23:45 . 2001-07-06 22:24 283920 ----a-w c:\windows\system32\ImagXpr5.dll 2009-05-14 23:45 . 2001-07-06 18:41 569344 ----a-w c:\windows\system32\imagr5.dll 2009-05-14 23:45 . 2001-07-06 16:44 544768 ----a-w c:\windows\system32\imagx5.dll 2009-05-14 23:45 . 2001-06-26 12:15 38912 ----a-w c:\windows\system32\picn20.dll 2009-05-14 23:45 . 2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe 2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w c:\program files\Windows Sidebar 2009-05-14 12:24 . 2009-05-08 21:35 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-14 12:24 . 2009-05-08 21:35 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-05-14 12:24 . 2009-05-08 21:35 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-05-14 12:24 . 2009-05-08 21:35 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-05-14 12:24 . 2009-05-08 21:35 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll 2009-05-14 12:24 . 2009-05-08 21:35 1262880 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll 2009-05-14 12:24 . 2009-05-08 21:35 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll 2009-05-14 06:52 . 2003-01-26 17:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll 2009-05-14 01:16 . 2009-05-14 01:17 -------- d-----w c:\program files\FixTunes 2009-05-14 00:58 . 2009-05-14 01:43 -------- d-----w c:\program files\TuneUpMedia 2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUpMedia 2009-05-14 00:57 . 2009-05-14 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUpMedia 2009-05-12 07:18 . 2009-05-12 18:52 -------- d--h--w c:\windows\Icons 2009-05-12 06:47 . 2009-05-12 07:24 2328704 ----a-w c:\windows\system32\TUKernel.exe 2009-05-12 05:54 . 2009-05-12 05:54 603904 ----a-w c:\windows\system32\TUProgSt.exe 2009-05-12 05:54 . 2008-12-11 17:31 27904 ----a-w c:\windows\system32\uxtuneup.dll 2009-05-12 05:54 . 2009-05-12 05:54 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-05-12 05:54 . 2009-05-12 05:54 -------- d-----w c:\documents and settings\Owner\Application Data\TuneUp Software 2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\program files\TuneUp Utilities 2009 2009-05-12 05:53 . 2009-05-12 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2009-05-12 05:52 . 2009-05-12 05:52 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-05-12 03:20 . 2009-05-18 13:05 -------- d--h--w C:\$AVG8.VAULT$ 2009-05-11 23:03 . 2009-05-11 23:03 -------- d-----w c:\program files\Vista Drive Icon 2009-05-11 21:33 . 2009-05-11 22:18 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\K-Meleon 2009-05-11 16:15 . 2009-05-11 16:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Opera 2009-05-10 06:51 . 2006-03-01 09:21 117248 ----a-w c:\windows\system32\ribbons.scr 2009-05-10 06:51 . 2006-03-03 18:42 117248 ----a-w c:\windows\system32\Mystify.scr 2009-05-10 06:50 . 2006-03-01 08:53 773120 ----a-w c:\windows\system32\bubbles.scr 2009-05-10 06:50 . 2006-03-01 09:21 1263616 ----a-w c:\windows\system32\aurora.scr 2009-05-10 05:14 . 2009-05-10 05:14 -------- d-----w c:\program files\IconPhile 2009-05-10 04:55 . 2009-05-10 06:21 -------- d-----w c:\documents and settings\Owner\Application Data\Styler 2009-05-10 04:44 . 2009-05-10 06:20 -------- d-----w c:\program files\Styler 2009-05-10 01:12 . 2009-05-13 04:47 -------- d-----w c:\windows\system32\briblo dir 2009-05-10 00:53 . 2009-05-10 01:31 -------- d-----w c:\windows\system32\FLIQLO dir 2009-05-10 00:53 . 2009-05-10 00:53 532480 ----a-w c:\windows\system32\FLIQLO.scr 2009-05-09 23:44 . 2009-05-09 23:44 -------- d-----w c:\program files\Stardock 2009-05-09 22:09 . 2009-05-09 22:09 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Bump Technologies, Inc 2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w c:\documents and settings\Owner\Application Data\Bump Technologies, Inc 2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat 2009-05-09 20:01 . 2009-05-09 20:01 46 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat 2009-05-09 20:01 . 2009-05-09 20:01 -------- d-----w c:\documents and settings\Owner\Application Data\DonationCoder 2009-05-09 07:08 . 2009-05-09 07:08 -------- d-----w c:\program files\LightScribe Template Labeler 2009-05-09 07:07 . 2009-05-09 07:07 -------- d-----w c:\program files\Common Files\LightScribe 2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\documents and settings\Owner\Application Data\Canneverbe_Limited 2009-05-09 07:05 . 2009-05-09 07:05 -------- d-----w c:\program files\CDBurnerXP 2009-05-09 00:05 . 2009-05-09 22:53 -------- d-----w c:\program files\TrueTransparency 2009-05-08 23:51 . 2009-05-09 18:10 -------- d-----w c:\program files\RocketDock 2009-05-08 22:39 . 2009-05-08 22:39 -------- d-----w c:\documents and settings\Owner\Application Data\UBitMenu 2009-05-08 22:39 . 2009-05-08 22:38 695642 ----a-w c:\documents and settings\Owner\Application Data\UBitMenu\unins000.exe 2009-05-08 21:36 . 2009-05-08 21:35 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-08 21:36 . 2009-05-07 22:29 10520 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll 2009-05-08 21:36 . 2009-05-07 22:29 12552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys 2009-05-08 21:36 . 2009-05-07 22:29 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys 2009-05-08 21:36 . 2009-05-07 22:29 325640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-05-08 21:36 . 2009-05-07 22:29 27656 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys 2009-05-08 21:32 . 2009-05-08 21:31 1083672 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-05-08 21:32 . 2009-05-08 21:31 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-05-08 21:32 . 2009-05-07 22:28 582936 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe 2009-05-08 21:32 . 2009-05-07 22:28 1423640 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-08 21:15 . 2009-05-08 21:15 -------- d-----w c:\program files\CCleaner 2009-05-08 21:11 . 2009-05-08 21:11 -------- d-----w c:\program files\VS Revo Group 2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\documents and settings\Owner\Application Data\iTunesControl 2009-05-08 05:50 . 2009-05-08 05:50 -------- d-----w c:\program files\iTunesControl 2009-05-07 22:52 . 2009-05-07 22:52 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-05-07 22:52 . 2009-02-16 04:10 69000 ----a-w c:\windows\system32\zlcomm.dll 2009-05-07 22:52 . 2009-02-16 04:10 103816 ----a-w c:\windows\system32\zlcommdb.dll 2009-05-07 22:52 . 2009-02-16 04:10 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\windows\system32\ZoneLabs 2009-05-07 22:52 . 2009-05-07 22:52 -------- d-----w c:\program files\Zone Labs 2009-05-07 22:49 . 2009-05-22 01:22 -------- d-----w c:\windows\Internet Logs 2009-05-07 22:29 . 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-07 22:29 . 2009-05-08 21:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 22:29 . 2009-05-08 21:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-05-07 22:29 . 2009-05-08 21:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-07 22:29 . 2009-05-08 21:35 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-07 22:29 . 2009-05-21 22:26 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-07 22:28 . 2009-05-07 22:28 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-07 20:55 . 2009-05-07 20:56 -------- d-----w c:\documents and settings\Owner\Application Data\Launchy 2009-05-06 20:58 . 2009-05-06 21:13 -------- d-----w c:\documents and settings\Owner\Application Data\ImgBurn 2009-05-06 20:51 . 2009-05-06 20:51 -------- d-----w c:\program files\ImgBurn 2009-05-05 06:24 . 2009-05-05 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-05-05 06:13 . 2009-05-05 06:13 -------- d-----w c:\program files\Adobe Media Player 2009-05-05 06:09 . 2009-05-05 06:09 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-05-05 06:04 . 2009-05-05 06:04 -------- d-----w c:\program files\Common Files\Macrovision Shared 2009-05-01 14:59 . 2009-05-08 21:25 -------- d-----w c:\program files\iTunes 2009-05-01 14:59 . 2009-05-01 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-01 14:43 . 2009-05-01 14:43 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-29 20:38 . 2009-04-29 20:38 -------- d-----w c:\program files\Microsoft.NET 2009-04-29 20:35 . 2009-04-29 20:35 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-04-29 20:31 . 2009-04-29 20:31 -------- d--h--r C:\MSOCache 2009-04-29 20:10 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll 2009-04-29 19:59 . 2009-04-29 19:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help 2009-04-29 19:59 . 2009-05-07 20:17 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-28 22:24 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-04-28 22:24 . 2009-04-28 22:30 -------- d-----w c:\program files\AutoCAD 2009 2009-04-28 22:24 . 2009-04-28 22:24 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Autodesk 2009-04-28 22:10 . 2007-07-19 22:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll 2009-04-28 22:08 . 2009-04-28 23:15 -------- d-----w c:\documents and settings\Owner\Application Data\Autodesk 2009-04-28 22:08 . 2009-04-28 22:30 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-04-28 22:08 . 2009-04-28 22:08 -------- d-----w c:\program files\Autodesk . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-22 01:14 . 2009-05-22 01:19 1820672 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-05-18 03:37 . 2009-05-18 10:05 1129472 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-05-18 03:21 . 2009-02-28 02:59 -------- d-----w c:\documents and settings\Owner\Application Data\FrostWire 2009-05-17 07:26 . 2006-02-01 19:37 -------- d-----w c:\program files\Common Files\Sierra On-Line 2009-05-17 06:39 . 2009-03-31 23:47 -------- d-----w c:\program files\trend micro 2009-05-16 07:19 . 2006-06-12 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-16 02:38 . 2008-12-01 21:27 -------- d-----w c:\program files\Diablo II 2009-05-16 02:32 . 2006-02-02 20:29 210376 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-15 07:20 . 2009-05-15 10:06 50176 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-05-15 07:00 . 2009-02-19 01:08 -------- d-----w c:\program files\Xilisoft 2009-05-14 23:46 . 2006-02-04 20:44 -------- d-----w c:\documents and settings\Owner\Application Data\Ahead 2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Ahead 2009-05-14 23:45 . 2005-11-07 17:00 -------- d-----w c:\program files\Common Files\Ahead 2009-05-14 23:16 . 2009-02-07 06:35 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-05-14 23:01 . 2006-03-14 00:57 -------- d-----w c:\program files\Nero 2009-05-14 22:53 . 2009-05-14 22:56 108544 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-05-14 22:31 . 2009-05-13 05:26 1184380 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-05-14 19:38 . 2007-04-29 06:08 -------- d-----w c:\documents and settings\Owner\Application Data\Nero 2009-05-14 17:50 . 2009-02-07 06:35 -------- d-----w c:\program files\Common Files\Nero 2009-05-13 05:03 . 2006-12-27 06:48 -------- d-----w c:\program files\DivX 2009-05-13 05:03 . 2005-11-07 17:10 -------- d-----w c:\program files\MSN Encarta Plus 2009-05-13 05:03 . 2006-07-30 22:11 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent 2009-05-13 04:54 . 2009-02-17 06:38 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-05-12 07:02 . 2009-05-12 07:03 249856 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-05-12 05:32 . 2009-01-23 00:39 -------- d-----w c:\documents and settings\Owner\Application Data\Thinstall 2009-05-10 04:29 . 2004-08-26 16:12 218624 ----a-w c:\windows\system32\uxtheme.dll 2009-05-10 03:28 . 2005-11-07 17:05 -------- d-----w c:\program files\Google 2009-05-09 18:39 . 2006-06-10 23:59 45 -c--a-w c:\windows\popcinfo.dat 2009-05-09 01:53 . 2006-06-12 01:17 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-08 13:21 . 2007-06-19 03:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-08 04:09 . 2009-02-05 17:48 1060920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-07 15:55 . 2005-11-07 17:04 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-05 06:16 . 2005-11-07 17:10 -------- d-----w c:\program files\Common Files\Adobe 2009-05-01 14:59 . 2007-12-12 16:55 -------- d-----w c:\program files\Common Files\Apple 2009-05-01 14:59 . 2006-12-13 21:16 -------- d-----w c:\program files\iPod 2009-04-29 20:41 . 2005-11-07 17:03 -------- d-----w c:\program files\Microsoft Works 2009-04-29 20:40 . 2009-02-05 17:47 -------- d-----w c:\program files\MSBuild 2009-04-15 16:49 . 2006-06-12 20:40 -------- d-----w c:\program files\Yahoo! 2009-04-13 01:28 . 2009-04-06 17:43 -------- d-----w c:\documents and settings\Owner\Application Data\SPORE 2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\Oberon Media 2009-04-12 22:18 . 2009-04-12 22:18 -------- d-----w c:\program files\MSN Games 2009-04-12 18:24 . 2009-04-12 17:59 -------- d-----w c:\program files\Catan GmbH 2009-04-12 13:04 . 2007-03-16 00:44 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-11 18:38 . 2009-04-11 18:38 -------- d-----w c:\documents and settings\Owner\Application Data\rockbox.org 2009-04-11 16:41 . 2009-04-11 16:41 -------- d-----w c:\documents and settings\Owner\Application Data\XBMC 2009-04-09 20:40 . 2009-04-09 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe 2009-04-09 20:22 . 2006-02-04 20:29 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead 2009-04-06 05:06 . 2006-03-22 00:41 286720 ------w c:\windows\Setup1.exe 2009-04-03 23:03 . 2009-04-03 23:03 -------- d-----w c:\program files\AutoHotkey 2009-04-03 14:01 . 2009-04-03 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-04-03 13:59 . 2009-04-03 13:59 -------- d-----w c:\program files\QuickTime 2009-04-01 01:59 . 2008-10-09 21:37 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-01 00:39 . 2007-12-29 21:26 -------- d-----w c:\documents and settings\Owner\Application Data\NCH Swift Sound 2009-03-31 23:18 . 2009-03-31 23:18 -------- d-----w c:\documents and settings\Owner\Application Data\Songbird2 2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-18 17:22 . 2009-04-01 00:47 1004081 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libglib-2.0-0.dll 2009-03-18 17:22 . 2009-04-01 00:47 892928 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\iconv.dll 2009-03-18 17:22 . 2009-04-01 00:47 45056 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\intl.dll 2009-03-18 17:22 . 2009-04-01 00:47 344064 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\sbIPDDevice.dll 2009-03-18 17:22 . 2009-04-01 00:47 417792 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgpod.dll 2009-03-18 17:22 . 2009-04-01 00:47 292108 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\libraries\libgobject-2.0-0.dll 2009-03-18 17:22 . 2009-04-01 00:47 8192 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\ipod@songbirdnest.com\components\ComponentLoader.dll 2009-03-09 18:58 . 2009-03-31 23:22 548864 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll 2009-03-09 18:57 . 2009-03-31 23:22 159744 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll 2009-03-09 18:57 . 2009-03-31 23:22 106496 ----a-w c:\documents and settings\Owner\Application Data\Songbird2\Profiles\ubkjyzrd.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll 2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-28 03:26 . 2009-02-28 03:26 0 ----a-w c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2007-01-23 19:07 . 2007-02-27 03:52 1847296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll 2008-03-10 05:01 . 2008-03-10 05:01 0 --sh--w c:\windows\S8A7177C2.tmp 2008-04-14 00:12 . 2008-12-01 06:23 60416 -csha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "HostManager"="c:\program files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2008-06-24 41824] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-08 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "nwiz"=nwiz.exe /install "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "LyraUpdates"="c:\program files\RCA\Auto Updater\Auto Updater.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "NeroCheck"=c:\windows\system32\NeroCheck.exe "Recguard"=%WINDIR%\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1131383480\\EE\\AOLDesktop.exe"= "c:\\Program Files\\Diablo II\\Diablo II.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/7/2009 6:29 PM 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 6:29 PM 325896] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 6:29 PM 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/7/2009 6:28 PM 908568] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 6:28 PM 298776] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/12/2009 1:54 AM 603904] S1 SASKUTIL;SASKUTIL; [x] S2 gupdate1c90feaf416aaf0;Google Update Service (gupdate1c90feaf416aaf0);c:\program files\Google\Update\GoogleUpdate.exe [9/6/2008 2:36 AM 133104] S3 MAC607;MAC607 Filter;c:\windows\system32\drivers\MAC607.sys [3/16/2008 2:02 PM 23808] S3 XBox;XBox Filter;c:\windows\system32\drivers\Xbox.sys [3/16/2008 2:02 PM 23936] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-05-22 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36] 2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-05-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-09-06 06:44] 2009-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-351953409-1454491506-409785693-1003.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 10:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pumpeng.musicshake.com/NewDownload/engmusicshake.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\iq2qy2i1.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-21 21:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= [HKEY_USERS\S-1-5-21-351953409-1454491506-409785693-1003\Software\SecuROM\License information] "datasecu"=hex:1d,f5,7a,db,1a,ae,74,cb,7a,8a,10,39,3b,3b,74,6d,a2,c7,eb,18,ae, 91,80,c9,6f,32,3e,d4,6a,00,c1,68,d1,bd,ee,55,84,3a,21,13,59,8a,76,10,35,85,\ "rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9 . Completion time: 2009-05-22 21:28 ComboFix-quarantined-files.txt 2009-05-22 01:28 Pre-Run: 24,079,343,616 bytes free Post-Run: 24,991,010,816 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=U4R753 393 --- E O F --- 2009-05-13 23:51