cant run hjt, mbam or gmer.. help!

[sean dorian]

Sorry LDTate, I can't do that either hahah.. I always get an error when I do a search, even before all of this. The title is "Microsoft Visual C++ Runtime Library" and the message "Program: C:\WINDOWS\explorer.exe This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information."

Whats next? You're a genius if you get me through all of this hahaha, thanks again.

[LDTate]

You can use windows sfc (system file checker) You'd need your XP CD to make this work.

Click Start> Run> type sfc /scannow Note the space.

(Note that there is a space between sfc and /scannow)

[sean dorian]

I'm sure I'm killing you here, but I don't have an XP disk. This computer is a hand me down for work, and they dont have any software for it.

[LDTate]

Rename SystemLook.exe to SystemLook.com and see if that will work

[sean dorian]

Sorry, still the same result

[LDTate]

How about a new DDS scan?

[sean dorian]

Here is the new DDS log..

DDS (Ver_10-10-10.03) - NTFSx86

Run by Tom at 14:59:16.25 on Thu 10/21/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.439 [GMT -7:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\alg.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\debug.exe

C:\WINDOWS\avp32.exe

C:\WINDOWS\install.exe

C:\WINDOWS\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\debug.exe

C:\WINDOWS\avp32.exe

C:\WINDOWS\install.exe

C:\WINDOWS\mdm.exe

C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

C:\DOCUME~1\Tom\LOCALS~1\Temp\iexplorer.exe

C:\Documents and Settings\Tom\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>

BHO: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe

uRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe

uRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe

uRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe

uRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe

uRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe

uRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe

uRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe

uRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe

uRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe

uRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe

uRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe

uRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe

uRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe

uRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe

uRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe

uRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe

uRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe

uRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe

uRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe

uRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe

uRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe

uRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe

uRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe

uRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe

uRun: [MKetc] c:\windows\sysedit.exe

uRun: [MKaoc] c:\windows\debug.exe

uRun: [MKese] c:\windows\svchost.exe

uRun: [MKZSc] c:\windows\avp32.exe

uRun: [MKayc] c:\windows\csrss.exe

uRun: [MKbta] c:\windows\install.exe

uRun: [MKcZ] c:\windows\mdm.exe

uRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe

mRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe

mRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe

mRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe

mRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe

mRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe

mRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe

mRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe

mRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe

mRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe

mRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe

mRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe

mRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe

mRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe

mRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe

mRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe

mRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe

mRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe

mRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe

mRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe

mRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe

mRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe

mRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe

mRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe

mRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe

mRun: [MKetc] c:\windows\sysedit.exe

mRun: [MKaoc] c:\windows\debug.exe

mRun: [MKese] c:\windows\svchost.exe

mRun: [MKZSc] c:\windows\avp32.exe

mRun: [MKayc] c:\windows\csrss.exe

mRun: [MKbta] c:\windows\install.exe

mRun: [MKcZ] c:\windows\mdm.exe

mRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\tom\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wm-des~1.lnk - c:\program files\whiskeymilitia\desktop alert\WM-Desktop-Alert.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: winsock.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211587291171

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259707250250

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {8CD620CB-E463-446F-A79C-F2DA6C90C382} - rundll32.exe "c:\documents and settings\tom\application data\bitrix security\xaukvmm60.dll", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\vj895qtp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=

FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - HiddenExtension: XULRunner: {60936386-F8F0-497F-9CB8-B5B399B0E4E7} - c:\documents and settings\tom\local settings\application data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [2007-11-30 303904]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-9 38144]

R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-14 238208]

S0 kcdwnloe;kcdwnloe; [x]

S1 aAAAAAa;aAAAAAa;c:\windows\system32\drivers\aaaaaaa.sys --> c:\windows\system32\drivers\aAAAAAa.sys [?]

S3 5DE6C4AB;5DE6C4AB; [x]

S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [2005-11-22 24576]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-11-16 550272]

=============== Created Last 30 ================

2010-10-21 20:42:56 -------- d-s---w- C:\ComboFix

2010-10-20 22:19:47 21636 ---h--w- c:\windows\mdm.exe

2010-10-20 22:19:46 21636 ---h--w- c:\windows\install.exe

2010-10-20 22:12:04 21636 ---h--w- c:\windows\svchost.exe

2010-10-20 22:12:04 21636 ---h--w- c:\windows\csrss.exe

2010-10-20 22:12:03 21636 ---h--w- c:\windows\sysedit.exe

2010-10-20 22:12:03 21636 ---h--w- c:\windows\avp32.exe

2010-10-20 22:12:02 21636 ---h--w- c:\windows\debug.exe

2010-10-20 19:31:05 -------- d-----w- c:\program files\ESET

2010-10-19 22:30:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 22:30:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:18:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro

2010-10-19 20:18:11 -------- d-----w- c:\program files\Trend Micro

2010-10-19 18:41:32 -------- d-s---w- C:\Combo-Fix6475C

2010-10-19 17:46:22 -------- d-s---w- C:\Combo-Fix

2010-10-15 21:18:36 190 ----a-w- c:\docume~1\tom\applic~1\jsfhjjsd.bat

2010-10-15 21:18:06 -------- d-----w- c:\docume~1\tom\applic~1\Bitrix Security

2010-10-11 21:55:19 0 ----a-w- c:\windows\Nbimupe.bin

2010-10-11 21:54:41 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

2010-09-29 19:13:11 -------- d-----w- c:\docume~1\tom\applic~1\Delicious IE Extension

2010-09-29 19:12:45 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer

2010-09-28 19:29:27 -------- d-sh--w- c:\docume~1\tom\applic~1\SystemProc

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 14:59:56.17 ===============

and Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/23/2008 4:24:51 PM

System Uptime: 10/21/2010 1:58:44 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | IVY

Processor: AMD Athlon 64 Processor 3800+ | Socket AM2 | 2410/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 39.517 GiB free.

D: is FIXED (NTFS) - 90 GiB total, 44.571 GiB free.

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM (CDFS)

Z: is NetworkDisk (NTFS) - 40 GiB total, 8.282 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: Microsoft System Management BIOS Driver

Device ID: ROOT\SYSTEM\0002

Manufacturer: (Standard system devices)

Name: Microsoft System Management BIOS Driver

PNP Device ID: ROOT\SYSTEM\0002

Service: mssmbios

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acronis

[LDTate]

Delete these Files if listed:

c:\docume~1\tom\locals~1\temp\ ALL files in this folder

c:\documents and settings\tom\application data\bitrix security\xaukvmm60.dll

c:\windows\system32\pwvrpzgte.dll

c:\windows\system32\drivers\aaaaaaa.sys

c:\docume~1\tom\applic~1\jsfhjjsd.bat

c:\windows\Nbimupe.bin

Delete these Folders if listed:

c:\documents and settings\tom\application data\bitrix security

Reboot and let me know how it's running

[sean dorian]

Alright I deleted those files and folder, restarted and did a new DDS scan.. I tried hijackthis but it is still acting the same

DDS (Ver_10-10-10.03) - NTFSx86

Run by Tom at 15:53:42.53 on Thu 10/21/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.482 [GMT -7:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\debug.exe

"C:\WINDOWS\svchost.exe"

C:\WINDOWS\avp32.exe

C:\WINDOWS\install.exe

C:\WINDOWS\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\sysedit.exe

C:\WINDOWS\debug.exe

"C:\WINDOWS\svchost.exe"

C:\WINDOWS\avp32.exe

C:\WINDOWS\install.exe

C:\WINDOWS\mdm.exe

C:\Program Files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>

BHO: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\tom\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe

uRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe

uRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe

uRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe

uRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe

uRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe

uRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe

uRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe

uRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe

uRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe

uRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe

uRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe

uRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe

uRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe

uRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe

uRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe

uRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe

uRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe

uRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe

uRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe

uRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe

uRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe

uRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe

uRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe

uRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe

uRun: [MKetc] c:\windows\sysedit.exe

uRun: [MKaoc] c:\windows\debug.exe

uRun: [MKese] c:\windows\svchost.exe

uRun: [MKZSc] c:\windows\avp32.exe

uRun: [MKayc] c:\windows\csrss.exe

uRun: [MKbta] c:\windows\install.exe

uRun: [MKcZ] c:\windows\mdm.exe

uRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HNUjHTgph] c:\docume~1\tom\locals~1\temp\setup.exe

mRun: [HNUjHTgruf] c:\docume~1\tom\locals~1\temp\wininst.exe

mRun: [HNUjHTgre] c:\docume~1\tom\locals~1\temp\smss.exe

mRun: [HNUjHTgoe] c:\docume~1\tom\locals~1\temp\avp.exe

mRun: [HNUjHTgrvg] c:\docume~1\tom\locals~1\temp\spoolsv.exe

mRun: [HNUjHTgrsc] c:\docume~1\tom\locals~1\temp\winlogon.exe

mRun: [HNUjHTgrA] c:\docume~1\tom\locals~1\temp\win16.exe

mRun: [HNUjHTgta] c:\docume~1\tom\locals~1\temp\user.exe

mRun: [HNUjHTgne] c:\docume~1\tom\locals~1\temp\mdm.exe

mRun: [HNUjHTglb] c:\docume~1\tom\locals~1\temp\debug.exe

mRun: [HNUjHTgmve] c:\docume~1\tom\locals~1\temp\hexdump.exe

mRun: [HNUjHTgrrc] c:\docume~1\tom\locals~1\temp\winamp.exe

mRun: [HNUjHTgpb] c:\docume~1\tom\locals~1\temp\login.exe

mRun: [HNUjHTgoh] c:\docume~1\tom\locals~1\temp\csrss.exe

mRun: [HNUjHTgob] c:\docume~1\tom\locals~1\temp\drweb.exe

mRun: [HNUjHTgsfP] c:\docume~1\tom\locals~1\temp\nvsvc32.exe

mRun: [HNUjHTgotd] c:\docume~1\tom\locals~1\temp\install.exe

mRun: [HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe] c:\docume~1\tom\locals~1\temp\2799445640.exe

mRun: [HNUjHTgosf] c:\docume~1\tom\locals~1\temp\taskmgr.exe

mRun: [HNUjHTgnb] c:\docume~1\tom\locals~1\temp\cmd.exe

mRun: [HNUjHTgupf] c:\docume~1\tom\locals~1\temp\sysedit.exe

mRun: [HNUjHTgl/] c:\docume~1\tom\locals~1\temp\gdi32.exe

mRun: [HNUjHTgmtd] c:\docume~1\tom\locals~1\temp\iexplarer.exe

mRun: [HNUjHTgqd] c:\docume~1\tom\locals~1\temp\lsass.exe

mRun: [HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe] c:\docume~1\tom\locals~1\temp\593788024.exe

mRun: [MKetc] c:\windows\sysedit.exe

mRun: [MKaoc] c:\windows\debug.exe

mRun: [MKese] c:\windows\svchost.exe

mRun: [MKZSc] c:\windows\avp32.exe

mRun: [MKayc] c:\windows\csrss.exe

mRun: [MKbta] c:\windows\install.exe

mRun: [MKcZ] c:\windows\mdm.exe

mRun: [HNUjHTgoh.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\docume~1\tom\locals~1\temp\csrss.exe

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\tom\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wm-des~1.lnk - c:\program files\whiskeymilitia\desktop alert\WM-Desktop-Alert.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: winsock.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211587291171

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259707250250

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: c:\windows\system32\pwvrpzgte.dll: {d6ba40a1-a502-59bd-f413-04b03a2c8953} - c:\windows\system32\pwvrpzgte.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {8CD620CB-E463-446F-A79C-F2DA6C90C382} - rundll32.exe "c:\documents and settings\tom\application data\bitrix security\xaukvmm60.dll", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\vj895qtp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=

FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - HiddenExtension: XULRunner: {60936386-F8F0-497F-9CB8-B5B399B0E4E7} - c:\documents and settings\tom\local settings\application data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [2007-11-30 303904]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-9 38144]

R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-14 238208]

S0 kcdwnloe;kcdwnloe; [x]

S1 aAAAAAa;aAAAAAa;c:\windows\system32\drivers\aaaaaaa.sys --> c:\windows\system32\drivers\aAAAAAa.sys [?]

S3 5DE6C4AB;5DE6C4AB; [x]

S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [2005-11-22 24576]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-11-16 550272]

=============== Created Last 30 ================

2010-10-21 20:42:56 -------- d-s---w- C:\ComboFix

2010-10-20 22:19:47 21636 ---h--w- c:\windows\mdm.exe

2010-10-20 22:19:46 21636 ---h--w- c:\windows\install.exe

2010-10-20 22:12:04 21636 ---h--w- c:\windows\svchost.exe

2010-10-20 22:12:04 21636 ---h--w- c:\windows\csrss.exe

2010-10-20 22:12:03 21636 ---h--w- c:\windows\sysedit.exe

2010-10-20 22:12:03 21636 ---h--w- c:\windows\avp32.exe

2010-10-20 22:12:02 21636 ---h--w- c:\windows\debug.exe

2010-10-20 19:31:05 -------- d-----w- c:\program files\ESET

2010-10-19 22:30:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 22:30:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:18:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro

2010-10-19 20:18:11 -------- d-----w- c:\program files\Trend Micro

2010-10-19 18:41:32 -------- d-s---w- C:\Combo-Fix6475C

2010-10-19 17:46:22 -------- d-s---w- C:\Combo-Fix

2010-10-11 21:54:41 -------- d-----w- c:\docume~1\tom\locals~1\applic~1\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

2010-09-29 19:13:11 -------- d-----w- c:\docume~1\tom\applic~1\Delicious IE Extension

2010-09-29 19:12:45 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer

2010-09-28 19:29:27 -------- d-sh--w- c:\docume~1\tom\applic~1\SystemProc

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 15:54:27.53 ===============

[LDTate]

As you can see by the scan they are back.

Delete them again and before restarting try combofix

[LDTate]

You can also delete these but ONLY from the shown location as the legit ones are in C:\windows\system or C:\windows\system32

c:\windows\sysedit.exe

c:\windows\debug.exe

c:\windows\svchost.exe

c:\windows\avp32.exe

c:\windows\csrss.exe

c:\windows\install.exe

c:\windows\mdm.exe

[sean dorian]

Hi LDTate,

Well, I was able to delete those files and run ComboFix, it seems to have cleared it up. The only problem now is, is that I somehow lost network functionality, neither wireless or wired connections work. So I'm currently using my phone (hahah) as a thumb drive to bring over this combofix log and go from there. The other thing is that upon startup I am getting multiple (12 to 15) Bad Image errors with the message "The application or DLL C:\Windows\system32\winsock.dll is not a valid Windows image".

Whats next?

ComboFix 10-10-20.04 - Tom 10/21/2010 16:26:34.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.648 [GMT -7:00]

Running from: c:\combofix\ComboFix.exe

Command switches used :: ComboFix

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\.wtav

c:\documents and settings\Tom\Application Data\SystemProc

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

c:\windows\avp32.exe

c:\windows\csrss.exe

c:\windows\debug.exe

c:\windows\install.exe

c:\windows\mdm.exe

c:\windows\svchost.exe

c:\windows\sysedit.exe

c:\windows\system32\certstore.dat

c:\windows\System32\drivers\vbma4f28.sys

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

Infected copy of c:\windows\system32\drivers\fips.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Legacy_USERINIT

-------\Service_6to4

-------\Service_userinit

-------\Service_vbma4f28

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))

.

2010-10-21 23:39 . 2010-10-21 23:39 -------- d-sh--w- c:\documents and settings\Temporary Internet Files\Content.IE5

2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\ESET

2010-10-19 22:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 22:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\program files\Trend Micro

2010-10-19 17:46 . 2010-10-19 18:41 -------- d-----w- C:\Combo-Fix

2010-10-18 23:06 . 2010-10-18 23:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-10-15 18:59 . 2010-10-15 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-10-14 22:00 . 2010-10-14 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-11 21:54 . 2010-10-11 21:54 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

2010-09-29 19:13 . 2010-10-15 20:32 -------- d-----w- c:\documents and settings\Tom\Application Data\Delicious IE Extension

2010-09-29 19:12 . 2010-09-29 19:13 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer

2010-09-22 19:12 . 2010-09-22 19:13 -------- d-----w- c:\documents and settings\Tom\Application Data\gtk-2.0

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-10 00:10 . 2007-11-10 00:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-11-10 00:10 . 2007-11-10 00:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-11-10 00:10 . 2007-11-10 00:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-11-10 00:10 . 2007-11-10 00:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-11-10 00:10 . 2007-11-10 00:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-11-10 00:10 . 2007-11-10 00:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-11-10 00:10 . 2007-11-10 00:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-11-10 00:11 . 2007-11-10 00:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-11-10 00:11 . 2007-11-10 00:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-07-08_17.29.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-06-24 14:03 . 2005-06-24 14:03 65536 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGSN.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 53248 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGPN.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 49152 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGBD.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 98304 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KMTIGBC.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 65536 c:\windows\system32\spool\drivers\w32x86\3\KMTIGSN.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 53248 c:\windows\system32\spool\drivers\w32x86\3\KMTIGPN.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 49152 c:\windows\system32\spool\drivers\w32x86\3\KMTIGBD.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 98304 c:\windows\system32\spool\drivers\w32x86\3\KMTIGBC.dll

- 2009-02-11 15:01 . 2007-07-13 16:10 68608 c:\windows\system32\spool\drivers\w32x86\3\BRLCH06A.DLL

+ 2009-02-11 15:01 . 2007-07-14 08:10 68608 c:\windows\system32\spool\drivers\w32x86\3\BRLCH06A.DLL

+ 2009-02-11 15:01 . 2008-03-20 08:00 47672 c:\windows\system32\spool\drivers\w32x86\3\BRFCH06A.EXE

- 2009-02-11 15:01 . 2008-03-19 16:00 47672 c:\windows\system32\spool\drivers\w32x86\3\BRFCH06A.EXE

+ 2005-06-24 14:03 . 2005-06-24 14:03 65536 c:\windows\system32\KMTIGSN.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 49152 c:\windows\system32\KMTIGBD.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 98304 c:\windows\system32\KMTIGBC.dll

+ 2010-07-21 23:33 . 2010-10-21 22:48 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-07-21 23:33 . 2010-10-21 22:48 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-10-19 17:07 . 2010-10-19 17:07 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT

+ 2010-07-21 23:33 . 2010-10-21 22:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-24 01:02 . 2010-07-14 10:08 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-11-04 10:09 . 2008-11-04 10:09 77200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWSTRUCT.DLL

+ 2008-11-04 10:09 . 2008-11-04 10:09 19840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWRECS.DLL

+ 2008-11-04 10:09 . 2008-11-04 10:09 51576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWRECE.DLL

+ 2008-11-04 10:09 . 2008-11-04 10:09 27520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWORIENT.DLL

+ 2008-11-04 10:09 . 2008-11-04 10:09 58224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWLAY32.DLL

+ 2008-11-04 10:09 . 2008-11-04 10:09 87928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWCUTLIN.DLL

+ 2008-11-04 10:08 . 2008-11-04 10:08 30032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\THOCRAPI.DLL

+ 2009-04-02 19:02 . 2009-04-02 19:02 14720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SMARTTAGINSTALL.EXE

+ 2009-03-06 12:04 . 2009-03-06 12:04 33152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SETLANG.EXE

+ 2008-11-04 10:08 . 2008-11-04 10:08 19840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REVERSE.DLL

+ 2009-03-06 11:04 . 2009-03-06 11:04 39464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REFIEBAR.DLL

+ 2008-11-04 10:29 . 2008-11-04 10:29 39248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REFEDIT.DLL

+ 2008-11-04 10:08 . 2008-11-04 10:08 77208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSOM.DLL

+ 2009-04-02 19:02 . 2009-04-02 19:02 45968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OSETUPPS.DLL

+ 2009-04-02 19:02 . 2009-04-02 19:02 17792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OPHPROXY.DLL

+ 2009-04-02 19:02 . 2009-04-02 19:02 15760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMUOPTINPS.DLL

+ 2009-03-06 11:23 . 2009-03-06 11:23 22432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OISCTRL.DLL

+ 2008-11-04 09:02 . 2008-11-04 09:02 54744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OFFRHD.DLL

+ 2009-03-06 11:04 . 2009-03-06 11:04 64872 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\NAME.DLL

+ 2009-04-02 19:01 . 2009-04-02 19:01 42864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSH.DLL

+ 2009-03-06 12:04 . 2009-03-06 12:04 19824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPGIMME.DLL

+ 2009-04-04 01:46 . 2009-04-04 01:46 34200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOSTYLE.DLL

+ 2008-11-10 18:41 . 2008-11-10 18:41 67472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSONPUI.DLL

+ 2008-11-10 18:41 . 2008-11-10 18:41 32656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSONPMON.DLL

+ 2008-11-04 10:49 . 2008-11-04 10:49 66424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOMSE.DLL

+ 2008-11-10 17:50 . 2008-11-10 17:50 68472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOHTMED.EXE

+ 2008-11-10 17:50 . 2008-11-10 17:50 76664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOHEV.DLL

+ 2008-11-10 18:38 . 2008-11-10 18:38 27000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOEURO.DLL

+ 2008-11-04 06:39 . 2008-11-04 06:39 14728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOCFU.DLL

+ 2009-04-02 19:01 . 2009-04-02 19:01 18816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSMH.DLL

+ 2009-03-06 12:10 . 2009-03-06 12:10 47472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSE7.EXE

+ 2008-10-26 13:26 . 2008-10-26 13:26 66944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSAEXP30.DLL

+ 2008-10-25 13:18 . 2008-10-25 13:18 89464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\METCONV.DLL

+ 2008-11-04 10:30 . 2008-11-04 10:30 65384 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIUI.DLL

+ 2008-11-04 10:30 . 2008-11-04 10:30 30568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIMON.DLL

+ 2009-03-06 11:26 . 2009-03-06 11:26 65400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INLAUNCH.DLL

+ 2008-11-04 09:09 . 2008-11-04 09:09 33640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESYSTEMMODE.DLL

+ 2008-10-25 18:44 . 2008-10-25 18:44 16752 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESTDURLLAUNCHER.EXE

+ 2008-10-25 18:44 . 2008-10-25 18:44 22872 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVENEW.DLL

+ 2008-10-25 18:44 . 2008-10-25 18:44 31072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEMONITOR.EXE

+ 2008-10-25 18:44 . 2008-10-25 18:44 33632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECLEAN.EXE

+ 2008-10-25 18:44 . 2008-10-25 18:44 16224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEAUTOPROXY.DLL

+ 2008-10-25 18:44 . 2008-10-25 18:44 65888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEAUDITSERVICE.EXE

+ 2008-11-04 10:08 . 2008-11-04 10:08 76152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FORM.DLL

+ 2009-04-02 19:01 . 2009-04-02 19:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXP_XPS.DLL

+ 2009-04-04 01:46 . 2009-04-04 01:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXP_PDF.DLL

+ 2008-10-26 12:42 . 2008-10-26 12:42 65376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\COLLIMP.DLL

+ 2008-10-25 13:18 . 2008-10-25 13:18 54152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\AUTHZAX.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACERCLR.DLL

+ 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODTXT.DLL

+ 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODPDX.DLL

+ 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODEXL.DLL

+ 2008-10-25 12:31 . 2008-10-25 12:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODDBS.DLL

+ 2009-03-06 09:47 . 2009-03-06 09:47 47008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEERR.DLL

+ 2008-11-21 09:02 . 2008-11-21 09:02 94592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCOLK.DLL

+ 2010-08-03 10:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll

+ 2010-08-03 10:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll

+ 2010-07-14 10:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll

+ 2010-07-14 10:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll

+ 2010-09-15 18:28 . 2001-08-18 05:36 8192 c:\windows\system32\kbdkor.dll

+ 2010-09-15 18:28 . 2001-08-18 05:36 8704 c:\windows\system32\kbdjpn.dll

+ 2010-09-15 18:28 . 2007-12-01 07:22 6144 c:\windows\system32\kbd106.dll

+ 2010-09-15 18:28 . 2001-08-17 21:55 5632 c:\windows\system32\kbd103.dll

+ 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\kbd101c.dll

+ 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\kbd101b.dll

+ 2010-09-15 18:28 . 2001-08-18 05:36 8192 c:\windows\system32\dllcache\kbdkor.dll

+ 2010-09-15 18:28 . 2001-08-18 05:36 8704 c:\windows\system32\dllcache\kbdjpn.dll

+ 2010-09-15 18:28 . 2007-12-01 07:22 6144 c:\windows\system32\dllcache\kbd106.dll

+ 2010-09-15 18:28 . 2001-08-17 21:55 5632 c:\windows\system32\dllcache\kbd103.dll

+ 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\dllcache\kbd101c.dll

+ 2010-09-15 18:28 . 2001-08-17 21:55 6144 c:\windows\system32\dllcache\kbd101b.dll

+ 2009-03-11 05:18 . 2009-03-11 05:18 934792 c:\windows\system32\WgaTray.exe

+ 2009-03-11 05:18 . 2009-03-11 05:18 239496 c:\windows\system32\WgaLogon.dll

+ 2007-12-01 07:26 . 2009-03-08 12:33 420352 c:\windows\system32\vbscript.dll

- 2007-12-01 07:26 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 188472 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIGXG2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 540727 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG6G2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 213048 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG5G2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 188472 c:\windows\system32\spool\drivers\w32x86\3\KTIGXG2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 540727 c:\windows\system32\spool\drivers\w32x86\3\KTIG6G2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 213048 c:\windows\system32\spool\drivers\w32x86\3\KTIG5G2.dll

- 2009-02-11 15:01 . 2008-06-22 16:12 698633 c:\windows\system32\spool\drivers\w32x86\3\BROCH06A.DLL

+ 2009-02-11 15:01 . 2008-06-23 08:12 698633 c:\windows\system32\spool\drivers\w32x86\3\BROCH06A.DLL

+ 2009-08-03 22:07 . 2009-08-03 22:07 230768 c:\windows\system32\OGAEXEC1.exe

+ 2009-08-03 22:07 . 2009-08-03 22:07 403816 c:\windows\system32\OGACheckControl1.dll

+ 2009-08-03 22:07 . 2009-08-03 22:07 322928 c:\windows\system32\OGAAddin1.dll

+ 2007-12-01 07:25 . 2009-03-08 12:32 611840 c:\windows\system32\mstime.dll

- 2007-12-01 07:25 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll

+ 2007-12-01 07:24 . 2009-02-09 12:10 281568 c:\windows\system32\msojlxpn.dll

+ 2010-09-20 17:34 . 2010-09-20 17:35 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe

+ 2010-09-20 17:34 . 2010-09-20 17:35 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll

+ 2007-12-01 07:25 . 2009-03-08 12:33 726528 c:\windows\system32\jscript.dll

- 2007-12-01 07:25 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

+ 2007-12-01 01:13 . 2007-12-01 01:13 303904 c:\windows\system32\drivers\cvmacii.sys

+ 2009-03-11 05:18 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe

+ 2009-03-11 05:18 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll

+ 2007-12-01 07:26 . 2009-03-08 12:33 420352 c:\windows\system32\dllcache\vbscript.dll

- 2007-12-01 07:26 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll

+ 2007-12-01 07:25 . 2009-03-08 12:32 611840 c:\windows\system32\dllcache\mstime.dll

- 2007-12-01 07:25 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll

- 2007-12-01 07:25 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

+ 2007-12-01 07:25 . 2009-03-08 12:33 726528 c:\windows\system32\dllcache\jscript.dll

- 2008-05-23 23:21 . 2007-12-01 07:26 744448 c:\windows\system32\dllcache\helpsvc.exe

+ 2008-05-23 23:21 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe

- 2008-05-23 23:21 . 2007-12-01 07:26 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe

+ 2008-05-23 23:21 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

+ 2010-09-22 20:43 . 2010-09-22 20:43 807936 c:\windows\Installer\24cf0195.msi

+ 2008-05-24 01:02 . 2010-07-14 10:08 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-04 10:09 . 2008-11-04 10:09 532872 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XPAGE3C.DLL

+ 2009-04-04 00:57 . 2009-04-04 00:57 509256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CVR.DLL

+ 2008-11-04 10:09 . 2008-11-04 10:09 127360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\TWCUTCHR.DLL

+ 2009-03-06 09:37 . 2009-03-06 09:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL

+ 2009-04-02 20:06 . 2009-04-02 20:06 439160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SETUP.EXE

+ 2008-10-25 13:19 . 2008-10-25 13:19 503688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SELFCERT.EXE

+ 2009-04-02 21:35 . 2009-04-02 21:35 368520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPSLAX.DLL

+ 2008-10-26 12:42 . 2008-10-26 12:42 482656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PORTCONN.DLL

+ 2009-03-06 12:17 . 2009-03-06 12:17 101232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OSA.EXE

+ 2008-11-04 10:34 . 2008-11-04 10:34 540072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ORGCHART.EXE

+ 2008-11-04 10:04 . 2008-11-04 10:04 783288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONSYNCPC.DLL

+ 2008-11-04 08:24 . 2008-11-04 08:24 285576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OISGRAPH.DLL

+ 2008-11-04 08:24 . 2008-11-04 08:24 998784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OISAPP.DLL

+ 2008-11-04 08:24 . 2008-11-04 08:24 274808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OIS.EXE

+ 2008-03-19 13:27 . 2008-03-19 13:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGALEGIT.DLL

+ 2009-04-02 20:06 . 2009-04-02 20:06 231848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ODEPLOY.EXE

+ 2009-03-06 12:16 . 2009-03-06 12:16 538968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSTORES.DLL

+ 2009-03-06 12:16 . 2009-03-06 12:16 144728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSTORE.EXE

+ 2009-03-06 12:16 . 2009-03-06 12:16 832344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSTORDB.EXE

+ 2008-10-25 05:21 . 2008-10-25 05:21 505192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSOAP30.DLL

+ 2009-03-06 12:05 . 2009-03-06 12:05 671072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSQRY32.EXE

+ 2009-03-06 12:04 . 2009-03-06 12:04 436096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPVIEW.EXE

+ 2009-03-06 12:04 . 2009-03-06 12:04 154520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPSCAN.EXE

+ 2008-11-21 06:42 . 2008-11-21 06:42 732504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPROOF6.DLL

+ 2008-11-10 18:35 . 2008-11-10 18:35 773000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPFILT.DLL

+ 2008-10-25 05:50 . 2008-10-25 05:50 436584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSORUN.DLL

+ 2008-11-10 18:41 . 2008-11-10 18:41 864144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSONPDRV.DLL

+ 2009-03-06 11:04 . 2009-03-06 11:04 427848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSODCW.DLL

+ 2009-03-06 10:31 . 2009-03-06 10:31 160616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSOCF.DLL

+ 2008-11-04 11:13 . 2008-11-04 11:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL

+ 2008-10-25 20:39 . 2008-10-25 20:39 290632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCDM.DLL

+ 2008-11-04 10:49 . 2008-11-04 10:49 460680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MODHELP.DLL

+ 2008-11-04 10:49 . 2008-11-04 10:49 829280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MEDCAT.DLL

+ 2009-02-14 12:40 . 2009-02-14 12:40 524696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIVWCTL.DLL

+ 2008-11-04 10:30 . 2008-11-04 10:30 274832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIINK.DLL

+ 2008-11-10 18:35 . 2008-11-10 18:35 793448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MDIGRAPH.DLL

+ 2009-04-02 19:01 . 2009-04-02 19:01 177520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IETAG.DLL

+ 2008-10-25 13:18 . 2008-10-25 13:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IEAWSDC.DLL

+ 2009-02-14 13:04 . 2009-02-14 13:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL

+ 2009-02-12 22:19 . 2009-02-12 22:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL

+ 2009-02-14 13:04 . 2009-02-14 13:04 265592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBBROWSERTOOL2.DLL

+ 2009-03-06 11:33 . 2009-03-06 11:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL

+ 2009-02-12 22:19 . 2009-02-12 22:19 178040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESYSTEMSERVICES.DLL

+ 2009-02-12 22:19 . 2009-02-12 22:19 361328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESKETCHTOOL.DLL

+ 2009-02-12 22:19 . 2009-02-12 22:19 222072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEPROJECTTOOLSET.DLL

+ 2008-10-25 18:44 . 2008-10-25 18:44 317800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEMIGRATOR.EXE

+ 2008-10-25 18:44 . 2008-10-25 18:44 197464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEGAMES.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 283496 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEFETCHSERVICES.DLL

+ 2008-10-25 18:44 . 2008-10-25 18:44 376176 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDATAVIEWERTOOL.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 765792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMPONENTMGR.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 115592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 298336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECALENDARTOOL.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 281944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEAUDIO.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE

+ 2008-11-25 05:17 . 2008-11-25 05:17 983944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FPWEC.DLL

+ 2008-11-04 08:44 . 2008-11-04 08:44 435096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DWTRIG20.EXE

+ 2008-11-04 08:44 . 2008-11-04 08:44 439632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DWDCW20.DLL

+ 2009-03-06 11:04 . 2009-03-06 11:04 105856 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DSSM.EXE

+ 2009-02-12 22:19 . 2009-02-12 22:19 233832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DRAT.EXE

+ 2008-11-21 07:02 . 2008-11-21 07:02 189816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTACTPICKER.DLL

+ 2008-11-04 10:47 . 2008-11-04 10:47 205680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CLVIEW.EXE

+ 2008-11-04 11:21 . 2008-11-04 11:21 400208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CDLMSO.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 370608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEXBE.DLL

+ 2008-11-04 11:06 . 2008-11-04 11:06 208816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEWSS.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 223152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACETXT.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 550840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEREP.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 288688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACER3X.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 255920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACER2X.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 391096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEPDE.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 387000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEOLEDB.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 278912 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEODBC.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 206776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACELTS.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 628656 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEEXCL.DLL

+ 2009-03-06 09:48 . 2009-03-06 09:48 337832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEEXCH.DLL

+ 2009-03-06 09:47 . 2009-03-06 09:47 190400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEES.DLL

+ 2009-03-06 09:47 . 2009-03-06 09:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACEDAO.DLL

+ 2008-10-26 13:26 . 2008-10-26 13:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL

+ 2009-03-06 09:47 . 2009-03-06 09:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACACEDAO.DLL

+ 2010-08-03 10:00 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll

+ 2010-08-03 10:00 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe

+ 2010-07-14 10:13 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll

+ 2010-07-14 10:13 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe

+ 2010-07-14 10:13 . 2007-12-01 07:26 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe

+ 2010-08-03 10:00 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll

+ 2010-08-03 10:00 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe

+ 2010-08-03 10:00 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe

+ 2010-07-14 10:13 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll

+ 2010-07-14 10:13 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe

+ 2010-07-14 10:13 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe

+ 2010-07-14 06:29 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe

+ 2005-06-24 14:03 . 2005-06-24 14:03 1359927 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG6U2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 2273335 c:\windows\system32\spool\drivers\w32x86\konica_minolta350_25cb5a\KTIG6T2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 1359927 c:\windows\system32\spool\drivers\w32x86\3\KTIG6U2.dll

+ 2005-06-24 14:03 . 2005-06-24 14:03 2273335 c:\windows\system32\spool\drivers\w32x86\3\KTIG6T2.dll

+ 2009-02-11 15:01 . 2008-06-23 08:12 1671878 c:\windows\system32\spool\drivers\w32x86\3\BRUCH06A.DLL

- 2009-02-11 15:01 . 2008-06-22 16:12 1671878 c:\windows\system32\spool\drivers\w32x86\3\BRUCH06A.DLL

- 2009-02-11 15:01 . 2007-07-13 16:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B2BCH06A.DLL

+ 2009-02-11 15:01 . 2007-07-14 08:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B2BCH06A.DLL

+ 2009-02-11 15:01 . 2007-07-14 08:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B1BCH06A.DLL

- 2009-02-11 15:01 . 2007-07-13 16:10 1197568 c:\windows\system32\spool\drivers\w32x86\3\B1BCH06A.DLL

+ 2007-12-01 07:25 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll

+ 2009-11-23 20:18 . 2010-08-03 16:28 1693388 c:\windows\system32\Restore\rstrlog.dat

+ 2008-03-21 01:06 . 2009-03-11 05:18 1482112 c:\windows\system32\LegitCheckControl.dll

+ 2008-05-23 16:15 . 2010-07-13 17:10 1463736 c:\windows\system32\FNTCACHE.DAT

+ 2007-12-01 07:25 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll

+ 2010-05-21 02:57 . 2010-05-21 02:57 4989952 c:\windows\Installer\39edfb0.msp

+ 2010-05-21 02:57 . 2010-05-21 02:57 5907456 c:\windows\Installer\39edfaf.msp

+ 2010-06-11 18:03 . 2010-06-11 18:03 5021184 c:\windows\Installer\39edf8f.msp

+ 2010-09-22 20:46 . 2010-09-22 20:46 9472000 c:\windows\Installer\24cf043b.msi

+ 2008-05-24 01:02 . 2010-07-14 10:08 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-05-24 01:02 . 2010-06-26 10:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-05-24 01:02 . 2010-07-14 10:08 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-04 10:09 . 2008-11-04 10:09 1196944 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XIMAGE3B.DLL

+ 2009-03-06 10:01 . 2009-03-06 10:01 2335648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\STSLIST.DLL

+ 2008-11-10 09:41 . 2008-11-10 09:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE

+ 2009-04-02 20:07 . 2009-04-02 20:07 6540120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OSETUP.DLL

+ 2009-03-06 11:55 . 2009-03-06 11:55 7036800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OFFOWC.DLL

+ 2009-04-04 01:21 . 2009-04-04 01:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL

+ 2008-10-25 06:45 . 2008-10-25 06:45 1518504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\NLSD0000.DLL

+ 2008-11-10 18:35 . 2008-11-10 18:35 1058200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPCORE.DLL

+ 2009-04-02 19:01 . 2009-04-02 19:01 6637936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSORES.DLL

+ 2009-02-14 13:04 . 2009-02-14 13:04 1394544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUIFRAMEWORK.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 4746608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVETRANSCEIVER.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 1161568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVETEXTTOOLS.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 2736992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESTORAGEMGR.DLL

+ 2009-02-12 22:19 . 2009-02-12 22:19 2217848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVESHELLEXTENSIONS.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 7051624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVERESOURCE.DLL

+ 2009-02-12 22:19 . 2009-02-12 22:19 1560928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEMISC.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL

+ 2008-11-04 09:09 . 2008-11-04 09:09 1360736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECRYPTO.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 3494280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMMUNICATIONSSERVICES.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 2687336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVECOMMONCOMPONENTS.DLL

+ 2009-02-14 13:03 . 2009-02-14 13:03 6198112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEACCOUNTMGR.DLL

+ 2009-04-03 04:44 . 2009-04-03 04:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE

+ 2008-10-25 10:38 . 2008-10-25 10:38 1682800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FPSRVUTL.DLL

+ 2009-03-06 09:47 . 2009-03-06 09:47 1759136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACECORE.DLL

+ 2010-08-03 10:00 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll

+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll

+ 2008-05-24 00:16 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe

+ 2010-05-21 02:58 . 2010-05-21 02:58 12114432 c:\windows\Installer\39edf78.msp

+ 2009-04-04 01:21 . 2009-04-04 01:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL

+ 2009-03-06 09:37 . 2009-03-06 09:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Tom\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WM-Desktop-Alert.lnk - c:\program files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe [2008-12-26 370176]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2008 9:54 AM 38144]

R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/14/2008 7:21 AM 238208]

S0 kcdwnloe;kcdwnloe; [x]

S1 aAAAAAa;aAAAAAa;c:\windows\system32\drivers\aAAAAAa.sys --> c:\windows\system32\drivers\aAAAAAa.sys [?]

S1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [11/30/2007 6:13 PM 303904]

S3 5DE6C4AB;5DE6C4AB; [x]

S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/22/2005 11:30 AM 24576]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/13/2009 11:10 AM 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003Core.job

- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003UA.job

- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26]

2010-10-21 c:\windows\Tasks\Updater.job

- d:\documents and settings\All Users\Application Data\Update\seupd.exe [2010-10-07 16:38]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: winsock.dll

FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\vj895qtp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=

FF - plugin: c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - HiddenExtension: XULRunner: {60936386-F8F0-497F-9CB8-B5B399B0E4E7} - c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

BHO-{D6BA40A1-A502-59BD-F413-04B03A2C8953} - c:\windows\system32\pwvrpzgte.dll

HKCU-Run-nNkmzK0WEAA7== - c:\docume~1\Tom\LOCALS~1\Temp\system.exe

HKCU-Run-HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe - c:\docume~1\Tom\LOCALS~1\Temp\2799445640.exe

HKCU-Run-HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe - c:\docume~1\Tom\LOCALS~1\Temp\593788024.exe

HKCU-Run-MKetc - c:\windows\sysedit.exe

HKCU-Run-MKaoc - c:\windows\debug.exe

HKCU-Run-MKese - c:\windows\svchost.exe

HKCU-Run-MKZSc - c:\windows\avp32.exe

HKCU-Run-MKayc - c:\windows\csrss.exe

HKCU-Run-MKbta - c:\windows\install.exe

HKCU-Run-MKcZ - c:\windows\mdm.exe

HKLM-Run-nNkmzK0WEAA7== - c:\docume~1\Tom\LOCALS~1\Temp\system.exe

HKLM-Run-HNUjHTgN2zc\Tom\LOCALS~1\Temp\2799445640.exe - c:\docume~1\Tom\LOCALS~1\Temp\2799445640.exe

HKLM-Run-HNUjHTgO2x1\Tom\LOCALS~1\Temp\593788024.exe - c:\docume~1\Tom\LOCALS~1\Temp\593788024.exe

HKLM-Run-MKetc - c:\windows\sysedit.exe

HKLM-Run-MKaoc - c:\windows\debug.exe

HKLM-Run-MKese - c:\windows\svchost.exe

HKLM-Run-MKZSc - c:\windows\avp32.exe

HKLM-Run-MKayc - c:\windows\csrss.exe

HKLM-Run-MKbta - c:\windows\install.exe

HKLM-Run-MKcZ - c:\windows\mdm.exe

SharedTaskScheduler-{D6BA40A1-A502-59BD-F413-04B03A2C8953} - c:\windows\system32\pwvrpzgte.dll

SafeBoot-cvmacii

ActiveSetup-{8CD620CB-E463-446F-A79C-F2DA6C90C382} - c:\documents and settings\Tom\Application Data\Bitrix Security\xaukvmm60.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/

Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi

1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2

aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6

GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x

h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv

7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB

ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf

mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H

fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx

qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb

tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz

OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq

n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12

z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ

FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP

pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT

HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38

/6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc

ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv

tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1

CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG

eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL

C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ

G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk

pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh

wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/

/c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt

MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT

QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY

hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB

1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY

tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09

8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI

WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe

jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92

9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A

ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED

7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk

zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1

LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h

nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/

Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi

1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2

aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6

GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x

h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv

7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB

ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf

mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H

fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx

qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb

tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz

OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq

n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12

z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ

FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP

pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT

HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38

/6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc

ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv

tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1

CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG

eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL

C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ

G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk

pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh

wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/

/c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt

MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT

QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY

hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB

1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY

tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09

8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI

WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe

jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92

9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A

ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED

7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk

zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1

LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h

nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1060)

c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3864)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Visioneer\OneTouch 4.0\OtService.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2010-10-21 16:45:38 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-21 23:45

ComboFix2.txt 2010-07-08 17:33

ComboFix3.txt 2010-06-24 22:45

Pre-Run: 42,430,058,496 bytes free

Post-Run: 42,898,030,592 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 5F5FFA001F0C75B910C5323F62174E95

[sean dorian]

After doing some research, it appears as though I'd be able to fix the winsock.dll problem if I had the XP disc by using sfc /scannow. Unfortunately, I don't. I downloaded a new copy of winsock.dll and replaced the original one, but when I attempt to register it via regsvr32, I get the error that winsock.dll is not an executable file and no registration helper is registered for this file type.

Is this something you can still help me with?? Oh and by the way, MBAM now runs fine and finds no infection =) So for that, thank you x 10000

[sean dorian]

Ok, I think I've fixed the winsock problem, I followed the steps I found on here http://www.syschat.com/how-fix-repair-wins...rrors-5459.html

Is there anything else I need to do now??

Thanks again!

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\drivers\aAAAAAa.sys

Driver::
aAAAAAa
kcdwnloe;
5DE6C4AB

Registry::
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HNUjHTguucinfo&p]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[sean dorian]

Alright, here is the ComboFix log...

ComboFix 10-10-22.03 - Tom 10/22/2010 15:24:59.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.458 [GMT -7:00]

Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\system32\drivers\aAAAAAa.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}

c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\chrome.manifest

c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\chrome\content\_cfg.js

c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\chrome\content\overlay.xul

c:\documents and settings\Tom\Local Settings\Application Data\{60936386-F8F0-497F-9CB8-B5B399B0E4E7}\install.rdf

c:\program files\Mozilla Firefox\searchplugins\google_search.xml

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_5DE6C4AB

-------\Service_aAAAAAa

((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))

.

2010-10-22 17:06 . 2010-10-22 17:06 -------- d-----w- c:\program files\Motorola

2010-10-22 17:05 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-10-22 17:05 . 2010-01-26 02:56 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys

2010-10-22 17:05 . 2008-03-28 00:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2010-10-22 17:05 . 2010-04-01 21:31 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys

2010-10-22 17:05 . 2009-01-30 00:11 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys

2010-10-22 17:05 . 2010-06-18 22:09 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys

2010-10-22 17:05 . 2010-06-18 21:41 19968 ----a-w- c:\windows\system32\drivers\motccgp.sys

2010-10-22 17:05 . 2009-01-30 00:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys

2010-10-22 17:05 . 2007-11-02 22:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys

2010-10-22 17:05 . 2010-10-22 17:05 -------- d-----w- c:\program files\Common Files\Motorola Shared

2010-10-21 23:39 . 2010-10-22 22:30 -------- d-sh--w- c:\documents and settings\Temporary Internet Files\Content.IE5

2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\ESET

2010-10-19 22:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 22:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\program files\Trend Micro

2010-10-19 17:46 . 2010-10-19 18:41 -------- d-----w- C:\Combo-Fix

2010-10-18 23:06 . 2010-10-18 23:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-10-15 18:59 . 2010-10-15 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-10-14 22:00 . 2010-10-14 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-09-29 19:13 . 2010-10-15 20:32 -------- d-----w- c:\documents and settings\Tom\Application Data\Delicious IE Extension

2010-09-29 19:12 . 2010-09-29 19:13 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-22 19:29 . 2001-08-23 10:00 2864 ----a-w- c:\windows\system32\winsock.dll

2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2007-11-10 00:10 . 2007-11-10 00:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-11-10 00:10 . 2007-11-10 00:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-11-10 00:10 . 2007-11-10 00:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-11-10 00:10 . 2007-11-10 00:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-11-10 00:10 . 2007-11-10 00:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-11-10 00:10 . 2007-11-10 00:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-11-10 00:10 . 2007-11-10 00:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-11-10 00:11 . 2007-11-10 00:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-11-10 00:11 . 2007-11-10 00:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

------- Sigcheck -------

[-] 2008-05-23 . 7B7087411A9AF908277E9DF841D29C91 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-10-21_23.39.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-08-23 10:00 . 2010-06-28 16:00 68156 c:\windows\system32\perfc009.dat

+ 2001-08-23 10:00 . 2010-10-22 22:34 68156 c:\windows\system32\perfc009.dat

+ 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\motport.sys

+ 2010-10-22 17:05 . 2010-04-01 21:31 23424 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\Motousbnet.sys

+ 2010-10-22 17:05 . 2009-05-08 18:56 42752 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\motodrv.sys

+ 2010-10-22 17:05 . 2009-12-21 21:42 15616 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\mot_ci.dll

+ 2010-10-22 17:05 . 2009-07-10 20:01 25856 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\motoandroid.sys

+ 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\motmodem.sys

+ 2010-10-22 17:05 . 2010-06-18 21:41 19968 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgp.sys

+ 2008-03-27 23:27 . 2008-03-27 23:27 35040 c:\windows\system32\drivers\wdfldr.sys

+ 2010-10-22 17:05 . 2010-10-22 17:05 85182 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_7A8DFDDA16A557B2C4B697.exe

+ 2010-10-22 17:05 . 2010-01-26 02:56 9472 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\motusbdevice.sys

+ 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motswch.sys

+ 2010-10-22 17:05 . 2009-01-30 00:11 6016 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motfilt.sys

+ 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motswch.sys

+ 2010-10-22 17:05 . 2009-01-30 00:18 8320 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgpfl.sys

- 2001-08-23 10:00 . 2001-08-23 10:00 2864 c:\windows\system32\dllcache\winsock.dll

+ 2001-08-23 10:00 . 2010-10-22 19:29 2864 c:\windows\system32\dllcache\winsock.dll

+ 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_6FEFF9B68218417F98F549.exe

+ 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_1C4C258407FCD759F84E91.exe

- 2001-08-23 10:00 . 2010-06-28 16:00 435260 c:\windows\system32\perfh009.dat

+ 2001-08-23 10:00 . 2010-10-22 22:34 435260 c:\windows\system32\perfh009.dat

+ 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys

+ 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys

+ 2008-03-27 23:27 . 2008-03-27 23:27 503008 c:\windows\system32\drivers\wdf01000.sys

+ 2010-10-22 17:06 . 2010-10-22 17:06 797696 c:\windows\Installer\10c83d.msi

+ 2010-10-22 17:05 . 2010-10-22 17:05 212480 c:\windows\Installer\10c837.msi

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\wdfcoinstaller01007.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176]

"nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Tom\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WM-Desktop-Alert.lnk - c:\program files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe [2008-12-26 370176]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2008 9:54 AM 38144]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/22/2010 10:06 AM 91456]

R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/14/2008 7:21 AM 238208]

S0 kcdwnloe;kcdwnloe; [x]

S1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [11/30/2007 6:13 PM 303904]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/22/2010 10:05 AM 6016]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/22/2010 10:05 AM 19968]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/22/2010 10:05 AM 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/22/2010 10:05 AM 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/22/2010 10:05 AM 9472]

S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/22/2005 11:30 AM 24576]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/13/2009 11:10 AM 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003Core.job

- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003UA.job

- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26]

2010-10-22 c:\windows\Tasks\Updater.job

- d:\documents and settings\All Users\Application Data\Update\seupd.exe [2010-10-07 16:38]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\vj895qtp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=

FF - plugin: c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-22 15:34

Windows 5.1.2600 Service Pack 3, v.5938 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe

ctfmon.exe = c:\windows\system32\ctfmon.exe

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/

Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi

1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2

aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6

GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x

h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv

7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB

ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf

mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H

fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx

qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb

tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz

OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq

n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12

z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ

FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP

pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT

HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38

/6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc

ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv

tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1

CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG

eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL

C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ

G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk

pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh

wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/

/c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt

MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT

QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY

hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB

1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY

tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09

8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI

WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe

jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92

9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A

ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED

7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk

zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1

LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h

nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/

Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi

1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2

aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6

GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x

h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv

7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB

ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf

mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H

fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx

qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb

tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz

OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq

n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12

z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ

FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP

pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT

HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38

/6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc

ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv

tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1

CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG

eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL

C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ

G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk

pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh

wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/

/c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt

MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT

QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY

hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB

1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY

tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09

8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI

WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe

jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92

9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A

ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED

7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk

zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1

LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h

nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1220)

c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2136)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Visioneer\OneTouch 4.0\OtService.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Motorola\MotoConnectService\MotoConnect.exe

.

**************************************************************************

.

Completion time: 2010-10-22 15:38:20 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-22 22:38

ComboFix2.txt 2010-10-21 23:45

ComboFix3.txt 2010-07-08 17:33

ComboFix4.txt 2010-06-24 22:45

Pre-Run: 42,704,646,144 bytes free

Post-Run: 42,694,201,344 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - D5096CB44227FE929C0F31EACD320487

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\docume~1\Tom\LOCALS~1\Temp\system.exe
c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe

Driver::
kcdwnloe

Registry::
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nNkmzK0WEAA7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nNkmzK0WEAA7=="=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

[sean dorian]

Here is the new log...

ComboFix 10-10-22.03 - Tom 10/22/2010 15:57:33.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.514 [GMT -7:00]

Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

"c:\docume~1\Tom\LOCALS~1\Temp\system.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KCDWNLOE

-------\Service_kcdwnloe

((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))

.

2010-10-22 17:06 . 2010-10-22 17:06 -------- d-----w- c:\program files\Motorola

2010-10-22 17:05 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-10-22 17:05 . 2010-01-26 02:56 9472 ----a-w- c:\windows\system32\drivers\motusbdevice.sys

2010-10-22 17:05 . 2008-03-28 00:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2010-10-22 17:05 . 2010-04-01 21:31 23424 ----a-w- c:\windows\system32\drivers\Motousbnet.sys

2010-10-22 17:05 . 2009-01-30 00:11 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys

2010-10-22 17:05 . 2010-06-18 22:09 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys

2010-10-22 17:05 . 2010-06-18 21:41 19968 ----a-w- c:\windows\system32\drivers\motccgp.sys

2010-10-22 17:05 . 2009-01-30 00:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys

2010-10-22 17:05 . 2007-11-02 22:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys

2010-10-22 17:05 . 2010-10-22 17:05 -------- d-----w- c:\program files\Common Files\Motorola Shared

2010-10-21 23:39 . 2010-10-22 23:03 -------- d-sh--w- c:\documents and settings\Temporary Internet Files\Content.IE5

2010-10-20 19:31 . 2010-10-20 19:31 -------- d-----w- c:\program files\ESET

2010-10-19 22:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-19 22:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2010-10-19 20:18 . 2010-10-19 20:18 -------- d-----w- c:\program files\Trend Micro

2010-10-19 17:46 . 2010-10-19 18:41 -------- d-----w- C:\Combo-Fix

2010-10-18 23:06 . 2010-10-18 23:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-10-15 18:59 . 2010-10-15 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-10-14 22:00 . 2010-10-14 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-09-29 19:13 . 2010-10-15 20:32 -------- d-----w- c:\documents and settings\Tom\Application Data\Delicious IE Extension

2010-09-29 19:12 . 2010-09-29 19:13 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-22 19:29 . 2001-08-23 10:00 2864 ----a-w- c:\windows\system32\winsock.dll

2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2007-11-10 00:10 . 2007-11-10 00:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-11-10 00:10 . 2007-11-10 00:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-11-10 00:10 . 2007-11-10 00:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-11-10 00:10 . 2007-11-10 00:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-11-10 00:10 . 2007-11-10 00:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-11-10 00:10 . 2007-11-10 00:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-11-10 00:10 . 2007-11-10 00:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-11-10 00:11 . 2007-11-10 00:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-11-10 00:11 . 2007-11-10 00:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

------- Sigcheck -------

[-] 2008-05-23 . 7B7087411A9AF908277E9DF841D29C91 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-10-21_23.39.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-08-23 10:00 . 2010-06-28 16:00 68156 c:\windows\system32\perfc009.dat

+ 2001-08-23 10:00 . 2010-10-22 22:34 68156 c:\windows\system32\perfc009.dat

+ 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\motport.sys

+ 2010-10-22 17:05 . 2010-04-01 21:31 23424 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\Motousbnet.sys

+ 2010-10-22 17:05 . 2009-05-08 18:56 42752 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\motodrv.sys

+ 2010-10-22 17:05 . 2009-12-21 21:42 15616 c:\windows\system32\DRVSTORE\motodrv_9E3D9A40BFFF73BAD5B052681D43BC931352E639\mot_ci.dll

+ 2010-10-22 17:05 . 2009-07-10 20:01 25856 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\motoandroid.sys

+ 2010-10-22 17:05 . 2010-06-18 22:09 23936 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\motmodem.sys

+ 2010-10-22 17:05 . 2010-06-18 21:41 19968 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgp.sys

+ 2008-03-27 23:27 . 2008-03-27 23:27 35040 c:\windows\system32\drivers\wdfldr.sys

+ 2010-10-22 17:05 . 2010-10-22 17:05 85182 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_7A8DFDDA16A557B2C4B697.exe

+ 2010-10-22 17:05 . 2010-01-26 02:56 9472 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\motusbdevice.sys

+ 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motswch.sys

+ 2010-10-22 17:05 . 2009-01-30 00:11 6016 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\motfilt.sys

+ 2010-10-22 17:05 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motswch.sys

+ 2010-10-22 17:05 . 2009-01-30 00:18 8320 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\motccgpfl.sys

- 2001-08-23 10:00 . 2001-08-23 10:00 2864 c:\windows\system32\dllcache\winsock.dll

+ 2001-08-23 10:00 . 2010-10-22 19:29 2864 c:\windows\system32\dllcache\winsock.dll

+ 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_6FEFF9B68218417F98F549.exe

+ 2010-10-22 17:05 . 2010-10-22 17:05 7278 c:\windows\Installer\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}\_1C4C258407FCD759F84E91.exe

- 2001-08-23 10:00 . 2010-06-28 16:00 435260 c:\windows\system32\perfh009.dat

+ 2001-08-23 10:00 . 2010-10-22 22:34 435260 c:\windows\system32\perfh009.dat

+ 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Moser_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys

+ 2010-10-22 17:05 . 2009-03-02 16:00 103552 c:\windows\system32\DRVSTORE\Momdm_D7089C7835F0E7ECEC244A670740F4C8336E0FA1\Mousbser.sys

+ 2008-03-27 23:27 . 2008-03-27 23:27 503008 c:\windows\system32\drivers\wdf01000.sys

+ 2010-10-22 17:06 . 2010-10-22 17:06 797696 c:\windows\Installer\10c83d.msi

+ 2010-10-22 17:05 . 2010-10-22 17:05 212480 c:\windows\Installer\10c837.msi

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motusbdevi_E42DBACAEBCECEBA9A8B12194BB5736D07B623F9\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motport_4F4CBE1DF24686697EA24297424DF8E347630C56\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motousbnet_770BC1026CC54C2F3EBB8D43C100E1BE013A9284\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motoandroi_281A0D1CF14FCFFB1B61021B981311BFDC53E1D2\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motmodem_339FBB9A886D234C861F36407D0E4F9AF978E6CD\wdfcoinstaller01007.dll

+ 2010-10-22 17:05 . 2008-03-28 00:49 1112288 c:\windows\system32\DRVSTORE\motccgp_7B90A2F86B8D63041DA9D597F8E5A9C44922CD15\wdfcoinstaller01007.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-15 136176]

"nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"nNkmzK0WEAA7=="="c:\docume~1\Tom\LOCALS~1\Temp\system.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Tom\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WM-Desktop-Alert.lnk - c:\program files\WhiskeyMilitia\Desktop Alert\WM-Desktop-Alert.exe [2008-12-26 370176]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Pidgin\\pidgin.exe"=

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2008 9:54 AM 38144]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/22/2010 10:06 AM 91456]

R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\RTL8187B.sys [10/14/2008 7:21 AM 238208]

S1 cvmacii;cvmacii;c:\windows\system32\drivers\cvmacii.sys [11/30/2007 6:13 PM 303904]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [10/22/2010 10:05 AM 6016]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [10/22/2010 10:05 AM 19968]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [10/22/2010 10:05 AM 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [10/22/2010 10:05 AM 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [10/22/2010 10:05 AM 9472]

S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/22/2005 11:30 AM 24576]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/13/2009 11:10 AM 717296]

.

Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003Core.job

- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1425521274-725345543-1003UA.job

- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 20:26]

2010-10-22 c:\windows\Tasks\Updater.job

- d:\documents and settings\All Users\Application Data\Update\seupd.exe [2010-10-07 16:38]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\vj895qtp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=

FF - plugin: c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.start-search.net/?sid=10101065100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-22 16:07

Windows 5.1.2600 Service Pack 3, v.5938 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/ Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi 1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2 aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6 GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv 7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12 z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38 /6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1 CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/ /c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB 1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09 8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92 9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED 7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1 LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h nNkmzK0WEAA7== = c:\docume~1\Tom\LOCALS~1\Temp\system.exe

ctfmon.exe = c:\windows\system32\ctfmon.exe

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/

Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi

1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2

aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6

GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x

h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv

7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB

ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf

mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H

fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx

qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb

tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz

OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq

n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12

z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ

FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP

pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT

HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38

/6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc

ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv

tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1

CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG

eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL

C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ

G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk

pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh

wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/

/c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt

MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT

QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY

hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB

1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY

tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09

8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI

WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe

jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92

9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A

ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED

7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk

zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1

LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h

nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HNUjHTguucinfo&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/

/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm

AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/

MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm

ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/

mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm

zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/

/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ

AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA

M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ

ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A

mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z

zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA

AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEix4kNqCf00xCiQo8WEGDn60Qgx5EeCJg2mPOkwVSo/

Ll/GhOmSpsyaM2/qhMkzJk6a1HD6FLpzKFGaNnXWTOrTptOhPYk2zSnV5T+PCVOxRDkQa9eDXhVi

1IqQpEquYQumvcr130i2If1M+YrQ61q1C+2C7Ery7ta/As2qFNwW8EGSIwlfNAy2cGDGHSEL1Jo2

aOTCHv3mhft1Sl+8l/eybUxxpUGNmiUvJkg2o8q1qQu3Jpg4MOWJY2erLqh4a+aPJseKFhySWnC6

GweaFanYz2+HQVsfj3326t25aHefjK2Yo/HqEGe//538dWTQ6Kn8pteuUDfj56CTo+Ycmhrh7x3x

h0Zen2ztgkZRg51o9nF2F3yO5YecSJixV1pXYRmXnnPGVVhhg/VllcoU7j2mG0x5USdZb77xF9Fv

7sEm2GznxdTieRJ+Z+FLI700YGhAoeTcaAO5ZJp1v1Vm4nFtsQijbyI2NF98tLXVolUopfaWVnLB

ZGGF6aU3o3FvhQSlRCRSROGRf3knnYngPbafdTj+k6WPeimoX0rjVSjXgF5RCeGZcMaY5YtaAqrf

mmzahaV3aG61XkW6meZli4TWxR+NrAXm2Y/WdeimW5pChBqMh17onYSTNbpdiKZeuKapPb4ZWV8H

fv+FlYCK3TbFrUDySBZlWAW6ZIKukSbjebS9hJeQkSVZF2w8ksdadIOy6Va0D9UWbWtyscjWmayx

qCV0eYKFqZtQdupgR51eCFSWC8o6bYLw2bccnFfNdmtv02n0JW/OpWvcFCjYi+6Vdhnbo0nfxrkb

tV3dJmmDKzGsXK9VjikehyqRhbC5jw0a1K23ogBwfqoSGhOApSqsMEvyUtghcUTG96NxInNokmdz

OewWyBx+K5DI83l025U8xtzlvwCjIHLNl8aFIKeDnbxmYjLS16xENk7Wk1npJhehXEyH2VGVnvFq

n81Mzmq1QQaHDPDbS98YdKu1TpiVH0BrtyG+iVH/enWyRct5ddJKK93j33uDXO+91WkM+LjW4f12

z1wufWy9y0XO4KxYGZ7dX//hhVNQPIF41qyZ0zY5aWzfKReXGANo2UH+ngd2wFHiTViWpreK6LzZ

FoRChHtKrCTap7nVJWdbjwlhgXBx6VzhyLJNOs+3spuyzFy7mOzb411mlUmmb3wY6YUT5lm9oGrP

pEPm0R5YjiAZy5OB8yP29sNuQtoVyK/Lz6KWVTUnpWJpapvMk/5klU4R521+Ql6kPmKjsPTlP7MT

HI5qFL/M4E1koPFfvU4DwHr57HnGGw1GPrgjt2RnOlrxkVEYeJ6QeSd8kVLWYMQmr14Rj0jZKl38

/6iHQmppykbIG1oKmSS5uXxnPFITlbvY5yOViExjw5vgg14lFzTRqjjF0dmz5LW22wWsioWaDsNc

ByONdcgjmYMjwKBkp11piYYnDFLRlEaS9b1POE9jSI3ag0OZRc88nwGj5FDAqZ6syl3quhWmUqgv

tgFtgdsajcFcmCvlJCRpbppCdLyoQ4OULXDoKuTaBuKZ+XDtSEvbkSKdY631hBFGd3Ji1cDYGDO1

CHwNHJ+MXveW+9jNZFcEmCyvtkToxO+TOCwgJ595S7skTYxt2dqiMng2K0kxOC8CUskEEjIrNapG

eXNTb/QFG7iBjy34kgjqWsjMQUrLg3Xqn1ZEef+moBROnBHbZf7uN5b9HYyGvHzilWikNFESC3BL

C5QLLcRJ9v0maQIi3ACPib8k+a0uHTxMawbISj4WpJxoIdqmOLKvRiZOhpvpJ7kqVEJuZVRkMCTJ

G3uF06ssEmPY4lhD/JYWGs3JUigLnztRcs1MeYxLLLWlPs2EsxqtLFcrlEl+bsfOsfzUjxPjUntk

pDTpEA53rCkf1lSZ1mUqL57z+4dGURLRlcXoocDqnTplcp+GaaSvTENBYtx2RWepyXliERAII7Oh

wjVNaHrdyN7G1Uq2gJUuxVFO0nJG04ZiRkauYqyBvsMtfiWmX1aKHjhD1tDCNdRhXRoK4NbkT9z/

/c61Z2yWVp1JT7XEb5MRSgvI5vTOvJBUSJBr10+MJVaubIiw2RtKdHakSqmqBGAqPaBDGbJJ1lFt

MJeKHCrVJiHdLaeJ0ozSCRkCqqPe8EtwpJFaveo6moDmtPjtW0gj01DSQitRpenbbZbCIriKNGBT

QuBYpXUR8pKrJn6RnhD5mt8KP5OtLJ2bWxpavlL2UkdkG+zyyOPEwyFIXyBzLaLYZlEuLmdYcKyY

hQe7N/yqycV92wwZ46W8rlxSXA7WYl7yS9LD5TMrI8TJjcrSN3nJl69P1u9LLOMi6SQJU7tdCFsB

1K/0vsbDZXlstFY8LTILzXFjG0krTztZikpR/3kU7pcMnSJEDt7TkA0aWic9qWHkUEgtByry38BY

tQ4i6psA3SWMxfm4RBY6ymzWpqQJzN5VzhbPx7pS7D5LOtaJS55HixiSn4ind1UUcBWWLwcpJd09

8Yqo8xNQd4G85wxBSDR8mVEmuQiswJFKSdb926g9SR5CKwS/s34YGk0Ivyx/GDpgenHMLMKw6omI

WAQbl+1Ou2SxNSyDWnsfbd/60Y5SFNDBDiQnD53ocZ6qIuwu1YWRLeQeX817qBRqtVATPjV6DJJe

jmu7vhxwsVTnQIsWLbkqfHDwMIdTPlGjglpl8M0oJ8REomhpn7aez9Q7Ss38o6XPBxRve3qGU/92

9kJi2FLI2G+V7uafvYVtmJQsscKh0rFOSNfyTAlcLFJ7N/9YajP9mM29K9URKr3G4KG3DsokKi2A

ZDjmiOBLhOfqNfmIEz1WnfpE/dvLj9ScSGHTcVMY8jWuf/PM3YL501q/DMJtnMbHKW9mlxvhpQED

7sPJE+x7zXrN4Ul3BOm715K6qh73ldzk4gZK0RT3RqijRy1W3lK0fHMXDS5olnVr8OEZ4MNLJPhk

zYpGsVsh0Glu65GH5uzTsRqPPx6iGHWZgWCPDXKfvfRCueu0b2YfgE9y+Mln+/jIj/nMS/8e18d1

LMqKfntDtdBsB0rd1KaNyT0NnO5/Dsl/Dr4l2JN/buazZMsyN39JMNu1tyPe+5KvnpK2H3wwu9/h

nNkmzK0WEAA7=="="c:\\DOCUME~1\\Tom\\LOCALS~1\\Temp\\system.exe"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1220)

c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3636)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Visioneer\OneTouch 4.0\OtService.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Motorola\MotoConnectService\MotoConnect.exe

.

**************************************************************************

.

Completion time: 2010-10-22 16:11:14 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-22 23:11

ComboFix2.txt 2010-10-22 22:38

ComboFix3.txt 2010-10-21 23:45

ComboFix4.txt 2010-07-08 17:33

ComboFix5.txt 2010-10-22 22:56

Pre-Run: 42,709,209,088 bytes free

Post-Run: 42,695,073,792 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - CEFF99901B71B7FBF4B0893FFA233D79

[LDTate]

Can you see if this file is still there?

c:\docume~1\Tom\LOCALS~1\Temp\system.exe

How did you fix the internet connection issue?

[sean dorian]

I looked, but the system.exe file is no longer there. I fixed the internet connection issue by following the steps on this page.. http://www.syschat.com/how-fix-repair-wins...rrors-5459.html

How's it looking now?

[LDTate]

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
     
  2. Click once on the Security tab
     
  3. Click once on the Internet icon so it becomes highlighted.
     
  4. Click once on the Custom Level button.
     
  5. Change the Download signed ActiveX controls to Prompt
     
  6. Change the Download unsigned ActiveX controls to Disable
     
  7. Change the Initialize and script ActiveX controls not marked as safe to Disable
     
  8. Change the Installation of desktop items to Prompt
     
  9. Change the Launching programs and files in an IFRAME to Prompt
     
  10. Change the Navigate sub-frames across different domains to Prompt
      
  11. When all these settings have been made, click on the OK button.
      
  12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
      
  13. Next press the Apply button and then the OK to exit the Internet Properties page.
      

  [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

  Without a firewall your computer is succeptible to being hacked and taken over.

  I am very serious about this and see it happen almost every day with my clients.

  Simply using a Firewall in its default configuration can lower your risk greatly.

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

  This will ensure your computer has always the latest security updates available installed on your computer.

  If there are new updates to install, install them immediately, reboot your computer, and revisit the site

  until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

[sean dorian]

Awesome! Alright, I will following the final clean up procedures.

Thanks again LDTate! Great job!

[LDTate]

Great job

You're more than welcome.

Glad we were able to help

Peace be with you

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.