Tech Support Forum - View Single Post - Need help on possible mal-ware and clean up

Justin1002 · 07-02-2009, 10:58 AM

Alright, my Java is installed now, I just used my regular firefox DL manager instead of the sun :D

Here is my CF log:

ComboFix 09-07-01.04 - HP_Administrator 02/07/2009 10:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1487 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.dll"
"c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.rar"
"d:\i386\APPS\APP06901\src\CompaqPresario_Spring06.exe"
"d:\i386\APPS\APP06901\src\HPPavillion_Spring06.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.dll
c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.rar
c:\windows\Installer\17dc9ee.msi
d:\i386\APPS\APP06901\src\CompaqPresario_Spring06.exe
d:\i386\APPS\APP06901\src\HPPavillion_Spring06.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GEEBERS12
-------\Legacy_XDVA037
-------\Legacy_XDVA143
-------\Legacy_XDVA190
-------\Legacy_XDVA225
-------\Service_geebers12
-------\Service_XDva037
-------\Service_XDva143
-------\Service_XDva190
-------\Service_XDva225

((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-01 01:26 . 2009-07-01 01:26 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-01 00:15 . 2009-07-01 15:50 -------- d-----w- c:\documents and settings\HP_Administrator\.SunDownloadManager
2009-06-29 03:42 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-29 03:42 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-06-28 17:32 . 2009-06-28 17:32 627 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DA6C5A23B7F1A041B04320B581B8BEC.dll
2009-06-27 15:53 . 2009-06-27 15:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2009-06-27 15:13 . 2009-06-27 15:13 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-06-27 04:33 . 2008-04-20 21:50 33088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-06-26 19:24 . 2005-08-26 01:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-26 19:24 . 2009-06-27 17:51 -------- d-----w- c:\program files\SpywareBlaster
2009-06-26 19:11 . 2009-05-21 17:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-26 19:08 . 2009-06-26 19:08 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-20 01:41 . 2009-06-25 15:38 -------- d-----w- c:\program files\Warkeys
2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\windows\ShellNew
2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\program files\AutoHotkey
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-03 22:12 . 2009-06-03 22:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-02 23:24 . 2009-06-02 23:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\Regensoft
2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 16:06 . 2008-07-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-02 05:44 . 2007-11-12 23:42 -------- d-----w- c:\program files\Warcraft III
2009-07-01 01:26 . 2006-11-16 19:53 -------- d-----w- c:\program files\Java
2009-06-30 23:41 . 2007-09-02 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-30 23:40 . 2007-09-02 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-30 20:03 . 2006-11-16 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-28 17:32 . 2009-06-28 17:32 184 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_116B3484BCF88244C832130D5AAE1E46.dll
2009-06-28 17:32 . 2009-06-28 17:32 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2009-06-28 17:32 . 2009-06-28 17:32 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-06-28 17:32 . 2009-06-28 17:32 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_096825A1D2A65CB41B34C8A48E1DD969.dll
2009-06-28 17:32 . 2009-06-28 17:32 823 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010.dll
2009-06-28 17:32 . 2009-06-28 17:32 68 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0677512BC3AAE2E4FB6E2DB05C42599D.dll
2009-06-28 17:32 . 2009-06-28 17:32 57 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0690FB333ABD78146BCC9C96CFAFD252.dll
2009-06-28 17:32 . 2009-06-28 17:32 191 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07ED75EFED5946B4296648AD180135BD.dll
2009-06-28 17:32 . 2009-06-28 17:32 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_038648152B7E812498867BF7F04F578B.dll
2009-06-28 17:32 . 2009-06-28 17:32 58 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll
2009-06-28 17:32 . 2009-06-28 17:32 833 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2009-06-28 17:32 . 2009-06-28 17:32 -------- d-----w- c:\program files\Security Task Manager
2009-06-27 17:51 . 2007-06-07 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 15:07 . 2008-03-09 19:58 -------- d-----w- c:\program files\CCleaner
2009-06-27 14:52 . 2009-03-13 23:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xfire
2009-06-27 14:51 . 2009-04-30 23:04 -------- d-----w- c:\program files\Steam
2009-06-25 15:37 . 2009-03-13 23:19 -------- d-----w- c:\program files\Xfire
2009-06-03 06:03 . 2007-04-09 20:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-06-02 23:29 . 2006-11-16 20:28 -------- d-----w- c:\program files\DivX
2009-06-01 04:24 . 2007-11-10 15:50 -------- d-----w- c:\program files\Windows Live
2009-05-29 20:23 . 2008-06-27 23:56 78054 ----a-w- c:\windows\War3Unin.dat
2009-05-21 00:22 . 2009-05-21 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RapidCRC
2009-05-21 00:16 . 2009-05-21 00:16 -------- d-----w- c:\program files\RapidCRC
2009-05-17 17:39 . 2007-08-12 22:30 -------- d-----w- c:\program files\StepMania
2009-05-07 15:44 . 2004-08-09 21:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 01:13 . 2009-05-07 00:06 -------- d-----w- c:\program files\Antares Audio Technologies
2009-05-07 01:02 . 2009-01-08 14:42 -------- d-----w- c:\program files\Perfect World Entertainment
2009-05-07 01:01 . 2009-05-05 22:41 -------- d-----w- c:\program files\City of Heroes
2009-05-07 00:59 . 2006-11-16 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 00:52 . 2008-07-11 19:28 -------- d-----w- c:\program files\MindArk
2009-05-07 00:40 . 2008-02-18 21:57 -------- d-----w- c:\program files\OGPlanet
2009-05-07 00:39 . 2009-01-18 16:09 -------- d-----w- c:\program files\Sword Of The New World
2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PACE Anti-Piracy
2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2009-05-05 21:53 . 2009-05-05 21:53 -------- d-----w- c:\program files\IAHGames
2009-04-29 04:56 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-09 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:25 . 2007-04-09 22:30 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2006-11-16 20:22 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2006-11-16 20:22 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 15:26 . 2004-08-09 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 22:37 . 2009-04-11 22:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-08 04:42 . 2006-11-16 20:22 63432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 21:32 . 2009-04-08 22:11 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 21:32 . 2009-04-08 22:11 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-01-17 04:02 . 2008-01-17 04:02 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-05-19 23:44 . 2007-05-19 23:44 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-29 00:49 . 2009-01-29 00:49 62976 ----a-w- c:\program files\mozilla firefox\plugins\uc_sfighters_launching.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_20.26.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-02 16:28 . 2009-07-02 16:28 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2009-07-02 16:04 . 2009-07-02 16:04 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-07-02 16:28 . 2009-07-02 16:28 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
+ 2007-11-08 01:28 . 2007-11-08 01:28 22016 c:\windows\Installer\3fd037.msp
+ 2007-11-08 01:32 . 2007-11-08 01:32 74240 c:\windows\Installer\3fd033.msp
+ 2007-11-08 01:21 . 2007-11-08 01:21 24576 c:\windows\Installer\3fd030.msp
+ 2008-03-29 18:06 . 2008-03-29 18:06 86528 c:\windows\Installer\338d58.msi
+ 2009-06-01 04:24 . 2009-06-01 04:24 25088 c:\windows\Installer\2d13c2f.msi
+ 2009-06-01 04:24 . 2009-06-01 04:24 28160 c:\windows\Installer\2d13c29.msi
+ 2009-06-01 04:24 . 2009-06-01 04:24 83456 c:\windows\Installer\2d13c1d.msi
+ 2009-06-01 04:24 . 2009-06-01 04:24 59904 c:\windows\Installer\2d13c17.msi
+ 2006-11-16 20:52 . 2006-11-16 20:52 82944 c:\windows\Installer\27191.msi
+ 2006-11-16 20:26 . 2006-11-16 20:26 83968 c:\windows\Installer\25657.msi
+ 2008-04-20 21:50 . 2008-04-20 21:50 24576 c:\windows\Installer\125c9d8.msi
+ 2004-08-09 21:00 . 2004-08-09 21:00 66048 c:\windows\I386\WINNT32.MSI
+ 2009-07-01 01:26 . 2009-05-21 17:34 148888 c:\windows\system32\javaws.exe
- 2009-06-26 19:11 . 2009-06-26 19:10 148888 c:\windows\system32\javaws.exe
- 2009-06-26 19:11 . 2009-06-26 19:10 144792 c:\windows\system32\javaw.exe
+ 2009-07-01 01:26 . 2009-05-21 17:34 144792 c:\windows\system32\javaw.exe
- 2009-06-26 19:11 . 2009-06-26 19:10 144792 c:\windows\system32\java.exe
+ 2009-07-01 01:26 . 2009-05-21 17:34 144792 c:\windows\system32\java.exe
+ 2008-03-29 18:13 . 2008-03-29 18:13 634368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.msi
+ 2009-06-26 19:09 . 2009-06-26 19:09 598016 c:\windows\Installer\fc4776.msi
+ 2009-02-07 22:08 . 2009-02-07 22:08 926720 c:\windows\Installer\a3266c.msi
+ 2009-02-07 21:55 . 2009-02-07 21:55 373248 c:\windows\Installer\a325b2.msi
+ 2009-01-24 20:20 . 2009-01-24 20:20 529408 c:\windows\Installer\91f166.msi
+ 2007-11-05 03:00 . 2007-11-05 03:00 380928 c:\windows\Installer\7801053.msi
+ 2008-10-06 21:49 . 2008-10-06 21:49 441856 c:\windows\Installer\779f5.msi
+ 2007-01-04 23:53 . 2007-01-04 23:53 428544 c:\windows\Installer\701f8.msi
+ 2007-01-04 23:50 . 2007-01-04 23:50 428544 c:\windows\Installer\701e8.msi
+ 2008-03-29 18:29 . 2008-03-29 18:29 454656 c:\windows\Installer\5251ee.msi
+ 2006-11-16 19:53 . 2006-11-16 19:53 221184 c:\windows\Installer\494c7.msi
+ 2006-11-16 19:48 . 2006-11-16 19:48 246784 c:\windows\Installer\494bb.msi
+ 2008-03-09 00:32 . 2008-03-09 00:32 112640 c:\windows\Installer\446394.msi
+ 2008-03-29 18:14 . 2008-03-29 18:14 630272 c:\windows\Installer\437f70.msi
+ 2007-01-01 23:36 . 2007-01-01 23:36 631808 c:\windows\Installer\4238cc.msi
+ 2007-01-01 23:35 . 2007-01-01 23:35 623616 c:\windows\Installer\4238c6.msi
+ 2007-11-08 01:34 . 2007-11-08 01:34 273920 c:\windows\Installer\3fd034.msp
+ 2008-03-29 18:11 . 2008-03-29 18:11 348160 c:\windows\Installer\3fd02d.msi
+ 2009-02-23 05:18 . 2009-02-23 05:18 264704 c:\windows\Installer\3a105.msi
+ 2009-02-23 05:18 . 2009-02-23 05:18 537600 c:\windows\Installer\3a0ff.msi
+ 2007-11-07 23:07 . 2007-11-07 23:07 999936 c:\windows\Installer\338d61.msp
+ 2007-11-07 22:56 . 2007-11-07 22:56 553472 c:\windows\Installer\338d5e.msp
+ 2007-11-07 22:58 . 2007-11-07 22:58 908800 c:\windows\Installer\338d5a.msp
+ 2007-11-07 22:54 . 2007-11-07 22:54 507392 c:\windows\Installer\338d59.msp
+ 2009-06-01 04:25 . 2009-06-01 04:25 431104 c:\windows\Installer\2d13c36.msi
+ 2009-06-01 04:24 . 2009-06-01 04:24 152576 c:\windows\Installer\2d13c23.msi
+ 2009-06-01 04:23 . 2009-06-01 04:23 107008 c:\windows\Installer\2d13c11.msi
+ 2007-08-22 04:36 . 2007-08-22 04:36 537600 c:\windows\Installer\2d032aa.msi
+ 2007-12-23 17:31 . 2007-12-23 17:31 254976 c:\windows\Installer\25bc0.msi
+ 2006-11-16 20:26 . 2006-11-16 20:26 112128 c:\windows\Installer\2565d.msi
+ 2006-11-16 20:23 . 2006-11-16 20:23 441856 c:\windows\Installer\25640.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 304640 c:\windows\Installer\24e12.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24e0b.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24e05.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24dfe.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24df8.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24df2.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24dec.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 120832 c:\windows\Installer\24de2.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 557056 c:\windows\Installer\24ddc.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 537088 c:\windows\Installer\24dd2.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 121344 c:\windows\Installer\24dbd.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 609280 c:\windows\Installer\24db7.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24cc8.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24cc1.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 310272 c:\windows\Installer\24cba.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 390144 c:\windows\Installer\24cb3.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 314368 c:\windows\Installer\24cac.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 304128 c:\windows\Installer\24ca6.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 314368 c:\windows\Installer\24c9f.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 303104 c:\windows\Installer\24c99.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 479232 c:\windows\Installer\24c72.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 489472 c:\windows\Installer\24c6c.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 121344 c:\windows\Installer\24c66.msi
+ 2007-09-15 09:00 . 2007-09-15 09:00 250880 c:\windows\Installer\24af08b.msi
+ 2008-06-25 03:39 . 2008-06-25 03:39 351744 c:\windows\Installer\241537b.msi
+ 2009-06-02 23:24 . 2009-06-02 23:24 152576 c:\windows\Installer\23d2bc.msi
+ 2008-09-20 04:33 . 2008-09-20 04:33 289792 c:\windows\Installer\22b3fe1.msi
+ 2009-03-06 05:05 . 2009-03-06 05:05 140288 c:\windows\Installer\205777f.msi
+ 2007-11-17 04:15 . 2007-11-17 04:15 692224 c:\windows\Installer\1c25b26.msi
+ 2007-08-14 23:24 . 2007-08-14 23:24 431104 c:\windows\Installer\19777db.msi
+ 2009-04-08 04:38 . 2009-04-08 04:38 202752 c:\windows\Installer\17dc973.msi
+ 2009-04-08 04:37 . 2009-04-08 04:37 301056 c:\windows\Installer\17dc955.msi
+ 2008-01-11 20:25 . 2008-01-11 20:25 836096 c:\windows\Installer\17810a.msi
+ 2009-05-27 04:14 . 2009-05-27 04:14 177664 c:\windows\Installer\160cbec.msi
+ 2007-05-09 09:01 . 2007-05-09 09:01 470528 c:\windows\Installer\156b442.msi
+ 2008-11-13 04:48 . 2008-11-13 04:48 972800 c:\windows\Installer\14e8c27.msi
+ 2008-11-13 04:45 . 2008-11-13 04:45 432640 c:\windows\Installer\14e8c20.msi
+ 2007-11-30 10:01 . 2007-11-30 10:01 224256 c:\windows\Installer\1360b33.msi
+ 2007-11-30 10:00 . 2007-11-30 10:00 508928 c:\windows\Installer\1360a88.msi
+ 2007-11-30 10:00 . 2007-11-30 10:00 229888 c:\windows\Installer\1360a72.msi
+ 2007-11-30 10:00 . 2007-11-30 10:00 220672 c:\windows\Installer\1360a58.msi
+ 2007-11-30 10:00 . 2007-11-30 10:00 222720 c:\windows\Installer\1360a3e.msi
+ 2007-11-30 10:00 . 2007-11-30 10:00 219648 c:\windows\Installer\1360a33.msi
+ 2008-05-14 02:56 . 2008-05-14 02:56 311808 c:\windows\Installer\12338af.msi
+ 2005-08-30 21:06 . 2005-08-30 21:06 264704 c:\windows\Installer\122d9.msi
+ 2008-07-11 19:28 . 2008-07-11 19:28 331264 c:\windows\Installer\10a23fa.msi
+ 2004-08-09 21:00 . 2004-08-09 21:00 1326080 c:\windows\system32\webfldrs.msi
+ 2007-05-25 18:08 . 2007-05-25 18:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-04-19 20:08 . 2008-04-19 20:08 2999808 c:\windows\Installer\e5f2ac.msi
+ 2008-04-19 20:04 . 2008-04-19 20:04 1888256 c:\windows\Installer\e5f2a5.msi
+ 2008-04-19 20:03 . 2008-04-19 20:03 3060224 c:\windows\Installer\e5f295.msi
+ 2008-04-19 20:02 . 2008-04-19 20:02 1786880 c:\windows\Installer\e5f28f.msi
+ 2008-04-19 20:02 . 2008-04-19 20:02 1733120 c:\windows\Installer\e5f289.msi
+ 2008-04-19 20:01 . 2008-04-19 20:01 1960960 c:\windows\Installer\e5f283.msi
+ 2008-04-19 20:00 . 2008-04-19 20:00 1733632 c:\windows\Installer\e5f27d.msi
+ 2008-04-19 20:00 . 2008-04-19 20:00 1736704 c:\windows\Installer\e5f277.msi
+ 2008-04-19 19:59 . 2008-04-19 19:59 1768448 c:\windows\Installer\e5f271.msi
+ 2008-04-19 19:59 . 2008-04-19 19:59 1742336 c:\windows\Installer\e5f26b.msi
+ 2008-04-19 19:58 . 2008-04-19 19:58 1849344 c:\windows\Installer\e5f265.msi
+ 2008-04-19 19:58 . 2008-04-19 19:58 2166272 c:\windows\Installer\e5f25e.msi
+ 2008-04-19 19:56 . 2008-04-19 19:56 1722880 c:\windows\Installer\e5f258.msi
+ 2008-04-19 19:56 . 2008-04-19 19:56 1723904 c:\windows\Installer\e5f250.msi
+ 2008-04-19 19:55 . 2008-04-19 19:55 1722880 c:\windows\Installer\e5f246.msi
+ 2008-04-19 19:55 . 2008-04-19 19:55 1734656 c:\windows\Installer\e5f23c.msi
+ 2008-04-19 19:54 . 2008-04-19 19:54 1768448 c:\windows\Installer\e5f236.msi
+ 2008-04-19 19:53 . 2008-04-19 19:53 1759744 c:\windows\Installer\e5f230.msi
+ 2008-04-19 19:53 . 2008-04-19 19:53 1727488 c:\windows\Installer\e5f22a.msi
+ 2008-04-19 19:52 . 2008-04-19 19:52 2602496 c:\windows\Installer\e5f224.msi
+ 2008-04-19 19:48 . 2008-04-19 19:48 1833472 c:\windows\Installer\e5f21e.msi
+ 2008-04-19 19:47 . 2008-04-19 19:47 1833984 c:\windows\Installer\e5f218.msi
+ 2008-04-19 19:46 . 2008-04-19 19:46 1723392 c:\windows\Installer\e5f212.msi
+ 2008-04-19 19:44 . 2008-04-19 19:44 1774592 c:\windows\Installer\e5f20c.msi
+ 2008-07-31 19:19 . 2008-07-31 19:19 1396224 c:\windows\Installer\c76839.msi
+ 2007-01-04 23:52 . 2007-01-04 23:52 5864960 c:\windows\Installer\701f0.msp
+ 2006-11-16 20:38 . 2006-11-16 20:38 5576704 c:\windows\Installer\61c8a.msi
+ 2006-11-16 20:37 . 2006-11-16 20:37 1327616 c:\windows\Installer\61c7c.msi
+ 2009-02-17 22:36 . 2009-02-17 22:36 1894400 c:\windows\Installer\51f56.msi
+ 2009-04-30 23:04 . 2009-04-30 23:04 1100288 c:\windows\Installer\49d85e.msi
+ 2007-01-01 23:35 . 2007-01-01 23:35 1214464 c:\windows\Installer\4238c0.msi
+ 2007-11-08 01:30 . 2007-11-08 01:30 3962368 c:\windows\Installer\3fd036.msp
+ 2007-11-08 01:13 . 2007-11-08 01:13 6766592 c:\windows\Installer\3fd035.msp
+ 2007-11-08 01:26 . 2007-11-08 01:26 4340224 c:\windows\Installer\3fd032.msp
+ 2007-11-08 01:24 . 2007-11-08 01:24 5353472 c:\windows\Installer\3fd031.msp
+ 2007-11-08 01:18 . 2007-11-08 01:18 2059264 c:\windows\Installer\3fd02f.msp
+ 2007-11-08 01:16 . 2007-11-08 01:16 1313280 c:\windows\Installer\3fd02e.msp
+ 2006-11-16 19:47 . 2006-11-16 19:47 3443712 c:\windows\Installer\3c5aa.msi
+ 2009-02-23 05:18 . 2009-02-23 05:18 1446400 c:\windows\Installer\3a10b.msi
+ 2009-02-23 05:17 . 2009-02-23 05:17 1221632 c:\windows\Installer\3a0f9.msi
+ 2007-11-07 22:50 . 2007-11-07 22:50 6055936 c:\windows\Installer\338d60.msp
+ 2007-11-07 23:00 . 2007-11-07 23:00 3407360 c:\windows\Installer\338d5f.msp
+ 2007-11-07 22:46 . 2007-11-07 22:46 3010560 c:\windows\Installer\338d5d.msp
+ 2007-11-07 23:02 . 2007-11-07 23:02 6473216 c:\windows\Installer\338d5c.msp
+ 2007-11-07 23:12 . 2007-11-07 23:12 2533376 c:\windows\Installer\338d5b.msp
+ 2008-11-16 05:51 . 2008-11-16 05:51 1549312 c:\windows\Installer\2efc434.msi
+ 2007-10-08 05:07 . 2007-10-08 05:07 2733056 c:\windows\Installer\2def1c9.msi
+ 2007-08-22 04:37 . 2007-08-22 04:37 1453568 c:\windows\Installer\2d032b6.msi
+ 2007-08-22 04:36 . 2007-08-22 04:36 1868800 c:\windows\Installer\2d032b0.msi
+ 2007-08-22 04:35 . 2007-08-22 04:35 2892288 c:\windows\Installer\2d032a4.msi
+ 2007-08-22 04:32 . 2007-08-22 04:32 5091840 c:\windows\Installer\2d0329e.msi
+ 2006-11-16 20:29 . 2006-11-16 20:29 3037184 c:\windows\Installer\25669.msi
+ 2006-11-16 20:29 . 2006-11-16 20:29 3033088 c:\windows\Installer\25663.msi
+ 2006-11-16 20:26 . 2006-11-16 20:26 4806656 c:\windows\Installer\25651.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 3155456 c:\windows\Installer\24dcb.msi
+ 2006-11-16 20:13 . 2006-11-16 20:13 4443648 c:\windows\Installer\24cce.msi
+ 2006-11-16 20:12 . 2006-11-16 20:12 1795584 c:\windows\Installer\24c93.msi
+ 2009-04-11 22:53 . 2009-04-11 22:53 3966976 c:\windows\Installer\19925a9.msi
+ 2009-04-11 22:49 . 2009-04-11 22:49 8992256 c:\windows\Installer\199228f.msi
+ 2009-04-11 22:42 . 2009-04-11 22:42 3293696 c:\windows\Installer\1991fe6.msi
+ 2008-12-21 00:51 . 2008-12-21 00:51 1659392 c:\windows\Installer\19151e3.msi
+ 2008-09-22 16:09 . 2008-09-22 16:09 3805184 c:\windows\Installer\18f73ec.msp
+ 2008-09-22 16:16 . 2008-09-22 16:16 1276416 c:\windows\Installer\18f73de.msp
+ 2009-01-05 01:10 . 2009-01-05 01:10 2371584 c:\windows\Installer\17c446e.msi
+ 2009-01-05 01:10 . 2009-01-05 01:10 2377216 c:\windows\Installer\17c4468.msi
+ 2007-11-17 00:59 . 2007-11-17 00:59 2265600 c:\windows\Installer\10aa245.msi
+ 2007-08-20 22:44 . 2007-08-20 22:44 8446464 c:\windows\Downloaded Installations\{78FDEAF0-D0E2-45C5-9980-0574D023F589}\veoh.msi
+ 2007-11-17 04:15 . 2007-11-17 04:15 9393048 c:\windows\Downloaded Installations\{4BBBC0B6-6420-4B02-BB53-78318DC7E5BA}\Free Natural Text to Speech Reader 2007.msi
+ 2007-01-01 21:11 . 2006-11-16 19:53 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2007-09-13 21:56 . 2007-01-19 19:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2007-01-02 05:48 . 2006-07-30 03:38 15524352 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2006-11-16 19:47 . 2006-11-16 19:47 19210240 c:\windows\Installer\494b5.msp
+ 2008-08-01 13:36 . 2008-08-01 13:36 10766848 c:\windows\Installer\40b77.msi
+ 2007-07-12 03:27 . 2007-07-12 03:27 15256576 c:\windows\Installer\120f7eb.msp
+ 2008-05-10 01:40 . 2008-05-10 01:40 12461568 c:\windows\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\veoh.msi
+ 2007-10-08 05:07 . 2007-10-08 05:07 10872832 c:\windows\Downloaded Installations\{6C18AD64-052A-4B64-85CF-ED6E3F9911FA}\veoh.msi
+ 2007-11-18 01:13 . 2007-11-18 01:13 13660672 c:\windows\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\veoh.msi
+ 2008-02-04 21:46 . 2008-02-04 21:46 14921728 c:\windows\Downloaded Installations\{1FE40449-9403-4336-9BFF-8047EBF337E5}\veoh.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"Motive SmartBridge"="c:\progra~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2007-07-26 393216]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-1-7 2074360]
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736]
Warkeys Update.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TELUS eCare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk
backup=c:\windows\pss\TELUS eCare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56368:TCP"= 56368:TCP:Pando Media Booster
"56368:UDP"= 56368:UDP:Pando Media Booster
"13960:TCP"= 13960:TCP:*:Disabled:SolidNetworkManager
"13960:UDP"= 13960:UDP:*:Disabled:SolidNetworkManager
"25095:TCP"= 25095:TCP:*:Disabled:SolidNetworkManager
"25095:UDP"= 25095:UDP:*:Disabled:SolidNetworkManager
"18329:TCP"= 18329:TCP:*:Disabled:SolidNetworkManager
"18329:UDP"= 18329:UDP:*:Disabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/05/2008 3:47 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/05/2008 3:47 PM 20560]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [16/11/2006 2:09 PM 82048]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 2:22 PM 34064]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 02:50]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102481662-1838141973-3530339067-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-05 22:34]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102481662-1838141973-3530339067-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-05 22:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\m47pkzqh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\m47pkzqh.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 10:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3352)
c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
c:\progra~1\TELUSE~1\SMARTB~1\SBHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-02 10:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 16:35
ComboFix2.txt 2009-07-01 00:00
ComboFix3.txt 2009-06-30 20:28

Pre-Run: 141,221,048,320 bytes free
Post-Run: 141,165,195,264 bytes free

468 --- E O F --- 2009-06-28 17:59

07-02-2009, 10:58 AM	#24 (permalink)
Justin1002 Registered User Join Date: Jun 2009 Posts: 29 OS: xp	Re: Need help on possible mal-ware and clean up Alright, my Java is installed now, I just used my regular firefox DL manager instead of the sun :D Here is my CF log: ComboFix 09-07-01.04 - HP_Administrator 02/07/2009 10:14.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1487 [GMT -6:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFscript.txt AV: avast! antivirus 4.8.1335 [VPS 090701-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.dll" "c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.rar" "d:\i386\APPS\APP06901\src\CompaqPresario_Spring06.exe" "d:\i386\APPS\APP06901\src\HPPavillion_Spring06.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.dll c:\documents and settings\HP_Administrator\Desktop\Musicccc\loltastic.rar c:\windows\Installer\17dc9ee.msi d:\i386\APPS\APP06901\src\CompaqPresario_Spring06.exe d:\i386\APPS\APP06901\src\HPPavillion_Spring06.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GEEBERS12 -------\Legacy_XDVA037 -------\Legacy_XDVA143 -------\Legacy_XDVA190 -------\Legacy_XDVA225 -------\Service_geebers12 -------\Service_XDva037 -------\Service_XDva143 -------\Service_XDva190 -------\Service_XDva225 ((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 ))))))))))))))))))))))))))))))) . 2009-07-01 01:26 . 2009-07-01 01:26 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-07-01 00:15 . 2009-07-01 15:50 -------- d-----w- c:\documents and settings\HP_Administrator\.SunDownloadManager 2009-06-29 03:42 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-06-29 03:42 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-06-28 17:32 . 2009-06-28 17:32 627 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DA6C5A23B7F1A041B04320B581B8BEC.dll 2009-06-27 15:53 . 2009-06-27 15:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX 2009-06-27 15:13 . 2009-06-27 15:13 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-06-27 04:33 . 2008-04-20 21:50 33088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe 2009-06-26 19:24 . 2005-08-26 01:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2009-06-26 19:24 . 2009-06-27 17:51 -------- d-----w- c:\program files\SpywareBlaster 2009-06-26 19:11 . 2009-05-21 17:33 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-26 19:08 . 2009-06-26 19:08 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-20 01:41 . 2009-06-25 15:38 -------- d-----w- c:\program files\Warkeys 2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\windows\ShellNew 2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\program files\AutoHotkey 2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll 2009-06-03 22:12 . 2009-06-03 22:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX 2009-06-02 23:24 . 2009-06-02 23:28 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\Regensoft 2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\AviSynth 2.5 2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\Red Kawa . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 16:06 . 2008-07-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-02 05:44 . 2007-11-12 23:42 -------- d-----w- c:\program files\Warcraft III 2009-07-01 01:26 . 2006-11-16 19:53 -------- d-----w- c:\program files\Java 2009-06-30 23:41 . 2007-09-02 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-30 23:40 . 2007-09-02 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-30 20:03 . 2006-11-16 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-28 17:32 . 2009-06-28 17:32 184 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_116B3484BCF88244C832130D5AAE1E46.dll 2009-06-28 17:32 . 2009-06-28 17:32 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll 2009-06-28 17:32 . 2009-06-28 17:32 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll 2009-06-28 17:32 . 2009-06-28 17:32 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_096825A1D2A65CB41B34C8A48E1DD969.dll 2009-06-28 17:32 . 2009-06-28 17:32 823 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010.dll 2009-06-28 17:32 . 2009-06-28 17:32 68 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0677512BC3AAE2E4FB6E2DB05C42599D.dll 2009-06-28 17:32 . 2009-06-28 17:32 57 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0690FB333ABD78146BCC9C96CFAFD252.dll 2009-06-28 17:32 . 2009-06-28 17:32 191 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07ED75EFED5946B4296648AD180135BD.dll 2009-06-28 17:32 . 2009-06-28 17:32 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_038648152B7E812498867BF7F04F578B.dll 2009-06-28 17:32 . 2009-06-28 17:32 58 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll 2009-06-28 17:32 . 2009-06-28 17:32 833 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll 2009-06-28 17:32 . 2009-06-28 17:32 -------- d-----w- c:\program files\Security Task Manager 2009-06-27 17:51 . 2007-06-07 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-27 15:07 . 2008-03-09 19:58 -------- d-----w- c:\program files\CCleaner 2009-06-27 14:52 . 2009-03-13 23:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xfire 2009-06-27 14:51 . 2009-04-30 23:04 -------- d-----w- c:\program files\Steam 2009-06-25 15:37 . 2009-03-13 23:19 -------- d-----w- c:\program files\Xfire 2009-06-03 06:03 . 2007-04-09 20:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent 2009-06-02 23:29 . 2006-11-16 20:28 -------- d-----w- c:\program files\DivX 2009-06-01 04:24 . 2007-11-10 15:50 -------- d-----w- c:\program files\Windows Live 2009-05-29 20:23 . 2008-06-27 23:56 78054 ----a-w- c:\windows\War3Unin.dat 2009-05-21 00:22 . 2009-05-21 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RapidCRC 2009-05-21 00:16 . 2009-05-21 00:16 -------- d-----w- c:\program files\RapidCRC 2009-05-17 17:39 . 2007-08-12 22:30 -------- d-----w- c:\program files\StepMania 2009-05-07 15:44 . 2004-08-09 21:00 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 01:13 . 2009-05-07 00:06 -------- d-----w- c:\program files\Antares Audio Technologies 2009-05-07 01:02 . 2009-01-08 14:42 -------- d-----w- c:\program files\Perfect World Entertainment 2009-05-07 01:01 . 2009-05-05 22:41 -------- d-----w- c:\program files\City of Heroes 2009-05-07 00:59 . 2006-11-16 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-07 00:52 . 2008-07-11 19:28 -------- d-----w- c:\program files\MindArk 2009-05-07 00:40 . 2008-02-18 21:57 -------- d-----w- c:\program files\OGPlanet 2009-05-07 00:39 . 2009-01-18 16:09 -------- d-----w- c:\program files\Sword Of The New World 2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PACE Anti-Piracy 2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2009-05-05 21:53 . 2009-05-05 21:53 -------- d-----w- c:\program files\IAHGames 2009-04-29 04:56 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2004-08-09 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 20:25 . 2007-04-09 22:30 129784 ------w- c:\windows\system32\pxafs.dll 2009-04-15 20:25 . 2006-11-16 20:22 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-04-15 20:25 . 2006-11-16 20:22 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll 2009-04-15 15:26 . 2004-08-09 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-11 22:37 . 2009-04-11 22:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-08 04:42 . 2006-11-16 20:22 63432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-06 21:32 . 2009-04-08 22:11 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 21:32 . 2009-04-08 22:11 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2008-01-17 04:02 . 2008-01-17 04:02 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-05-19 23:44 . 2007-05-19 23:44 393 ----a-w- c:\program files\Shortcut to Program Files.lnk 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-01-29 00:49 . 2009-01-29 00:49 62976 ----a-w- c:\program files\mozilla firefox\plugins\uc_sfighters_launching.dll 1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat . ((((((((((((((((((((((((((((( SnapShot@2009-06-30_20.26.40 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-02 16:28 . 2009-07-02 16:28 16384 c:\windows\Temp\Perflib_Perfdata_794.dat + 2009-07-02 16:04 . 2009-07-02 16:04 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat + 2009-07-02 16:28 . 2009-07-02 16:28 16384 c:\windows\Temp\Perflib_Perfdata_630.dat + 2007-11-08 01:28 . 2007-11-08 01:28 22016 c:\windows\Installer\3fd037.msp + 2007-11-08 01:32 . 2007-11-08 01:32 74240 c:\windows\Installer\3fd033.msp + 2007-11-08 01:21 . 2007-11-08 01:21 24576 c:\windows\Installer\3fd030.msp + 2008-03-29 18:06 . 2008-03-29 18:06 86528 c:\windows\Installer\338d58.msi + 2009-06-01 04:24 . 2009-06-01 04:24 25088 c:\windows\Installer\2d13c2f.msi + 2009-06-01 04:24 . 2009-06-01 04:24 28160 c:\windows\Installer\2d13c29.msi + 2009-06-01 04:24 . 2009-06-01 04:24 83456 c:\windows\Installer\2d13c1d.msi + 2009-06-01 04:24 . 2009-06-01 04:24 59904 c:\windows\Installer\2d13c17.msi + 2006-11-16 20:52 . 2006-11-16 20:52 82944 c:\windows\Installer\27191.msi + 2006-11-16 20:26 . 2006-11-16 20:26 83968 c:\windows\Installer\25657.msi + 2008-04-20 21:50 . 2008-04-20 21:50 24576 c:\windows\Installer\125c9d8.msi + 2004-08-09 21:00 . 2004-08-09 21:00 66048 c:\windows\I386\WINNT32.MSI + 2009-07-01 01:26 . 2009-05-21 17:34 148888 c:\windows\system32\javaws.exe - 2009-06-26 19:11 . 2009-06-26 19:10 148888 c:\windows\system32\javaws.exe - 2009-06-26 19:11 . 2009-06-26 19:10 144792 c:\windows\system32\javaw.exe + 2009-07-01 01:26 . 2009-05-21 17:34 144792 c:\windows\system32\javaw.exe - 2009-06-26 19:11 . 2009-06-26 19:10 144792 c:\windows\system32\java.exe + 2009-07-01 01:26 . 2009-05-21 17:34 144792 c:\windows\system32\java.exe + 2008-03-29 18:13 . 2008-03-29 18:13 634368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.msi + 2009-06-26 19:09 . 2009-06-26 19:09 598016 c:\windows\Installer\fc4776.msi + 2009-02-07 22:08 . 2009-02-07 22:08 926720 c:\windows\Installer\a3266c.msi + 2009-02-07 21:55 . 2009-02-07 21:55 373248 c:\windows\Installer\a325b2.msi + 2009-01-24 20:20 . 2009-01-24 20:20 529408 c:\windows\Installer\91f166.msi + 2007-11-05 03:00 . 2007-11-05 03:00 380928 c:\windows\Installer\7801053.msi + 2008-10-06 21:49 . 2008-10-06 21:49 441856 c:\windows\Installer\779f5.msi + 2007-01-04 23:53 . 2007-01-04 23:53 428544 c:\windows\Installer\701f8.msi + 2007-01-04 23:50 . 2007-01-04 23:50 428544 c:\windows\Installer\701e8.msi + 2008-03-29 18:29 . 2008-03-29 18:29 454656 c:\windows\Installer\5251ee.msi + 2006-11-16 19:53 . 2006-11-16 19:53 221184 c:\windows\Installer\494c7.msi + 2006-11-16 19:48 . 2006-11-16 19:48 246784 c:\windows\Installer\494bb.msi + 2008-03-09 00:32 . 2008-03-09 00:32 112640 c:\windows\Installer\446394.msi + 2008-03-29 18:14 . 2008-03-29 18:14 630272 c:\windows\Installer\437f70.msi + 2007-01-01 23:36 . 2007-01-01 23:36 631808 c:\windows\Installer\4238cc.msi + 2007-01-01 23:35 . 2007-01-01 23:35 623616 c:\windows\Installer\4238c6.msi + 2007-11-08 01:34 . 2007-11-08 01:34 273920 c:\windows\Installer\3fd034.msp + 2008-03-29 18:11 . 2008-03-29 18:11 348160 c:\windows\Installer\3fd02d.msi + 2009-02-23 05:18 . 2009-02-23 05:18 264704 c:\windows\Installer\3a105.msi + 2009-02-23 05:18 . 2009-02-23 05:18 537600 c:\windows\Installer\3a0ff.msi + 2007-11-07 23:07 . 2007-11-07 23:07 999936 c:\windows\Installer\338d61.msp + 2007-11-07 22:56 . 2007-11-07 22:56 553472 c:\windows\Installer\338d5e.msp + 2007-11-07 22:58 . 2007-11-07 22:58 908800 c:\windows\Installer\338d5a.msp + 2007-11-07 22:54 . 2007-11-07 22:54 507392 c:\windows\Installer\338d59.msp + 2009-06-01 04:25 . 2009-06-01 04:25 431104 c:\windows\Installer\2d13c36.msi + 2009-06-01 04:24 . 2009-06-01 04:24 152576 c:\windows\Installer\2d13c23.msi + 2009-06-01 04:23 . 2009-06-01 04:23 107008 c:\windows\Installer\2d13c11.msi + 2007-08-22 04:36 . 2007-08-22 04:36 537600 c:\windows\Installer\2d032aa.msi + 2007-12-23 17:31 . 2007-12-23 17:31 254976 c:\windows\Installer\25bc0.msi + 2006-11-16 20:26 . 2006-11-16 20:26 112128 c:\windows\Installer\2565d.msi + 2006-11-16 20:23 . 2006-11-16 20:23 441856 c:\windows\Installer\25640.msi + 2006-11-16 20:13 . 2006-11-16 20:13 304640 c:\windows\Installer\24e12.msi + 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24e0b.msi + 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24e05.msi + 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24dfe.msi + 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24df8.msi + 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24df2.msi + 2006-11-16 20:13 . 2006-11-16 20:13 302592 c:\windows\Installer\24dec.msi + 2006-11-16 20:13 . 2006-11-16 20:13 120832 c:\windows\Installer\24de2.msi + 2006-11-16 20:13 . 2006-11-16 20:13 557056 c:\windows\Installer\24ddc.msi + 2006-11-16 20:13 . 2006-11-16 20:13 537088 c:\windows\Installer\24dd2.msi + 2006-11-16 20:13 . 2006-11-16 20:13 121344 c:\windows\Installer\24dbd.msi + 2006-11-16 20:13 . 2006-11-16 20:13 609280 c:\windows\Installer\24db7.msi + 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24cc8.msi + 2006-11-16 20:13 . 2006-11-16 20:13 304128 c:\windows\Installer\24cc1.msi + 2006-11-16 20:13 . 2006-11-16 20:13 310272 c:\windows\Installer\24cba.msi + 2006-11-16 20:13 . 2006-11-16 20:13 390144 c:\windows\Installer\24cb3.msi + 2006-11-16 20:13 . 2006-11-16 20:13 314368 c:\windows\Installer\24cac.msi + 2006-11-16 20:12 . 2006-11-16 20:12 304128 c:\windows\Installer\24ca6.msi + 2006-11-16 20:12 . 2006-11-16 20:12 314368 c:\windows\Installer\24c9f.msi + 2006-11-16 20:12 . 2006-11-16 20:12 303104 c:\windows\Installer\24c99.msi + 2006-11-16 20:12 . 2006-11-16 20:12 479232 c:\windows\Installer\24c72.msi + 2006-11-16 20:12 . 2006-11-16 20:12 489472 c:\windows\Installer\24c6c.msi + 2006-11-16 20:12 . 2006-11-16 20:12 121344 c:\windows\Installer\24c66.msi + 2007-09-15 09:00 . 2007-09-15 09:00 250880 c:\windows\Installer\24af08b.msi + 2008-06-25 03:39 . 2008-06-25 03:39 351744 c:\windows\Installer\241537b.msi + 2009-06-02 23:24 . 2009-06-02 23:24 152576 c:\windows\Installer\23d2bc.msi + 2008-09-20 04:33 . 2008-09-20 04:33 289792 c:\windows\Installer\22b3fe1.msi + 2009-03-06 05:05 . 2009-03-06 05:05 140288 c:\windows\Installer\205777f.msi + 2007-11-17 04:15 . 2007-11-17 04:15 692224 c:\windows\Installer\1c25b26.msi + 2007-08-14 23:24 . 2007-08-14 23:24 431104 c:\windows\Installer\19777db.msi + 2009-04-08 04:38 . 2009-04-08 04:38 202752 c:\windows\Installer\17dc973.msi + 2009-04-08 04:37 . 2009-04-08 04:37 301056 c:\windows\Installer\17dc955.msi + 2008-01-11 20:25 . 2008-01-11 20:25 836096 c:\windows\Installer\17810a.msi + 2009-05-27 04:14 . 2009-05-27 04:14 177664 c:\windows\Installer\160cbec.msi + 2007-05-09 09:01 . 2007-05-09 09:01 470528 c:\windows\Installer\156b442.msi + 2008-11-13 04:48 . 2008-11-13 04:48 972800 c:\windows\Installer\14e8c27.msi + 2008-11-13 04:45 . 2008-11-13 04:45 432640 c:\windows\Installer\14e8c20.msi + 2007-11-30 10:01 . 2007-11-30 10:01 224256 c:\windows\Installer\1360b33.msi + 2007-11-30 10:00 . 2007-11-30 10:00 508928 c:\windows\Installer\1360a88.msi + 2007-11-30 10:00 . 2007-11-30 10:00 229888 c:\windows\Installer\1360a72.msi + 2007-11-30 10:00 . 2007-11-30 10:00 220672 c:\windows\Installer\1360a58.msi + 2007-11-30 10:00 . 2007-11-30 10:00 222720 c:\windows\Installer\1360a3e.msi + 2007-11-30 10:00 . 2007-11-30 10:00 219648 c:\windows\Installer\1360a33.msi + 2008-05-14 02:56 . 2008-05-14 02:56 311808 c:\windows\Installer\12338af.msi + 2005-08-30 21:06 . 2005-08-30 21:06 264704 c:\windows\Installer\122d9.msi + 2008-07-11 19:28 . 2008-07-11 19:28 331264 c:\windows\Installer\10a23fa.msi + 2004-08-09 21:00 . 2004-08-09 21:00 1326080 c:\windows\system32\webfldrs.msi + 2007-05-25 18:08 . 2007-05-25 18:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp + 2008-04-19 20:08 . 2008-04-19 20:08 2999808 c:\windows\Installer\e5f2ac.msi + 2008-04-19 20:04 . 2008-04-19 20:04 1888256 c:\windows\Installer\e5f2a5.msi + 2008-04-19 20:03 . 2008-04-19 20:03 3060224 c:\windows\Installer\e5f295.msi + 2008-04-19 20:02 . 2008-04-19 20:02 1786880 c:\windows\Installer\e5f28f.msi + 2008-04-19 20:02 . 2008-04-19 20:02 1733120 c:\windows\Installer\e5f289.msi + 2008-04-19 20:01 . 2008-04-19 20:01 1960960 c:\windows\Installer\e5f283.msi + 2008-04-19 20:00 . 2008-04-19 20:00 1733632 c:\windows\Installer\e5f27d.msi + 2008-04-19 20:00 . 2008-04-19 20:00 1736704 c:\windows\Installer\e5f277.msi + 2008-04-19 19:59 . 2008-04-19 19:59 1768448 c:\windows\Installer\e5f271.msi + 2008-04-19 19:59 . 2008-04-19 19:59 1742336 c:\windows\Installer\e5f26b.msi + 2008-04-19 19:58 . 2008-04-19 19:58 1849344 c:\windows\Installer\e5f265.msi + 2008-04-19 19:58 . 2008-04-19 19:58 2166272 c:\windows\Installer\e5f25e.msi + 2008-04-19 19:56 . 2008-04-19 19:56 1722880 c:\windows\Installer\e5f258.msi + 2008-04-19 19:56 . 2008-04-19 19:56 1723904 c:\windows\Installer\e5f250.msi + 2008-04-19 19:55 . 2008-04-19 19:55 1722880 c:\windows\Installer\e5f246.msi + 2008-04-19 19:55 . 2008-04-19 19:55 1734656 c:\windows\Installer\e5f23c.msi + 2008-04-19 19:54 . 2008-04-19 19:54 1768448 c:\windows\Installer\e5f236.msi + 2008-04-19 19:53 . 2008-04-19 19:53 1759744 c:\windows\Installer\e5f230.msi + 2008-04-19 19:53 . 2008-04-19 19:53 1727488 c:\windows\Installer\e5f22a.msi + 2008-04-19 19:52 . 2008-04-19 19:52 2602496 c:\windows\Installer\e5f224.msi + 2008-04-19 19:48 . 2008-04-19 19:48 1833472 c:\windows\Installer\e5f21e.msi + 2008-04-19 19:47 . 2008-04-19 19:47 1833984 c:\windows\Installer\e5f218.msi + 2008-04-19 19:46 . 2008-04-19 19:46 1723392 c:\windows\Installer\e5f212.msi + 2008-04-19 19:44 . 2008-04-19 19:44 1774592 c:\windows\Installer\e5f20c.msi + 2008-07-31 19:19 . 2008-07-31 19:19 1396224 c:\windows\Installer\c76839.msi + 2007-01-04 23:52 . 2007-01-04 23:52 5864960 c:\windows\Installer\701f0.msp + 2006-11-16 20:38 . 2006-11-16 20:38 5576704 c:\windows\Installer\61c8a.msi + 2006-11-16 20:37 . 2006-11-16 20:37 1327616 c:\windows\Installer\61c7c.msi + 2009-02-17 22:36 . 2009-02-17 22:36 1894400 c:\windows\Installer\51f56.msi + 2009-04-30 23:04 . 2009-04-30 23:04 1100288 c:\windows\Installer\49d85e.msi + 2007-01-01 23:35 . 2007-01-01 23:35 1214464 c:\windows\Installer\4238c0.msi + 2007-11-08 01:30 . 2007-11-08 01:30 3962368 c:\windows\Installer\3fd036.msp + 2007-11-08 01:13 . 2007-11-08 01:13 6766592 c:\windows\Installer\3fd035.msp + 2007-11-08 01:26 . 2007-11-08 01:26 4340224 c:\windows\Installer\3fd032.msp + 2007-11-08 01:24 . 2007-11-08 01:24 5353472 c:\windows\Installer\3fd031.msp + 2007-11-08 01:18 . 2007-11-08 01:18 2059264 c:\windows\Installer\3fd02f.msp + 2007-11-08 01:16 . 2007-11-08 01:16 1313280 c:\windows\Installer\3fd02e.msp + 2006-11-16 19:47 . 2006-11-16 19:47 3443712 c:\windows\Installer\3c5aa.msi + 2009-02-23 05:18 . 2009-02-23 05:18 1446400 c:\windows\Installer\3a10b.msi + 2009-02-23 05:17 . 2009-02-23 05:17 1221632 c:\windows\Installer\3a0f9.msi + 2007-11-07 22:50 . 2007-11-07 22:50 6055936 c:\windows\Installer\338d60.msp + 2007-11-07 23:00 . 2007-11-07 23:00 3407360 c:\windows\Installer\338d5f.msp + 2007-11-07 22:46 . 2007-11-07 22:46 3010560 c:\windows\Installer\338d5d.msp + 2007-11-07 23:02 . 2007-11-07 23:02 6473216 c:\windows\Installer\338d5c.msp + 2007-11-07 23:12 . 2007-11-07 23:12 2533376 c:\windows\Installer\338d5b.msp + 2008-11-16 05:51 . 2008-11-16 05:51 1549312 c:\windows\Installer\2efc434.msi + 2007-10-08 05:07 . 2007-10-08 05:07 2733056 c:\windows\Installer\2def1c9.msi + 2007-08-22 04:37 . 2007-08-22 04:37 1453568 c:\windows\Installer\2d032b6.msi + 2007-08-22 04:36 . 2007-08-22 04:36 1868800 c:\windows\Installer\2d032b0.msi + 2007-08-22 04:35 . 2007-08-22 04:35 2892288 c:\windows\Installer\2d032a4.msi + 2007-08-22 04:32 . 2007-08-22 04:32 5091840 c:\windows\Installer\2d0329e.msi + 2006-11-16 20:29 . 2006-11-16 20:29 3037184 c:\windows\Installer\25669.msi + 2006-11-16 20:29 . 2006-11-16 20:29 3033088 c:\windows\Installer\25663.msi + 2006-11-16 20:26 . 2006-11-16 20:26 4806656 c:\windows\Installer\25651.msi + 2006-11-16 20:13 . 2006-11-16 20:13 3155456 c:\windows\Installer\24dcb.msi + 2006-11-16 20:13 . 2006-11-16 20:13 4443648 c:\windows\Installer\24cce.msi + 2006-11-16 20:12 . 2006-11-16 20:12 1795584 c:\windows\Installer\24c93.msi + 2009-04-11 22:53 . 2009-04-11 22:53 3966976 c:\windows\Installer\19925a9.msi + 2009-04-11 22:49 . 2009-04-11 22:49 8992256 c:\windows\Installer\199228f.msi + 2009-04-11 22:42 . 2009-04-11 22:42 3293696 c:\windows\Installer\1991fe6.msi + 2008-12-21 00:51 . 2008-12-21 00:51 1659392 c:\windows\Installer\19151e3.msi + 2008-09-22 16:09 . 2008-09-22 16:09 3805184 c:\windows\Installer\18f73ec.msp + 2008-09-22 16:16 . 2008-09-22 16:16 1276416 c:\windows\Installer\18f73de.msp + 2009-01-05 01:10 . 2009-01-05 01:10 2371584 c:\windows\Installer\17c446e.msi + 2009-01-05 01:10 . 2009-01-05 01:10 2377216 c:\windows\Installer\17c4468.msi + 2007-11-17 00:59 . 2007-11-17 00:59 2265600 c:\windows\Installer\10aa245.msi + 2007-08-20 22:44 . 2007-08-20 22:44 8446464 c:\windows\Downloaded Installations\{78FDEAF0-D0E2-45C5-9980-0574D023F589}\veoh.msi + 2007-11-17 04:15 . 2007-11-17 04:15 9393048 c:\windows\Downloaded Installations\{4BBBC0B6-6420-4B02-BB53-78318DC7E5BA}\Free Natural Text to Speech Reader 2007.msi + 2007-01-01 21:11 . 2006-11-16 19:53 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi + 2007-09-13 21:56 . 2007-01-19 19:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi + 2007-01-02 05:48 . 2006-07-30 03:38 15524352 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi + 2006-11-16 19:47 . 2006-11-16 19:47 19210240 c:\windows\Installer\494b5.msp + 2008-08-01 13:36 . 2008-08-01 13:36 10766848 c:\windows\Installer\40b77.msi + 2007-07-12 03:27 . 2007-07-12 03:27 15256576 c:\windows\Installer\120f7eb.msp + 2008-05-10 01:40 . 2008-05-10 01:40 12461568 c:\windows\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\veoh.msi + 2007-10-08 05:07 . 2007-10-08 05:07 10872832 c:\windows\Downloaded Installations\{6C18AD64-052A-4B64-85CF-ED6E3F9911FA}\veoh.msi + 2007-11-18 01:13 . 2007-11-18 01:13 13660672 c:\windows\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\veoh.msi + 2008-02-04 21:46 . 2008-02-04 21:46 14921728 c:\windows\Downloaded Installations\{1FE40449-9403-4336-9BFF-8047EBF337E5}\veoh.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408] "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856] "Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-05 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648] "Motive SmartBridge"="c:\progra~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2007-07-26 393216] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-1-7 2074360] My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736] Warkeys Update.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0pgdfgsvc C 1 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TELUS eCare.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk backup=c:\windows\pss\TELUS eCare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk backup=c:\windows\pss\Updates From HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56368:TCP"= 56368:TCP:Pando Media Booster "56368:UDP"= 56368:UDP:Pando Media Booster "13960:TCP"= 13960:TCP::Disabled:SolidNetworkManager "13960:UDP"= 13960:UDP::Disabled:SolidNetworkManager "25095:TCP"= 25095:TCP::Disabled:SolidNetworkManager "25095:UDP"= 25095:UDP::Disabled:SolidNetworkManager "18329:TCP"= 18329:TCP::Disabled:SolidNetworkManager "18329:UDP"= 18329:UDP::Disabled:SolidNetworkManager R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/05/2008 3:47 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/05/2008 3:47 PM 20560] S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [16/11/2006 2:09 PM 82048] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 2:22 PM 34064] . Contents of the 'Scheduled Tasks' folder 2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-07-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 02:50] 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102481662-1838141973-3530339067-1007Core.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-05 22:34] 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102481662-1838141973-3530339067-1007UA.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-05 22:34] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PAVILION&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\m47pkzqh.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\m47pkzqh.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-02 10:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\program files\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(3352) c:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll c:\progra~1\TELUSE~1\SMARTB~1\SBHook.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2009-07-02 10:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-02 16:35 ComboFix2.txt 2009-07-01 00:00 ComboFix3.txt 2009-06-30 20:28 Pre-Run: 141,221,048,320 bytes free Post-Run: 141,165,195,264 bytes free 468 --- E O F --- 2009-06-28 17:59