AeroMonk

2 weeks ago I was infected with a really nasty virus called a.exe

I wasn't able to delete the virus on my own, so I gave my computer to a friend who's good with computers. After a few days my friend said he was able to kill the virus, but that it was the worst virus he had ever seen. But I'm not really sure if he fully removed the infection, because now I'm having similar problems that are like my last infection. I think a virus is hiding really deep inside my pc so I need help. I want to try everything to find this thing. Such as HJT, DDS, GMER scans. I've already scanned with spybot s&d, malwarebytes am, adaware, norton internet security 2009; all results were clean. I know something is hiding on my computer. But when I did a Registry Integrity scan with CCleaner I noticed some odd results, so I took a screencap:



If the pic is too small to read, here's a link you can go to - where the pic is full size. Click Here For Full Size Pic
I had to really decrease the original size because it was 1400 x 1050 - and that distorted the size of the overall webpage.

And yes, I do have my original Windows XP SP1 Operating System disc.

I've copy/pasted and attached all the logs that I was told to do.

Here's the DDS.txt log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 0:38:31.48 on Tue 11/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.926 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winstep\workshelf.exe
C:\Program Files\Winstep\nextstart.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iReceiver.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorkShelf] c:\program files\winstep\workshelf.exe autostart
uRun: [NextSTART] c:\program files\winstep\nextstart.exe autostart
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQ"&"inst=NwA5AC0ANAAxADkANAAxADUAOAA"&"prod=90"&"ver=9.0.698
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\iReceiver.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link rangebooster n dwa-642\wirelesscm.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: download.microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253736381187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256314086604
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B6F697EF-EAAB-44BE-9E39-370D0A6DE338} = 4.2.2.2,4.2.2.3
TCP: {E054DB29-2129-4B5E-88F8-37CEE848DCB0} = 4.2.2.2,4.2.2.3
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\j94yc195.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-29 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-29 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-29 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-29 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091102.002\IDSXpx86.sys [2009-11-2 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-29 117640]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-28 102448]
R3 shwMirror;shwMirror;c:\windows\system32\drivers\shwMirror.sys [2006-8-29 3584]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-10-1 54432]
R4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-9-23 20160]
S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]

=============== Created Last 30 ================

2009-11-02 22:37:46 12464 ------w- c:\windows\system32\avgrsstx.dll.install_backup
2009-11-02 22:36:50 0 d-----w- c:\program files\AVG
2009-11-01 09:43:46 0 d-----w- c:\docume~1\owner\applic~1\FastStone
2009-11-01 09:42:20 0 d-----w- c:\program files\FastStone Image Viewer
2009-10-30 21:10:43 39880 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-30 21:02:15 0 d-----w- c:\program files\iPod
2009-10-30 21:02:08 0 d-----w- c:\program files\iTunes
2009-10-30 01:26:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:38:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-29 22:38:03 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:35:23 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-29 22:35:00 0 d-----w- c:\program files\Lavasoft
2009-10-29 16:14:50 3120 ----a-w- c:\windows\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
2009-10-29 16:14:50 3120 ----a-w- c:\windows\01a5b801-10aa-4023-998d-a31986c9a740.ocx
2009-10-28 15:31:30 77312 ----a-w- c:\windows\MBR.exe
2009-10-26 00:26:29 0 d-----w- c:\program files\mbpowertools
2009-10-26 00:23:12 0 d-----w- c:\program files\Bonjour
2009-10-23 18:44:07 0 d-----w- c:\program files\LogMeIn Rescue Calling Card
2009-10-23 17:59:37 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2009-10-23 17:59:36 0 d-----w- c:\program files\Dell
2009-10-23 17:59:18 86016 ----a-w- c:\windows\system32\preflib.dll
2009-10-23 17:59:18 44032 ----a-w- c:\windows\system32\wltrynt.dll
2009-10-23 17:59:18 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2009-10-23 17:59:18 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2009-10-23 17:59:18 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
2009-10-23 17:59:15 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2009-10-23 17:59:15 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-10-23 17:59:15 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2009-10-23 17:59:15 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-10-23 17:59:13 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2009-10-23 17:59:13 3096576 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2009-10-23 16:55:01 0 d-----w- c:\windows\system32\CatRoot2
2009-10-22 17:32:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 17:32:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 15:20:15 236544 ----a-w- c:\windows\PEV.exe
2009-10-22 15:20:15 161792 ----a-w- c:\windows\SWREG.exe
2009-10-22 15:20:14 98816 ----a-w- c:\windows\sed.exe
2009-10-15 09:23:41 0 d-----w- c:\documents and settings\owner\Library
2009-10-15 09:23:41 0 d-----w- c:\docume~1\owner\applic~1\com.adobe.ExMan
2009-10-14 23:00:19 0 d-----w- c:\program files\common files\Macrovision Shared
2009-10-14 22:18:47 207936 ----a-w- c:\windows\K-Tek4D_1440x900.jpg
2009-10-13 20:48:13 2359350 ----a-w- c:\windows\Owner.bmp
2009-10-13 20:46:36 798208 ----a-w- c:\windows\system32\NextControls.ocx
2009-10-13 20:46:36 0 d-----w- c:\program files\Winstep
2009-10-13 15:04:26 4096 --sha-w- C:\VSNAP.IDX
2009-10-13 14:31:33 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-10-13 14:31:32 129520 ------w- c:\windows\system32\pxafs.dll
2009-10-13 09:43:44 0 d-----w- c:\program files\Photosynth
2009-10-13 09:30:13 0 d-----w- c:\program files\Shape Collage
2009-10-13 09:24:34 25 ----a-w- c:\windows\libem.INI
2009-10-13 03:23:40 0 d-----w- c:\program files\Microsoft Research
2009-10-13 02:10:21 0 d-----w- c:\documents and settings\owner\Tracing
2009-10-13 02:07:35 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-13 0202 0 d-----w- c:\program files\Microsoft
2009-10-13 02:05:23 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-13 01:51:09 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2009-10-13 01:51:09 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2009-10-13 01:51:09 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2009-10-13 01:51:09 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2009-10-13 01:31:39 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-13 01:23:19 0 d-----w- c:\program files\common files\Windows Live
2009-10-13 00:43:26 0 d-----w- c:\program files\Tansee iPhone Transfer Photo
2009-10-13 00:37:19 0 d-----w- c:\program files\HP
2009-10-12 20:30:46 48128 ----a-w- c:\windows\system32\Remove.exe
2009-10-12 20:30:46 472 ----a-w- c:\windows\system32\Remover.ini
2009-10-12 20:30:09 0 d-----w- c:\windows\PixArt
2009-10-12 20:30:08 0 d-----w- c:\program files\common files\PAC207
2009-10-12 17:42:03 0 d-----w- c:\windows\Downloaded Installations
2009-10-12 01:41:32 0 d-----w- c:\program files\MSXML 4.0
2009-10-12 01:29:17 0 d-----w- c:\docume~1\owner\applic~1\Symantec
2009-10-12 00:54:53 4767 ----a-w- c:\windows\Irremote.ini
2009-10-12 00:29:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2009-10-12 00:13:43 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-10-12 00:13:40 15088 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-10-12 00:13:37 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-10-12 00:13:33 138464 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-10-12 00:12:07 0 d-----w- c:\program files\Norton Ghost
2009-10-12 00:03:48 266240 ----a-w- c:\windows\system32\hpdj3600
2009-10-11 08:57:14 0 d-----w- c:\program files\IrfanView
2009-10-11 06:44:57 124688 ----a-w- c:\windows\system32\MSWinSck.ocx
2009-10-11 06:44:50 614400 ----a-w- c:\windows\system32\ExButton.dll
2009-10-11 06:44:50 602112 ----a-w- c:\windows\system32\ExMenu.dll
2009-10-11 06:44:50 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2009-10-11 06:44:49 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2009-10-11 06:44:47 516096 ----a-w- c:\windows\system32\ExTab.dll
2009-10-11 06:44:45 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-10-11 06:44:44 118784 ----a-w- c:\windows\system32\eWebControl.dll
2009-10-11 06:44:43 0 d-----w- c:\program files\common files\eSellerate
2009-10-11 06:44:39 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-10-11 06:44:27 0 d-----w- c:\program files\AnswersThatWork
2009-10-11 05:52:02 38403 ----a-w- c:\windows\hpdj3600.hi2
2009-10-11 05:52:02 3417 ----a-w- c:\windows\hpdj3600.bu2
2009-10-11 05:51:39 343030 ----a-w- c:\windows\hpdj3600.hi1
2009-10-11 05:51:38 9211 ----a-w- c:\windows\hpdj3600.bu1
2009-10-10 15:38:20 478 ----a-w- c:\windows\hpbvspst.ini
2009-10-10 15:38:20 12435 ----a-w- c:\windows\hpbvspst.his
2009-10-10 14:41:53 863874 ----a-w- c:\windows\hpdj3600.his
2009-10-10 14:41:52 9219 ----a-w- c:\windows\hpdj3600.ini
2009-10-10 06:52:46 0 d-----w- C:\Downloads
2009-10-10 06:52:02 0 d-----w- c:\program files\BitComet
2009-10-08 22:37:33 0 d-----w- c:\program files\PeerGuardian2
2009-10-08 22:19:19 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-10-08 22:19:16 0 d-----w- c:\program files\SpywareBlaster
2009-10-08 22:12:16 0 d-----w- c:\windows\PAC207
2009-10-08 22:12:08 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2009-10-08 22:12:08 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2009-10-08 22:12:08 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2009-10-08 22:12:08 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-10-08 22:12:07 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-08 22:12:07 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-10-08 22:12:05 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2009-10-08 22:12:05 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-10-08 22:10:15 40960 ----a-w- c:\windows\CleanDev.exe
2009-10-08 22:10:15 11170 ----a-w- c:\windows\system32\PA207Usd.dll
2009-10-07 21:36:20 0 d-----w- c:\program files\Pure Networks
2009-10-07 21:14:54 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-07 21:14:54 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-07 20:51:34 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-10-07 20:51:28 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-10-07 20:51:16 0 d-----w- c:\program files\common files\Pure Networks Shared
2009-10-04 08:23:25 0 d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2009-10-29 15:08:13 21879 ----a-w- c:\windows\system32\nvModes.dat
2009-10-12 19:33:24 8644096 ----a-w- c:\program files\PC Camera.msi
2009-10-12 19:33:18 5693 ----a-w- c:\program files\0x0409.ini
2009-10-12 19:33:18 16384 ----a-w- c:\program files\1033.MST
2009-09-29 09:34:58 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-29 09:34:58 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-29 09:34:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-29 09:34:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-24 16:20:31 30630 ----a-w- c:\windows\system32\drivers\Mmc_2k.sys
2009-09-24 16:20:31 25898 ----a-w- c:\windows\system32\drivers\Dvd_2k.sys
2009-09-24 16:20:31 206464 ----a-w- c:\windows\system32\drivers\udfreadr_xp.sys
2009-09-24 16:20:31 143834 ----a-w- c:\windows\system32\drivers\pwd_2K.sys
2009-09-24 16:20:22 57344 ----a-w- c:\windows\uneng.exe
2009-09-23 21:56:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 19:29:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:23:26 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2006-11-20 14:01:08 163840 ----a-w- c:\program files\common files\AMCap.exe

============= FINISH: 0:41:07.92 ===============

Attached Files

Attach.zip (4.1 KB, 3 views)

AeroMonk

BUMP, please

Glaswegian

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.

• When finished it will produce a log at C:\ComboFix.txt for you
• Please include the log in your next reply.

AeroMonk

ComboFix 09-11-08.03 - Owner 11/09/2009 14:04.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1300 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\glasgow.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\01a5b801-10aa-4023-998d-a31986c9a740.ocx
c:\windows\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-09 18:04 . 2009-08-29 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\NAVENG.SYS
2009-11-09 18:04 . 2009-08-29 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\NAVENG32.DLL
2009-11-09 18:04 . 2009-08-29 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\NAVEX32A.DLL
2009-11-09 18:04 . 2009-08-29 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\NAVEX15.SYS
2009-11-09 18:04 . 2009-11-06 17:33 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\ECMSVR32.DLL
2009-11-09 18:04 . 2009-11-06 17:33 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\CCERASER.DLL
2009-11-09 18:04 . 2009-08-29 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\EECTRL.SYS
2009-11-09 18:04 . 2009-08-29 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091109.003\ERASER.SYS
2009-11-08 23:23 . 2009-11-08 23:23 -------- d-----w- c:\windows\system32\drivers\vrq
2009-11-08 23:23 . 2009-11-08 23:23 -------- d-----w- c:\program files\NortonVRQ
2009-11-08 23:23 . 2009-11-08 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton VRQ
2009-11-08 22:29 . 2009-11-08 22:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-11-08 21:25 . 2004-08-03 19:26 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-08 21:25 . 2004-08-03 19:26 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-11-08 21:17 . 2009-11-09 00:54 -------- d-----w- c:\windows\LMIDBB.tmp
2009-11-07 03:44 . 2009-08-03 22:59 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-11-07 03:44 . 2009-08-03 22:19 15088 ------w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-11-07 03:42 . 2009-11-07 03:43 -------- d-----w- c:\program files\Norton Ghost
2009-11-07 03:33 . 2009-11-07 03:33 -------- d-----w- C:\NGH1405_AllWin_English_SrdAndProd
2009-11-06 19:35 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091105.001\IDSvix86.sys
2009-11-06 19:35 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091105.001\IDSXpx86.sys
2009-11-06 19:35 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091105.001\Scxpx86.dll
2009-11-06 19:35 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091105.001\IDSxpx86.dll
2009-11-06 19:35 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091105.001\IDSviA64.sys
2009-11-06 02:55 . 2009-08-29 01:24 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-11-06 02:54 . 2009-08-30 00:16 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2009-11-06 02:54 . 2009-11-06 02:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-06 02:54 . 2009-11-06 02:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-06 02:54 . 2009-08-26 22:13 900464 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2009-11-06 02:53 . 2009-09-01 08:44 894320 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2009-11-06 02:52 . 2009-11-08 23:22 -------- d-----w- c:\program files\NortonInstaller
2009-11-05 23:32 . 2009-11-06 02:54 -------- d-----w- c:\program files\Symantec
2009-11-05 23:30 . 2009-11-07 03:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-05 22:43 . 2009-11-05 22:43 -------- d-----w- c:\program files\Windows Resource Kits
2009-11-05 21:42 . 2009-11-05 21:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ICS
2009-11-05 21:42 . 2009-11-06 02:13 -------- d-----w- c:\windows\LMI53.tmp
2009-11-04 01:11 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-04 01:11 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-04 01:11 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-04 01:11 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-01 09:43 . 2009-11-01 09:43 -------- d-----w- c:\documents and settings\Owner\Application Data\FastStone
2009-11-01 09:42 . 2009-11-01 09:42 -------- d-----w- c:\program files\FastStone Image Viewer
2009-10-30 21:10 . 2009-10-30 21:10 39880 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-30 21:02 . 2009-10-30 21:02 -------- d-----w- c:\program files\iPod
2009-10-30 21:02 . 2009-10-30 21:03 -------- d-----w- c:\program files\iTunes
2009-10-30 20:48 . 2009-10-30 20:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-30 01:26 . 2009-10-29 22:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-29 22:38 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-29 22:38 . 2009-10-29 22:37 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 22:35 . 2009-10-29 22:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-29 22:35 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-29 22:35 . 2009-10-29 22:35 -------- d-----w- c:\program files\Lavasoft
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-26 19:50 . 2009-10-26 19:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2009-10-26 00:26 . 2009-10-26 00:26 -------- d-----w- c:\program files\mbpowertools
2009-10-26 00:23 . 2009-10-26 00:23 -------- d-----w- c:\program files\Bonjour
2009-10-23 18:45 . 2009-10-29 21:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Rescue Calling Card
2009-10-23 18:44 . 2009-10-29 20:43 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card
2009-10-23 17:59 . 2005-12-19 22:08 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2009-10-23 17:59 . 2009-10-23 17:59 -------- d-----w- c:\program files\Dell
2009-10-23 17:59 . 2005-12-19 22:08 86016 ----a-w- c:\windows\system32\preflib.dll
2009-10-23 17:59 . 2005-12-19 22:08 44032 ----a-w- c:\windows\system32\wltrynt.dll
2009-10-23 17:59 . 2005-12-19 22:08 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2009-10-23 17:59 . 2005-12-19 22:08 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2009-10-23 17:59 . 2005-12-19 22:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
2009-10-23 17:59 . 2005-12-19 22:08 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2009-10-23 17:59 . 2005-12-19 22:08 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-10-23 17:59 . 2005-12-19 22:08 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2009-10-23 17:59 . 2005-12-19 22:08 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-10-23 17:59 . 2005-12-19 22:08 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2009-10-23 16:55 . 2009-11-09 20:00 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-22 20:59 . 2009-10-22 20:59 -------- d-----w- c:\documents and settings\Administrator.DKEATING-051407\Application Data\Malwarebytes
2009-10-22 17:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 17:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-15 13:22 . 2009-10-15 13:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-15 09:23 . 2009-10-15 09:23 -------- d-----w- c:\documents and settings\Owner\Library
2009-10-15 09:23 . 2009-10-15 09:23 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.ExMan
2009-10-15 08:44 . 2009-10-15 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-14 23:17 . 2009-10-14 23:17 -------- d-----w- c:\program files\Adobe Media Player
2009-10-14 21:46 . 2009-10-14 22:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager
2009-10-13 20:46 . 2009-10-14 20:01 -------- d-----w- c:\program files\Winstep
2009-10-13 15:04 . 2009-10-13 15:04 99296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 09:43 . 2009-10-13 09:43 -------- d-----w- c:\program files\Photosynth
2009-10-13 09:30 . 2009-10-13 09:30 -------- d-----w- c:\program files\Shape Collage
2009-10-13 03:33 . 2009-10-13 03:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\IsolatedStorage
2009-10-13 03:23 . 2009-10-13 03:23 -------- d-----w- c:\program files\Microsoft Research
2009-10-13 02:10 . 2009-10-13 02:10 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-10-13 02:07 . 2009-10-13 02:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-13 02:06 . 2009-10-13 03:32 -------- d-----w- c:\program files\Microsoft
2009-10-13 02:05 . 2009-10-13 02:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-13 02:04 . 2009-10-13 02:08 -------- d-----w- c:\program files\Windows Live
2009-10-13 01:51 . 2003-04-07 17:17 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2009-10-13 01:51 . 2003-04-07 17:17 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2009-10-13 01:51 . 2003-04-07 17:17 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2009-10-13 01:51 . 2003-04-07 17:17 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2009-10-13 01:31 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-13 01:23 . 2009-10-13 01:23 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-13 00:43 . 2009-11-04 02:51 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
2009-10-13 00:37 . 2009-10-13 00:37 -------- d-----w- c:\program files\HP
2009-10-12 20:30 . 2006-11-03 15:59 48128 ----a-w- c:\windows\system32\Remove.exe
2009-10-12 20:30 . 2009-10-12 20:30 -------- d-----w- c:\windows\PixArt
2009-10-12 20:30 . 2009-10-12 20:30 -------- d-----w- c:\program files\Common Files\PAC207
2009-10-12 19:34 . 2009-10-12 19:33 8644096 ----a-w- c:\program files\PC Camera.msi
2009-10-12 17:42 . 2009-10-12 17:42 -------- d-----w- c:\windows\Downloaded Installations
2009-10-12 01:41 . 2009-10-12 01:41 -------- d-----w- c:\program files\MSXML 4.0
2009-10-12 01:23 . 2009-10-12 01:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec_Corporation
2009-10-12 01:22 . 2009-08-03 22:22 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-10-12 01:22 . 2009-07-01 17:28 138464 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-10-12 00:29 . 2009-10-12 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-11 08:57 . 2009-10-11 08:57 -------- d-----w- c:\program files\IrfanView
2009-10-11 06:44 . 2007-06-08 17:53 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2009-10-11 06:44 . 2007-06-05 14:20 602112 ----a-w- c:\windows\system32\ExMenu.dll
2009-10-11 06:44 . 2007-04-03 20:51 614400 ----a-w- c:\windows\system32\ExButton.dll
2009-10-11 06:44 . 2007-04-03 20:51 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2009-10-11 06:44 . 2007-06-05 14:19 516096 ----a-w- c:\windows\system32\ExTab.dll
2009-10-11 06:44 . 2005-10-11 18:40 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-10-11 06:44 . 2005-10-04 12:11 118784 ----a-w- c:\windows\system32\eWebControl.dll
2009-10-11 06:44 . 2009-10-11 06:44 -------- d-----w- c:\program files\Common Files\eSellerate
2009-10-11 06:44 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-10-11 06:44 . 2009-10-11 06:44 -------- d-----w- c:\program files\AnswersThatWork

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 23:23 . 2009-09-28 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-11-08 21:26 . 2009-09-28 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-08 10:43 . 2009-10-08 22:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-08 10:42 . 2009-10-08 22:19 -------- d-----w- c:\program files\SpywareBlaster
2009-11-08 05:02 . 2009-09-23 22:28 32979 ----a-w- c:\windows\system32\nvModes.dat
2009-11-07 07:03 . 2009-09-23 20:21 41400 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 02:54 . 2009-11-06 02:54 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-06 02:54 . 2009-11-06 02:54 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-06 02:53 . 2009-09-28 23:36 -------- d-----w- c:\program files\Norton Internet Security
2009-11-06 02:53 . 2009-09-28 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-05 05:00 . 2009-09-28 23:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 01:32 . 2009-09-29 01:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-11-04 01:11 . 2009-09-29 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-02 00:12 . 2009-09-23 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-31 12:26 . 2009-10-08 22:37 -------- d-----w- c:\program files\PeerGuardian2
2009-10-31 12:18 . 2009-10-10 06:52 -------- d-----w- c:\program files\BitComet
2009-10-30 21:02 . 2009-09-29 01:46 -------- d-----w- c:\program files\Common Files\Apple
2009-10-29 16:28 . 2009-09-29 00:54 -------- d-----w- c:\program files\Aarons Advanced Cliker
2009-10-26 02:09 . 2009-09-23 21:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 15:21 . 2009-09-23 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 08:40 . 2009-10-04 08:23 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-10-13 15:02 . 2009-10-13 14:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-10-13 14:32 . 2009-10-13 14:31 -------- d-----w- c:\program files\Winamp
2009-10-13 00:36 . 2009-10-10 14:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-12 20:31 . 2009-09-23 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 19:33 . 2009-10-12 19:34 5693 ----a-w- c:\program files\0x0409.ini
2009-10-12 19:33 . 2009-10-12 19:34 16384 ----a-w- c:\program files\1033.MST
2009-10-10 13:45 . 2009-10-10 11:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-10-10 11:55 . 2009-10-10 11:55 126970 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-10-10 11:55 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-09 21:38 . 2009-10-09 21:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHRules.dll
2009-10-09 21:38 . 2009-10-09 21:38 1412496 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHEngine.dll
2009-10-09 21:38 . 2009-10-09 21:38 643632 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx64.sys
2009-10-09 21:38 . 2009-10-09 21:38 508976 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys
2009-10-09 21:38 . 2009-10-09 21:38 590736 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\bbRGen.dll
2009-10-08 23:00 . 2009-10-08 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-07 21:36 . 2009-10-07 21:36 -------- d-----w- c:\program files\Pure Networks
2009-10-07 20:51 . 2009-10-07 20:51 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-10-07 20:51 . 2009-10-01 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-10-04 08:23 . 2009-10-04 08:23 -------- d-----w- c:\program files\VideoLAN
2009-10-01 23:34 . 2009-10-01 23:34 -------- d-----w- c:\program files\D-Link
2009-10-01 22:58 . 2009-10-01 22:58 -------- d-----w- c:\program files\DIFX
2009-10-01 22:48 . 2009-09-29 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\VirtualStore
2009-09-29 15:10 . 2009-09-29 12:14 -------- d-----w- c:\program files\CCleaner
2009-09-29 15:05 . 2009-09-29 15:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software
2009-09-29 15:05 . 2009-09-29 15:05 -------- d-----w- c:\program files\Foxit Software
2009-09-29 14:57 . 2009-09-29 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-29 12:29 . 2009-09-29 12:29 -------- d-----w- c:\program files\ViewNFO
2009-09-29 02:30 . 2009-09-29 02:30 0 ----a-w- c:\windows\nsreg.dat
2009-09-29 01:49 . 2009-09-29 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-29 01:48 . 2009-09-29 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-29 01:48 . 2009-09-29 01:47 -------- d-----w- c:\program files\QuickTime
2009-09-29 01:30 . 2009-09-29 01:30 -------- d-----w- c:\program files\Apple Software Update
2009-09-29 00:36 . 2009-09-29 00:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-09-29 00:35 . 2009-09-29 00:35 -------- d-----w- c:\program files\Uniblue
2009-09-28 23:36 . 2009-09-28 23:36 -------- d-----w- c:\program files\Windows Sidebar
2009-09-28 23:25 . 2009-09-28 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-25 17:41 . 2009-09-25 17:41 -------- d-----w- c:\program files\JRE
2009-09-25 17:41 . 2009-09-25 17:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-24 16:20 . 2009-09-24 16:19 -------- d-----w- c:\program files\Roxio
2009-09-24 16:20 . 2009-09-24 16:19 -------- d-----w- c:\program files\Common Files\Adaptec Shared
2009-09-24 16:20 . 2002-12-17 17:29 25898 ----a-w- c:\windows\system32\drivers\Dvd_2k.sys
2009-09-24 16:20 . 2002-12-17 17:29 30630 ----a-w- c:\windows\system32\drivers\Mmc_2k.sys
2009-09-24 16:20 . 2002-12-17 17:29 143834 ----a-w- c:\windows\system32\drivers\pwd_2K.sys
2009-09-24 16:20 . 2002-12-17 17:27 206464 ----a-w- c:\windows\system32\drivers\udfreadr_xp.sys
2009-09-24 16:20 . 2009-09-24 16:20 57344 ----a-w- c:\windows\uneng.exe
2009-09-24 16:11 . 2009-09-24 16:11 -------- d-----w- c:\documents and settings\Owner\Application Data\InterVideo
2009-09-24 16:09 . 2009-09-24 16:09 -------- d-----w- c:\program files\InterVideo
2009-09-24 16:06 . 2009-09-24 16:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2009-09-24 16:05 . 2009-09-24 16:05 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-09-24 16:04 . 2009-09-23 20:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-24 16:04 . 2009-09-24 16:04 -------- d-----w- c:\program files\WordPerfect Office 12
2009-09-24 16:04 . 2009-09-24 16:04 -------- d-----w- c:\program files\Common Files\Corel
2009-09-23 23:03 . 2009-09-23 23:03 -------- d-----w- c:\program files\MSBuild
2009-09-23 23:03 . 2009-09-23 23:03 -------- d-----w- c:\program files\Reference Assemblies
2009-09-23 22:56 . 2009-09-23 22:56 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-23 22:20 . 2009-09-23 19:32 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-23 21:56 . 2009-09-23 21:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 21:56 . 2009-09-23 21:56 -------- d-----w- c:\program files\Java
2009-09-23 21:55 . 2009-09-23 21:55 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-23 21:53 . 2009-09-23 21:53 -------- d-----w- c:\program files\Laplink
2009-09-23 21:52 . 2009-09-23 21:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-23 21:52 . 2009-09-23 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-23 21:30 . 2009-09-23 21:30 -------- d-----w- c:\program files\CONEXANT
2009-09-23 20:51 . 2009-09-23 20:51 -------- d-----w- c:\program files\SigmaTel
2009-09-23 20:47 . 2009-09-23 20:47 -------- d-----w- c:\program files\Broadcom
2009-09-23 19:33 . 2009-09-23 19:33 -------- d-----w- c:\program files\microsoft frontpage
2009-09-23 19:29 . 2009-09-23 19:29 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-09-29 07:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-29 00:42 . 2009-09-29 01:47 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-09-29 01:47 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-11-20 14:01 . 2006-11-20 14:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-10-28_15.45.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-07-12 02:54 . 2009-07-12 02:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 02:32 . 2009-07-12 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 07:07 . 2009-07-12 07:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 07:19 . 2009-07-12 07:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-11-09 17:54 . 2009-11-09 17:54 16384 c:\windows\temp\Perflib_Perfdata_d30.dat
+ 2009-11-09 17:53 . 2009-11-09 17:53 16384 c:\windows\temp\Perflib_Perfdata_61c.dat
+ 2009-11-09 17:55 . 2009-11-09 17:55 16384 c:\windows\temp\Perflib_Perfdata_548.dat
+ 2009-10-08 22:12 . 2008-04-14 11:42 53760 c:\windows\system32\vfwwdm32.dll
- 2009-10-08 22:12 . 2008-04-14 10:42 53760 c:\windows\system32\vfwwdm32.dll
+ 2004-08-04 10:00 . 2009-11-02 22:24 71462 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-10-26 19:44 71462 c:\windows\system32\perfc009.dat
- 2004-08-04 00:56 . 2008-04-14 10:42 16896 c:\windows\system32\msyuv.dll
+ 2004-08-04 00:56 . 2008-04-14 11:42 16896 c:\windows\system32\msyuv.dll
+ 2009-09-29 12:27 . 2009-11-02 22:57 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 00:56 . 2008-04-14 10:41 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2008-04-14 11:41 47616 c:\windows\system32\iyuv_32.dll
- 2009-10-12 00:13 . 2008-01-20 00:40 15088 c:\windows\system32\DRVSTORE\VProEventM_C909BEBEDD69FFAFE2762F3E5941502D970AC1BF\Win32\vproeventmonitor.sys
+ 2009-11-07 03:44 . 2009-08-03 22:19 15088 c:\windows\system32\DRVSTORE\VProEventM_C909BEBEDD69FFAFE2762F3E5941502D970AC1BF\Win32\vproeventmonitor.sys
- 2009-10-12 01:22 . 2008-08-13 22:07 38112 c:\windows\system32\DRVSTORE\V2iMount_B2CE524B206C254E59BA676EC09659D33653F4BD\Win32\v2imount.sys
+ 2009-10-12 01:22 . 2009-08-03 22:22 38112 c:\windows\system32\DRVSTORE\V2iMount_B2CE524B206C254E59BA676EC09659D33653F4BD\Win32\v2imount.sys
+ 2009-10-29 22:38 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-11-07 03:44 . 2009-08-03 22:12 15464 c:\windows\system32\DRVSTORE\gearaspiwd_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2009-11-06 02:54 . 2009-08-30 00:16 43696 c:\windows\system32\drivers\NIS\1100000.088\srtspx.sys
+ 2009-09-29 01:50 . 2009-08-03 22:12 15464 c:\windows\system32\drivers\GEARAspiWDM.sys
- 2009-10-08 22:12 . 2008-04-14 10:42 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2009-10-08 22:12 . 2008-04-14 11:42 53760 c:\windows\system32\dllcache\vfwwdm32.dll
- 2004-08-04 00:56 . 2008-04-14 10:42 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2008-04-14 11:42 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2008-04-14 11:41 47616 c:\windows\system32\dllcache\iyuv_32.dll
- 2004-08-04 00:56 . 2008-04-14 10:41 47616 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-09-23 22:27 . 2009-10-23 18:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-23 22:27 . 2009-11-09 18:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-23 22:27 . 2009-10-23 18:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-23 22:27 . 2009-11-09 18:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-22 19:56 . 2009-10-23 18:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-02 21:20 . 2009-11-09 18:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-23 22:16 . 2009-11-06 02:02 47616 c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2009-11-07 03:43 . 2009-11-07 03:43 40960 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\SecurityV2i1_A8EA8A55FDBE4875B598DDC15B298265.exe
- 2009-10-12 00:13 . 2009-10-12 01:21 40960 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\SecurityV2i1_A8EA8A55FDBE4875B598DDC15B298265.exe
- 2009-10-12 00:13 . 2009-10-12 01:21 65536 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\NewShortcut12_A8EA8A55FDBE4875B598DDC15B298265.exe
+ 2009-11-07 03:43 . 2009-11-07 03:43 65536 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\NewShortcut12_A8EA8A55FDBE4875B598DDC15B298265.exe
- 2009-10-12 00:13 . 2009-10-12 01:21 49152 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\ImageBrowser1_A8EA8A55FDBE4875B598DDC15B298265.exe
+ 2009-11-07 03:43 . 2009-11-07 03:43 49152 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\ImageBrowser1_A8EA8A55FDBE4875B598DDC15B298265.exe
- 2009-10-12 00:13 . 2009-10-12 01:21 65536 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\ARPPRODUCTICON.exe
+ 2009-11-07 03:43 . 2009-11-07 03:43 65536 c:\windows\Installer\{B0255743-165B-4BD5-8DA8-37DFB9930014}\ARPPRODUCTICON.exe
+ 2001-08-17 22:36 . 2001-08-18 04:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\tsbyuv.dll
- 2009-09-23 20:51 . 2008-04-14 10:41 4096 c:\windows\system32\ksuser.dll
+ 2009-09-23 20:51 . 2008-04-14 11:41 4096 c:\windows\system32\ksuser.dll
+ 2001-08-17 22:36 . 2001-08-18 04:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
- 2001-08-17 22:36 . 2001-08-18 03:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
- 2009-09-23 20:51 . 2008-04-14 10:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-09-23 20:51 . 2008-04-14 11:41 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2006-11-20 14:04 . 2006-11-20 14:04 6656 c:\windows\system32\CoInst_071102.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2005-09-23 04:48 . 2005-09-23 04:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 05:48 . 2005-09-23 05:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
- 2005-09-23 04:48 . 2005-09-23 04:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 05:48 . 2005-09-23 05:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
- 2005-09-23 04:48 . 2005-09-23 04:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 05:48 . 2005-09-23 05:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
- 2004-08-04 10:00 . 2009-10-26 19:44 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2009-11-02 22:24 441692 c:\windows\system32\perfh009.dat
- 2004-08-04 00:56 . 2008-04-14 10:42 294912 c:\windows\system32\msh263.drv
+ 2004-08-04 00:56 . 2008-04-14 11:42 294912 c:\windows\system32\msh263.drv
+ 2009-09-29 01:50 . 2009-08-03 22:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-11-07 03:44 . 2009-08-03 22:59 128104 c:\windows\system32\DRVSTORE\wimfltr_09A49301578AA557C46CB5D1C7CA91C941BE8092\Win32\WimFltr.sys
- 2009-10-12 00:13 . 2008-01-20 01:12 128104 c:\windows\system32\DRVSTORE\wimfltr_09A49301578AA557C46CB5D1C7CA91C941BE8092\Win32\WimFltr.sys
- 2009-10-12 01:22 . 2009-07-01 16:28 138464 c:\windows\system32\DRVSTORE\Symsnap_3940295AEE322DA68F8260F6B31838602D30C710\Win32\symsnap.sys
+ 2009-10-12 01:22 . 2009-07-01 17:28 138464 c:\windows\system32\DRVSTORE\Symsnap_3940295AEE322DA68F8260F6B31838602D30C710\Win32\symsnap.sys
+ 2009-11-07 03:44 . 2009-08-03 22:12 107368 c:\windows\system32\DRVSTORE\gearaspiwd_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2007-10-25 23:31 . 2007-10-25 23:31 616064 c:\windows\system32\drivers\PFC027.SYS
+ 2009-11-06 02:54 . 2009-08-30 00:17 338480 c:\windows\system32\drivers\NIS\1100000.088\symtdiv.sys
+ 2009-11-06 02:54 . 2009-08-30 00:17 361392 c:\windows\system32\drivers\NIS\1100000.088\symtdi.sys
+ 2009-11-06 02:54 . 2009-08-30 00:17 169008 c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys
+ 2009-11-06 02:54 . 2009-08-30 00:17 328752 c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys
+ 2009-11-06 02:54 . 2009-08-30 00:16 325168 c:\windows\system32\drivers\NIS\1100000.088\srtsp.sys
+ 2009-11-06 02:54 . 2009-08-30 00:16 114736 c:\windows\system32\drivers\NIS\1100000.088\Ironx86.sys
+ 2009-11-06 02:54 . 2009-08-24 22:50 501888 c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys
- 2004-08-03 23:15 . 2008-04-14 05:46 141056 c:\windows\system32\drivers\ks.sys
+ 2004-08-03 23:15 . 2008-04-14 06:46 141056 c:\windows\system32\drivers\ks.sys
+ 2004-08-03 23:15 . 2008-04-14 06:46 141056 c:\windows\system32\dllcache\ks.sys
- 2004-08-03 23:15 . 2008-04-14 05:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-11-06 18:07 . 2009-11-06 18:07 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2006-11-03 16:01 . 2006-11-03 16:01 319488 c:\windows\PixArt\PAC207\Monitor.exe
+ 2009-11-02 22:36 . 2009-11-02 22:36 424448 c:\windows\Installer\f6783.msi
+ 2009-10-30 20:52 . 2009-10-30 20:52 796672 c:\windows\Installer\dca4fe.msi
+ 2009-11-05 22:43 . 2009-11-05 22:43 279040 c:\windows\Installer\33cce.msi
+ 2009-10-29 22:34 . 2009-10-29 22:34 236032 c:\windows\Installer\1652c8c.msi
+ 2009-10-30 21:04 . 2009-10-30 21:04 102400 c:\windows\Installer\{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}\iTunesIco.exe
+ 2009-11-05 04:06 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-05 04:06 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-03-26 21:48 . 2009-03-26 21:48 583104 c:\windows\Downloaded Program Files\tgctlsr.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2009-07-12 02:46 . 2009-07-12 02:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 02:46 . 2009-07-12 02:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2006-03-23 17:32 . 2009-10-21 04:08 3598336 c:\windows\system32\mshtml.dll
- 2006-03-23 17:32 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll
+ 2009-09-23 14:21 . 2009-11-07 04:19 2070216 c:\windows\system32\FNTCACHE.DAT
- 2009-07-18 16:05 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-18 16:05 . 2009-10-21 04:08 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-10-30 21:04 . 2009-10-30 21:04 4454912 c:\windows\Installer\dcac9e.msi
+ 2009-10-30 20:47 . 2009-10-30 20:47 1679872 c:\windows\Installer\dca4f0.msi
+ 2009-10-29 22:35 . 2009-10-29 22:35 1861120 c:\windows\Installer\1652c95.msi
+ 2009-11-05 04:06 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-11-07 03:43 . 2009-11-07 03:43 10707456 c:\windows\Installer\101b26.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorkShelf"="c:\program files\Winstep\workshelf.exe" [2009-05-22 10794038]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NextSTART"="c:\program files\Winstep\nextstart.exe" [2009-05-22 5327414]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
iReceiver.exe [2009-9-23 266240]
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe [2009-10-1 12693504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mbpowertools\\iReceiver.exe"=
"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\iReceiver.exe"=
"c:\\Program Files\\D-Link\\D-Link RangeBooster N DWA-642\\wirelesscm.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34641:TCP"= 34641:TCP:iReceiver
"67:UDP"= 67:UDP:DHCP Discovery Service
"10197:TCP"= 10197:TCP:BitComet 10197 TCP
"10197:UDP"= 10197:UDP:BitComet 10197 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/29/2009 4:38 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys [11/5/2009 8:54 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys [11/5/2009 8:54 PM 169008]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys [10/9/2009 3:38 PM 508976]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [11/5/2009 8:54 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1100000.088\Ironx86.sys [11/5/2009 8:54 PM 114736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1179232]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [11/5/2009 8:53 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2009 11:33 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091105.001\IDSXpx86.sys [11/6/2009 1:35 PM 329592]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [10/25/2007 5:31 PM 616064]
R3 shwMirror;shwMirror;c:\windows\system32\drivers\shwMirror.sys [8/29/2006 3:17 PM 3584]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [7/1/2009 11:28 AM 1562096]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [9/23/2009 2:02 PM 20160]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 4:00 AM 5120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*NewlyCreated* - VPROEVENTMONITOR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:37]

2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-13 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet36002003-04-11 20:25N3AM3F58C6B.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 20:25]

2009-11-08 c:\windows\Tasks\Norton Internet Security - Owner - Full System Scan.job
- c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\Navw32.exe [2009-11-06 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: download.microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
TCP: {B6F697EF-EAAB-44BE-9E39-370D0A6DE338} = 4.2.2.2,4.2.2.3
TCP: {E054DB29-2129-4B5E-88F8-37CEE848DCB0} = 4.2.2.2,4.2.2.3
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j94yc195.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-11-09 14:34
ComboFix-quarantined-files.txt 2009-11-09 20:34
ComboFix2.txt 2009-10-28 15:51
ComboFix3.txt 2009-10-22 17:26
ComboFix4.txt 2009-10-22 15:27

Pre-Run: 121,423,958,016 bytes free
Post-Run: 121,652,027,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9A12258FDFFB597A07FAA5601DEC7D6E

Glaswegian

Hi again

How is your system running now?

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Online Scan
Perform an online scan with Panda ActiveScan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log to your reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.

Note that Panda may take several hours to scan your system.

AeroMonk

Due to some family problems, I haven't had time to get on my computer. It's going to be another day or two before I have a chance to run the scan you recommend.

I just wanted to shoot you a quick message, so you didn't think I was ignoring you. So please don't close this Thread.

Glaswegian

No worries - thanks for letting me know.

AeroMonk

Okay, I'm back. Thanks for waiting for me.

I did the scan you wanted and I have Attached the results log.

Attached Files

ActiveScan.txt (3.7 KB, 1 views)

Glaswegian

Hi again

Your logs are clean. If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.


The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /Uninstall



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.


Ad-aware 2008 Free Edition
Download and install Ad-Aware 2008 Free Edition. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari



Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.


Web of Trust
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.


ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system.


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.

AeroMonk

I appreciate everything you've done. But I was wondering if we could do HijackThis, just for my peace of mind. It's been nearly 2 years since I have used HJT or had someone analyze a log.

Glaswegian

We can, if you like. But the changes in malware over that time have forced us to abandon HJT - it does not provide the detailed information we need. Scanners such as DDS and tools like combofix provide far greater detail than HJT ever did. My answer will still be the same...

We could use this scanner, which incorporates a version of HJT...

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

AeroMonk

I've attached both files

Attached Files

	log.txt (32.7 KB, 2 views)
	info.txt (21.4 KB, 0 views)

Glaswegian

Hi again

One leftover Registry entry – that’s all.

Download the attached zip file to your desktop. Extract the file monk.reg to your desktop. Now double click on fix.reg and answer yes to any prompts and allow it to merge into the Registry.


That’s you all done.

Attached Files

monk.zip (258 Bytes, 3 views)

AeroMonk

I did as you instructed, but I'm just curious - why did I add that file too the registry. I just dont know what it was for.

Glaswegian

The registry entry was a BHO - a Browser Helper Object - often installed without your knowledge. We had already removed any related files, so all that was left was the registry entry. Without the related file it wasn't doing anything - just a tidy up exercise.

Hope that helps.