Proud Owner of a Vundo? Windows stops running.

[beaverboy56]

I may be the proud owner of a Vundo, every time I run firefox or ie windows explorer stops working and restarts. I have followed the "5 steps" and here is my log file....you guys are great and thanks in advance for your help!!!!!!

Deckard's System Scanner v20071014.68
Run by Michael on 2008-06-23 18:04:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-06-24 03:49:58 UTC - RP215 - Removed Crysis(R).
8: 2008-06-24 01:18:37 UTC - RP214 - Restore Operation
7: 2008-06-24 00:43:57 UTC - RP213 - Windows Defender Checkpoint
6: 2008-06-23 11:38:31 UTC - RP211 - Windows Defender Checkpoint
5: 2008-06-23 11:24:10 UTC - RP209 - Installed BlackBerry Desktop Software.


-- First Restore Point --
1: 2008-06-21 00:15:36 UTC - RP204 - Windows Vista Service Pack 1


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 49.88 GiB (less than 15%) free.


-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:09 PM, on 6/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\rundll32.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\KBD\KbdStub.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\schtasks.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Documents\Azureus Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUoNHAP.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Michael\AppData\Local\Temp\hgGyWPfD.dll,#1
O4 - HKCU\..\Run: [BM3197c618] Rundll32.exe "C:\Users\Michael\AppData\Local\Temp\lcruvjnn.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: login.live.com
O15 - Trusted Zone: live.xbox.com
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpqdktp/...ads/msxml4.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10098 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R1 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 athr (Atheros Extensible Wireless LAN device driver) - c:\windows\system32\drivers\wpn311.sys <Not Verified; Atheros Communications, Inc.; Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: JMicron JMB36X Controller
Device ID: PCI\VEN_197B&DEV_2360&SUBSYS_2360197B&REV_02\4&1886FEA&0&00E3
Manufacturer: JMicron Technology Corp.
Name: JMicron JMB36X Controller
PNP Device ID: PCI\VEN_197B&DEV_2360&SUBSYS_2360197B&REV_02\4&1886FEA&0&00E3
Service: JRAID


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 17:20:39 442 --a------ C:\Windows\Tasks\RegCure Program Check.job
2008-06-23 17:19:49 376 --a------ C:\Windows\Tasks\RegCure.job
2008-06-17 10:29:34 550 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Michael.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 17:59:55 0 d-------- C:\Program Files\SpywareBlaster
2008-06-23 17:53:25 0 d-------- C:\Program Files\Panda Security
2008-06-23 17:30:44 0 d-------- C:\Program Files\Trend Micro
2008-06-23 15:58:34 0 d-------- C:\Program Files\RegCure
2008-06-23 15:58:30 25088 --a------ C:\Windows\system32\wvUoNHAP.dll
2008-06-23 15:49:23 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-06-23 13:24:19 0 d-------- C:\Program Files\Trojan Remover
2008-06-23 01:50:39 0 d-------- C:\VundoFix Backups
2008-06-23 01:43:28 0 d-------- C:\Users\All Users\Grisoft
2008-06-23 01:29:38 256 --a------ C:\Windows\system32\pool.bin
2008-06-23 01:25:33 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-06-23 01:25:31 0 d-------- C:\Program Files\Research In Motion
2008-06-22 20:44:52 0 d-------- C:\Program Files\clrmamepro
2008-06-20 15:18:22 0 d-------- C:\PerfLogs
2008-06-20 15:05:17 98304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2008-06-20 00:54:27 0 d-------- C:\Users\All Users\IsolatedStorage
2008-06-20 00:53:47 0 d-------- C:\Program Files\BinTube
2008-06-19 22:26:17 0 d-------- C:\Program Files\RAR Password Cracker
2008-06-13 09:38:53 0 d-------- C:\Program Files\Red Kawa


-- Find3M Report ---------------------------------------------------------------

2008-06-23 17:18:01 0 d-------- C:\Users\Michael\AppData\Roaming\Azureus
2008-06-23 15:22:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 01:43:38 0 d-------- C:\Users\Michael\AppData\Roaming\Grisoft
2008-06-23 01:29:37 0 d-------- C:\Users\Michael\AppData\Roaming\Research In Motion
2008-06-23 01:25:33 0 d-------- C:\Program Files\Common Files
2008-06-23 01:22:57 0 d-------- C:\Program Files\Symantec
2008-06-20 15:31:03 174 --ahs---- C:\Program Files\desktop.ini
2008-06-20 15:22:44 0 d-------- C:\Program Files\Windows Calendar
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Sidebar
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Mail
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Journal
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Collaboration
2008-06-20 15:22:43 0 d-------- C:\Program Files\Movie Maker
2008-06-20 15:22:41 0 d-------- C:\Program Files\Windows Defender
2008-06-17 19:28:40 0 d-------- C:\Program Files\Azureus
2008-06-02 19:41:23 0 d-------- C:\Users\Michael\AppData\Roaming\LimeWire
2008-05-20 03:00:53 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-30 18:42:59 0 d-------- C:\Users\Michael\AppData\Roaming\mIRC
2008-04-30 03:22:10 0 d-------- C:\Program Files\Exact Audio Copy
2008-04-29 14:40:01 0 d-------- C:\Users\Michael\AppData\Roaming\Vso
2008-04-29 13:45:20 0 d-------- C:\Program Files\DVD Shrink
2008-04-28 03:26:52 0 d-------- C:\Users\Michael\AppData\Roaming\Real
2008-04-28 00:16:51 0 d-------- C:\Users\Michael\AppData\Roaming\DVDFab
2008-04-21 19:41:30 130752 --a------ C:\Windows\hpoins18.dat
2008-04-20 02:30:03 0 -rahs---- C:\MSDOS.SYS
2008-04-20 02:30:03 0 -rahs---- C:\IO.SYS
2008-04-16 00:05:55 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 03:51 AM 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
02/11/2008 12:27 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/18/2008 09:38 PM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [04/18/2007 05:01 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 06:16 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 01:59 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/12/2007 02:36 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/15/2008 11:26 AM C:\Windows\RtHDVCpl.exe]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [04/17/2007 01:22 PM]
"SPIRunE"="SPIRunE.dll" [05/08/2007 11:07 PM C:\Windows\System32\SpiRunE.dll]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [04/07/2007 12:56 AM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 02:24 PM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"WD Button Manager"="WDBtnMgr.exe" [03/15/2008 10:40 AM C:\Windows\System32\WDBtnMgr.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/10/2008 07:57 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/10/2008 07:57 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/10/2008 07:57 PM]
"RegistryMechanic"="" []
"MSServer"="C:\Windows\system32\wvUoNHAP.dll" [06/23/2008 03:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/18/2008 09:33 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/18/2008 09:33 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Aim6"="" []
"MSServer"="C:\Users\Michael\AppData\Local\Temp\hgGyWPfD.dll,#1" []
"BM3197c618"="C:\Users\Michael\AppData\Local\Temp\lcruvjnn.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}"= C:\Users\Michael\AppData\Local\Temp\hgGyWPfD.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4707fda9-dc7d-11dc-aaf2-001e8c6d8cdb}]
AutoRun\command- wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-23 18:16:06 ------------

[beaverboy56]

oh yeah, I forgot to mention I can't run system restore...everytime I try (for a long time, before this latest outburst) I get an error after the computer restarts when system restore runs saying system restore couldn't restore system due to error, and that none of my files have changed.

[beaverboy56]

I know I'm supposed to wait 72 hours before bumping but I don't know if I'll still be able to boot at that point, I can't even ctl-alt-dlt anymore....please help someone

[Ried]

Hello beaverboy56 and welcome,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We'll begin with ComboFix.exe. Please download it from here and save it directly to your desktop.

Do not run it yet.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console on your machine before doing any malware removal.

The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

[beaverboy56]

I have Vista Home Premium 32bit there is no recovery console download for this

[beaverboy56]

also how do I disable norton protection center I can't exit it

[Ried]

My apologies, I saw the amount and type of infections in your log and assumed it was XP as we rarely see Vista so infected.

Skip the portion about installing the Recovery Console.

See this link for a guide on how to disable Norton http://service1.symantec.com/SUPPORT...03071515220236

After you've disabled Norton and any other active protection you have, double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

[beaverboy56]

Combofix.txt.......

ComboFix 08-06-25.3 - Michael 2008-06-26 14:09:50.2 - NTFSx86
Running from: C:\Users\Michael\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Michael\AppData\Roaming\inst.exe
.
---- Previous Run -------
.
C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-24 21:57 . 2008-06-24 21:57 <DIR> d-------- C:\Users\Michael\AppData\Roaming\vmcNetFlix_Data
2008-06-24 21:53 . 2008-06-24 21:53 <DIR> d-------- C:\Users\Mcx2\AppData\Roaming\vmcNetFlix_Data
2008-06-24 21:53 . 2008-06-25 01:29 <DIR> d-------- C:\Users\All Users\vmcNetFlix_Data
2008-06-24 21:53 . 2008-06-25 01:29 <DIR> d-------- C:\ProgramData\vmcNetFlix_Data
2008-06-24 21:36 . 2008-06-24 21:36 <DIR> d-------- C:\Program Files\Netflix
2008-06-24 21:36 . 2003-06-12 23:25 7,062 --a------ C:\Windows\System32\audiopid.vxd
2008-06-24 21:25 . 2008-06-24 21:25 <DIR> d-------- C:\Program Files\Luttmann
2008-06-23 18:04 . 2008-06-23 18:04 <DIR> d-------- C:\Deckard
2008-06-23 17:59 . 2008-06-23 18:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-23 17:53 . 2008-06-23 17:53 <DIR> d-------- C:\Program Files\Panda Security
2008-06-23 17:30 . 2008-06-23 17:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 15:58 . 2008-06-23 16:04 <DIR> d-------- C:\Program Files\RegCure
2008-06-23 15:58 . 2008-06-23 15:58 25,088 --a------ C:\Windows\System32\wvUoNHAP.dll
2008-06-23 15:49 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-06-23 01:50 . 2008-06-23 01:50 <DIR> d-------- C:\VundoFix Backups
2008-06-23 01:43 . 2008-06-23 01:43 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Grisoft
2008-06-23 01:43 . 2008-06-23 01:43 <DIR> d-------- C:\Users\All Users\Grisoft
2008-06-23 01:43 . 2008-06-23 01:43 <DIR> d-------- C:\ProgramData\Grisoft
2008-06-23 01:43 . 2007-05-30 02:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-06-23 01:29 . 2008-06-23 01:29 <DIR> d-------- C:\Users\Michael\AppData\Roaming\Research In Motion
2008-06-23 01:29 . 2008-06-23 01:32 256 --a------ C:\Windows\System32\pool.bin
2008-06-23 01:26 . 2007-01-18 10:24 26,496 --a------ C:\Windows\System32\drivers\RimSerial.sys
2008-06-23 01:25 . 2008-06-23 01:25 <DIR> d-------- C:\Program Files\Research In Motion
2008-06-23 01:25 . 2008-06-23 01:25 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-06-23 01:11 . 2008-06-23 01:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-22 20:44 . 2008-06-22 21:29 <DIR> d-------- C:\Program Files\clrmamepro
2008-06-20 15:18 . 2008-06-20 15:18 <DIR> d-------- C:\PerfLogs
2008-06-20 15:05 . 2008-01-08 13:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-06-20 00:54 . 2008-06-20 00:54 <DIR> d-------- C:\Users\All Users\IsolatedStorage
2008-06-20 00:54 . 2008-06-20 00:54 <DIR> d-------- C:\ProgramData\IsolatedStorage
2008-06-20 00:53 . 2008-06-23 15:22 <DIR> d-------- C:\Program Files\BinTube
2008-06-19 22:26 . 2008-06-19 22:26 <DIR> d-------- C:\Program Files\RAR Password Cracker
2008-06-14 03:59 . 2008-04-22 18:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 03:59 . 2008-04-22 18:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 03:59 . 2008-04-22 18:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 03:59 . 2008-01-18 21:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 03:59 . 2008-01-18 21:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 03:59 . 2008-04-22 18:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 14:14 . 2008-06-13 14:14 24,112 --a------ C:\Windows\System32\drivers\SymIMV.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\Windows\System32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\Windows\System32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\Windows\System32\drivers\symdns.sys
2008-06-13 09:38 . 2008-06-13 09:38 <DIR> d-------- C:\Program Files\Red Kawa
2008-06-10 23:23 . 2008-04-24 16:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-10 23:23 . 2008-04-25 22:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-10 23:23 . 2008-04-24 18:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-10 23:23 . 2008-05-09 15:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-05-27 19:30 . 2008-03-07 16:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 19:30 . 2008-03-07 18:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 00:05 --------- d-----w C:\Users\Michael\AppData\Roaming\Azureus
2008-06-26 23:50 --------- d-----w C:\ProgramData\Symantec
2008-06-25 07:43 --------- d-----w C:\ProgramData\Creative
2008-06-25 07:36 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-06-25 07:36 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-06-25 07:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 08:12 --------- d---a-w C:\ProgramData\TEMP
2008-06-24 03:49 --------- d-----w C:\ProgramData\Viewpoint
2008-06-24 01:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-23 11:22 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-23 11:22 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-23 11:22 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-23 11:22 --------- d-----w C:\Program Files\Symantec
2008-06-21 01:34 --------- d-----w C:\ProgramData\NVIDIA
2008-06-21 01:31 174 --sha-w C:\Program Files\desktop.ini
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Mail
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Journal
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Defender
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-21 01:22 --------- d-----w C:\Program Files\Windows Calendar
2008-06-21 00:22 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-21 00:22 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-18 05:28 --------- d-----w C:\Program Files\Azureus
2008-06-03 05:41 --------- d-----w C:\Users\Michael\AppData\Roaming\LimeWire
2008-05-20 13:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-14 13:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-04 20:48 --------- d-----w C:\ProgramData\Apple Computer
2008-05-01 04:42 --------- d-----w C:\Users\Michael\AppData\Roaming\mIRC
2008-04-30 13:22 --------- d-----w C:\Program Files\Exact Audio Copy
2008-04-30 00:40 --------- d-----w C:\Users\Michael\AppData\Roaming\Vso
2008-04-29 23:46 --------- d-----w C:\ProgramData\DVD Shrink
2008-04-29 23:45 --------- d-----w C:\Program Files\DVD Shrink
2008-04-28 10:16 --------- d-----w C:\Users\Michael\AppData\Roaming\DVDFab
2008-03-31 09:33 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-22 05:33 22,328 ----a-w C:\Users\Michael\AppData\Roaming\PnkBstrK.sys
2008-02-18 09:02 47,360 ----a-w C:\Users\Michael\AppData\Roaming\pcouffin.sys
2008-02-17 12:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-17 12:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-17 12:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-02-18 12:04 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-11 12:27 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 21:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 21:33 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 17:42 53341]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 21:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 05:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 06:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 01:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 14:36 178712]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 13:22 184320]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 00:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 14:24 54840]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 19:57 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 19:57 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 19:57 88608]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"SPIRunE"="SPIRunE.dll" [2007-05-09 01:07 18432 C:\Windows\System32\SpiRunE.dll]
"WD Button Manager"="WDBtnMgr.exe" [2008-03-15 10:40 364544 C:\Windows\System32\WDBtnMgr.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{34E70BB4-CF18-4CAA-A5E0-0AE71DFB5985}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A4E37B33-5749-4840-A4B4-F7CD43D3D906}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0E54B1B3-7C5A-4584-B559-A02DF1754926}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3996FC39-5477-43AD-B353-D7CBFFFF9F10}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A74551F6-29E5-4FAA-B680-B7D960F8D71C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C0D2566-F62C-40D7-8D94-94808AEE796B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A4CF8E1-4C6F-4D55-8955-C70FB95EBA4D}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6CD8133B-7AB7-4655-962A-0B9C590DFC7E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{74DF1286-AC99-4220-93AA-F4480D8A7C18}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6EAA2122-FB04-4058-8C8B-2EE7B3CE9A52}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9A7A617B-4834-4B86-8F71-89B6349AB2DE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0549CEE8-C8EB-4897-9FE8-4DB24D58EB15}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9B56A98-4999-4FB3-AAAD-4B6DE5BE74F0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{006565F0-A17A-4792-87DB-CEED359B5DC9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{CDC41110-B4D1-4E96-A19D-64F3E9E353BB}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8D98BF12-084D-4B33-905F-03C5EB7C1F36}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{B2E89A8E-9A71-434E-AD90-91EE1CF5221B}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E3D5209C-E6D8-434B-9D7A-72633DDE450B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E1A6576E-71DF-49BB-A47D-666D18159357}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{02E11070-FC24-4A4D-B32B-E24BA78440B9}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6A1D3C5C-B17A-452A-A394-B9F9751AFE22}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A37A2D00-CF05-4A81-A23D-1CDE354B9AB5}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C237B5F9-0C46-4AD4-861A-6A2197D6F1C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C1D8980A-1EE4-4C33-BD9C-4424D7AD821E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080623.001\IDSvix86.sys [2008-02-14 03:22]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2007-11-26 09:22]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista);C:\Windows\system32\drivers\t3.sys [2008-01-29 03:03]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);C:\Windows\system32\DRIVERS\xcbda.sys [2007-09-07 04:36]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 13:33]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 NetFlixDownloadManager;VMC NetFlix Download Manager;"C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe" [2008-06-17 07:16]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 19:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4707fda9-dc7d-11dc-aaf2-001e8c6d8cdb}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 08:10:19 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Michael.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-06-26 21:37:16 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-26 13:08:37 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-RegistryMechanic - (no file)
ShellExecuteHooks-{0CCB7673-04D5-4DE7-916B-384A3642BAF4} - (no file)
ShellExecuteHooks-{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\Users\Michael\AppData\Local\Temp\mljgEUMd.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 14:16:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x00320033

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 14:16:54
ComboFix-quarantined-files.txt 2008-06-27 00:16:50

Pre-Run: 13,268,385,792 bytes free
Post-Run: 21,157,531,648 bytes free

243 --- E O F --- 2008-06-26 04:42:20


HIJACK This/ Deckards System Scanner.......

Deckard's System Scanner v20071014.68
Run by Michael on 2008-06-26 14:18:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 31.82 GiB (less than 15%) free.


-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:39 PM, on 6/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Michael\Documents\Azureus Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: login.live.com
O15 - Trusted Zone: live.xbox.com
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpqdktp/...ads/msxml4.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: VMC NetFlix Download Manager (NetFlixDownloadManager) - Unknown owner - C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9160 bytes

-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 14:09:11 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-26 11:32:05 68096 --a------ C:\Windows\zip.exe
2008-06-26 11:32:05 49152 --a------ C:\Windows\VFind.exe
2008-06-26 11:32:05 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-26 11:32:05 98816 --a------ C:\Windows\sed.exe
2008-06-26 11:32:05 80412 --a------ C:\Windows\grep.exe
2008-06-26 11:32:05 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 11:31:45 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-24 21:53:56 0 d-------- C:\Users\All Users\vmcNetFlix_Data
2008-06-24 21:36:23 0 d-------- C:\Program Files\Netflix
2008-06-24 21:25:48 0 d-------- C:\Program Files\Luttmann
2008-06-23 17:59:55 0 d-------- C:\Program Files\SpywareBlaster
2008-06-23 17:53:25 0 d-------- C:\Program Files\Panda Security
2008-06-23 17:30:44 0 d-------- C:\Program Files\Trend Micro
2008-06-23 15:58:34 0 d-------- C:\Program Files\RegCure
2008-06-23 15:58:30 25088 --a------ C:\Windows\system32\wvUoNHAP.dll
2008-06-23 15:49:23 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-06-23 01:50:39 0 d-------- C:\VundoFix Backups
2008-06-23 01:43:28 0 d-------- C:\Users\All Users\Grisoft
2008-06-23 01:29:38 256 --a------ C:\Windows\system32\pool.bin
2008-06-23 01:25:33 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-06-23 01:25:31 0 d-------- C:\Program Files\Research In Motion
2008-06-22 20:44:52 0 d-------- C:\Program Files\clrmamepro
2008-06-20 15:18:22 0 d-------- C:\PerfLogs
2008-06-20 15:05:17 98304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2008-06-20 00:54:27 0 d-------- C:\Users\All Users\IsolatedStorage
2008-06-20 00:53:47 0 d-------- C:\Program Files\BinTube
2008-06-19 22:26:17 0 d-------- C:\Program Files\RAR Password Cracker
2008-06-13 09:38:53 0 d-------- C:\Program Files\Red Kawa


-- Find3M Report ---------------------------------------------------------------

2008-06-26 14:05:22 0 d-------- C:\Users\Michael\AppData\Roaming\Azureus
2008-06-24 21:57:10 0 d-------- C:\Users\Michael\AppData\Roaming\vmcNetFlix_Data
2008-06-24 21:36:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 21:36:12 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-24 21:36:12 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-23 15:22:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 01:43:38 0 d-------- C:\Users\Michael\AppData\Roaming\Grisoft
2008-06-23 01:29:37 0 d-------- C:\Users\Michael\AppData\Roaming\Research In Motion
2008-06-23 01:25:33 0 d-------- C:\Program Files\Common Files
2008-06-23 01:22:57 0 d-------- C:\Program Files\Symantec
2008-06-20 15:31:03 174 --ahs---- C:\Program Files\desktop.ini
2008-06-20 15:22:44 0 d-------- C:\Program Files\Windows Calendar
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Sidebar
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Mail
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Journal
2008-06-20 15:22:43 0 d-------- C:\Program Files\Windows Collaboration
2008-06-20 15:22:43 0 d-------- C:\Program Files\Movie Maker
2008-06-20 15:22:41 0 d-------- C:\Program Files\Windows Defender
2008-06-17 19:28:40 0 d-------- C:\Program Files\Azureus
2008-06-02 19:41:23 0 d-------- C:\Users\Michael\AppData\Roaming\LimeWire
2008-05-20 03:00:53 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-30 18:42:59 0 d-------- C:\Users\Michael\AppData\Roaming\mIRC
2008-04-30 03:22:10 0 d-------- C:\Program Files\Exact Audio Copy
2008-04-29 14:40:01 0 d-------- C:\Users\Michael\AppData\Roaming\Vso
2008-04-29 13:45:20 0 d-------- C:\Program Files\DVD Shrink
2008-04-28 03:26:52 0 d-------- C:\Users\Michael\AppData\Roaming\Real
2008-04-28 00:16:51 0 d-------- C:\Users\Michael\AppData\Roaming\DVDFab
2008-04-21 19:41:30 130752 --a------ C:\Windows\hpoins18.dat
2008-04-20 02:30:03 0 -rahs---- C:\MSDOS.SYS
2008-04-20 02:30:03 0 -rahs---- C:\IO.SYS
2008-04-16 00:05:55 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/