Thanks again. I deleted the older versions of Adobe Reader as your instructed; should I also delete other Adobe applications. I have Adobe AIR, Adobe Flash Player 10 Plugin, Adobe Flash Player ActiveX, Adobe Photoshop CS, Adobe Reader 9, and Adobe Photoshop Album Starter Edition 3 currently on my computer. On an unrelated note (I think) my computer has been unable to go to "standby" mode for the past few months, before the malware problems and was wondering if you have any advice, thanks.
Here are the log files.
KAS log:--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 22, 2008 16:51:12
Records in database: 1403049
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 98672
Threat name: 14
Infected objects: 37
Suspicious objects: 0
Duration of the scan: 03:12:36
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_85f0a1c1_.sys.zip Infected: Backdoor.Win32.Agent.tzc 3
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkLDWQJ.dll.vir.vir Infected: Trojan.Win32.Monderb.wqg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kocddhxq.dll.vir Infected: Trojan.Win32.Agent.amwx 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP904\A0101990.dll Infected: Backdoor.Win32.Wisdoor.ee 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP916\A0103477.dll Infected: Backdoor.Win32.Wisdoor.ee 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP922\A0103693.dll Infected: Backdoor.Win32.Wisdoor.ee 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP925\A0104791.dll Infected: Backdoor.Win32.Wisdoor.ee 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP927\A0104949.dll Infected: Backdoor.Win32.Wisdoor.ee 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP928\A0106255.dll Infected: Backdoor.Win32.Wisdoor.ee 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP930\A0106780.exe Infected: Trojan.Win32.Buzus.pzs 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP977\A0116941.exe Infected: Trojan-Dropper.Win32.BAT.v 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP977\A0116941.exe Infected: Trojan.Win32.Agent.anok 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP977\A0116941.exe Infected: Trojan.Win32.Agent.anof 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP977\A0116941.exe Infected: Trojan.Win32.Agent.anoi 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP977\A0116941.exe Infected: Trojan.Win32.Agent.anog 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP978\A0116945.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP978\A0116961.dll Infected: Trojan.Win32.Monderb.wqg 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP978\A0118898.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP979\A0119902.exe Infected: Trojan.Win32.Monder.ycb 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP982\A0122912.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.etm 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP983\A0122954.dll Infected: Trojan.Win32.Monderb.wqg 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP983\A0123962.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.etm 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP983\A0123975.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP983\A0123994.exe Infected: Trojan.Win32.Agent.anok 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP984\A0123998.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP984\A0124982.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP985\A0126122.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP985\A0126144.dll Infected: Trojan.Win32.Agent.amwx 1
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP986\A0127214.inf Infected: Worm.Win32.AutoRun.nuu 1
C:\WINDOWS\http.dll Infected: Backdoor.Win32.Wisdoor.ee 1
E:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP978\A0116947.inf Infected: Worm.Win32.AutoRun.oni 1
E:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP983\A0122939.inf Infected: Worm.Win32.AutoRun.oni 1
E:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP983\A0122945.inf Infected: Worm.Win32.AutoRun.oni 1
E:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP985\A0126239.inf Infected: Worm.Win32.AutoRun.oni 1
E:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP1002\A0130333.inf Infected: Worm.Win32.AutoRun.oni 1
The selected area was scanned.
HJT Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:48 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\whatever.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - /member/ocx/WonSearchX.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1163558373234O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - /member/ocx/WonList.ocx
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - /member/ocx/plotwon.ocx
O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - /member/ocx/PFMngr.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
--
End of file - 11424 bytes
CFS Log:
ComboFix 08-11-22.01 - Alex's 2008-11-22 11:37:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.616 [GMT -8:00]
Running from: c:\documents and settings\Alex's\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
.
((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.
2008-11-21 15:37 . 2008-11-21 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 15:34 . 2008-11-21 15:34 <DIR> d-------- c:\program files\Bonjour
2008-11-21 15:32 . 2008-11-21 15:33 <DIR> d-------- c:\program files\QuickTime
2008-11-21 15:26 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-20 23:41 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-20 23:40 . 2008-11-20 23:40 <DIR> d-------- c:\program files\Common Files\Java
2008-11-20 23:36 . 2008-11-20 23:36 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-20 08:09 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 08:08 . 2008-09-04 09:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-19 22:54 . 2008-11-19 22:54 <DIR> d-------- c:\documents and settings\Alex's\Application Data\Malwarebytes
2008-11-19 22:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-19 22:52 . 2008-11-19 22:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 22:52 . 2008-11-19 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-19 22:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 00:25 . 2008-11-13 00:25 <DIR> d-------- C:\VundoFix Backups
2008-11-12 00:34 . 2008-11-12 00:34 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 13:04 . 2008-11-09 13:04 <DIR> d-------- c:\program files\CDisplay
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-10-23 22:49 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 19:31 --------- d-----w c:\program files\Common Files\Adobe
2008-11-22 03:12 --------- d-----w c:\program files\Trillian
2008-11-22 00:03 --------- d-----w c:\documents and settings\Alex's\Application Data\Apple Computer
2008-11-21 23:38 --------- d-----w c:\program files\iTunes
2008-11-21 23:37 --------- d-----w c:\program files\iPod
2008-11-21 23:37 --------- d-----w c:\program files\Common Files\Apple
2008-11-21 23:28 --------- d-----w c:\program files\Apple Software Update
2008-11-21 07:41 --------- d-----w c:\program files\Java
2008-11-19 15:37 --------- d-----w c:\documents and settings\Alex's\Application Data\uTorrent
2008-11-12 08:37 --------- d-----w c:\program files\Gabest
2008-11-12 06:02 --------- d-----w c:\program files\Lavasoft
2008-11-12 06:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-10 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 15:48 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-08 02:19 --------- d-----w c:\documents and settings\Alex's\Application Data\Skype
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 09:23 --------- d-----w c:\program files\DivX
2008-09-28 22:15 --------- d-----w c:\program files\Uniblue
2008-09-11 19:43 8,704 ----a-w c:\windows\http.dll
2007-08-05 18:57 92,064 ----a-w c:\documents and settings\Alex's\mqdmmdm.sys
2007-08-05 18:57 9,232 ----a-w c:\documents and settings\Alex's\mqdmmdfl.sys
2007-08-05 18:57 79,328 ----a-w c:\documents and settings\Alex's\mqdmserd.sys
2007-08-05 18:57 66,656 ----a-w c:\documents and settings\Alex's\mqdmbus.sys
2007-08-05 18:57 6,208 ----a-w c:\documents and settings\Alex's\mqdmcmnt.sys
2007-08-05 18:57 5,936 ----a-w c:\documents and settings\Alex's\mqdmwhnt.sys
2007-08-05 18:57 4,048 ----a-w c:\documents and settings\Alex's\mqdmcr.sys
2007-08-05 18:57 25,600 ----a-w c:\documents and settings\Alex's\usbsermptxp.sys
2007-08-05 18:57 22,768 ----a-w c:\documents and settings\Alex's\usbsermpt.sys
2008-07-14 01:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-11-20_21.59.43.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-21 23:39:09 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-11-21 23:28:56 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-21 10:02:14 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-11-21 23:34:33 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
- 2008-10-19 09:11:54 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-21 10:13:33 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-19 09:11:55 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-21 10:13:33 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-19 09:11:55 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-21 10:13:33 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-19 09:11:53 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-21 10:13:31 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-19 09:11:55 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-21 10:13:33 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-19 09:11:56 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-21 10:13:34 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-19 09:11:56 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-21 10:13:34 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-19 09:11:57 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-21 10:13:34 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-19 09:11:54 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-21 10:13:32 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-19 09:11:53 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-21 10:13:32 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-19 09:11:58 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-21 10:13:35 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-19 09:11:52 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-21 10:13:31 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-19 09:11:52 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-21 10:13:31 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-19 09:01:59 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-11-21 10:14:21 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2007-12-12 23:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
+ 2008-08-29 18:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 17:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
- 2006-09-19 19:44:04 15,664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 21:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 21:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 21:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 22:23:30 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2006-10-04 00:47:52 109,360 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 21:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-06-10 08:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 09:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2008-06-10 08:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 09:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 09:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 10:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 22:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-10-01 00:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-11-08 20:35:37 54,010 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-22 04:06:05 54,010 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-08 20:35:37 383,822 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-22 04:06:05 383,822 ----a-w c:\windows\system32\perfh009.dat
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-10-01 00:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-10-01 00:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"ControlCenter"="c:\program files\IBM fingerprint software\ctlcntr.exe" [2004-11-04 284766]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-11 344064]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-14 36864]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2004-12-21 135168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"sealmon"="c:\program files\SealedMedia\sealmon.exe" [2006-03-15 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 94208]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-07-15 1207128]
"TpShocks"="TpShocks.exe" [2004-10-27 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2004-11-12 c:\windows\system32\TP4EX.exe]
"WD Button Manager"="WDBtnMgr.exe" [2006-11-29 c:\windows\system32\WDBtnMgr.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-25 113664]
BTTray.lnk - c:\program files\IBM\Bluetooth Software\BTTray.exe [2004-10-01 565309]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-17 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2004-11-04 08:51 108636 c:\program files\IBM fingerprint software\psfus.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 02:07 262144 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 19:11 24576 c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 21:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2004-08-06 01:10 442368 c:\program files\IBM\Messages By IBM\ibmmessages.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-07 22:12 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-07 22:13 774168 c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-02-23 11:10 35328 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\program files\\mozilla firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24535:TCP"= 24535:TCP:BND
"31912:TCP"= 31912:TCP:BND
"24048:TCP"= 24048:TCP:BND
"4493:TCP"= 4493:TCP:BND
"12654:TCP"= 12654:TCP:BND
"8122:TCP"= 8122:TCP:BND
"3027:TCP"= 3027:TCP:BND
R0 Shockprf;Shockprf;c:\windows\system32\drivers\Shockprf.sys [2005-07-17 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-07-17 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-07-17 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-07-17 2432]
R1 SandBox;SandBox;c:\windows\system32\DRIVERS\SandBox.sys [2008-08-11 673920]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-07-17 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2005-07-17 4442]
R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2004-12-16 63616]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-05-13 24652]
R3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2008-08-11 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-08-11 234640]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2008-08-11 33408]
R3 portio;TPM Service;c:\windows\system32\DRIVERS\NscTpmDD.sys [1979-12-31 13757]
R3 TPInput;TPInput;c:\windows\system32\DRIVERS\TPInput.sys [2005-07-17 6016]
R3 VBEngNT;VBEngNT;c:\windows\system32\DRIVERS\VBEngNT.sys [2008-08-11 1072722]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2008-08-11 158816]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2008-08-11 1570136]
S3 ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys []
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2005-07-17 12288]
.
Contents of the 'Scheduled Tasks' folder
2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-11-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2004-12-21 00:00]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Alex's\Application Data\Mozilla\Firefox\Profiles\scnst0eh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npaxctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-22 11:43:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tphklock.dll
PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\system32\pwdmon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-22 11:48:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-22 19:48:22
ComboFix2.txt 2008-11-21 06:00:21
ComboFix3.txt 2008-11-19 06:26:32
Pre-Run: 3,479,035,904 bytes free
Post-Run: 3,548,504,064 bytes free
333 --- E O F --- 2008-11-21 10:19:31
Current problems include 1) Scanning with Ad Aware causes computer to automatically reboot; blue screen of death appears 2) Unable to download files 3) Browser popups (using firefox) 4) Windows Automatic Update turned off and I'm unable to turn it on. 5) Constant popup warnings from Spybot and Outpost Security that registry is being modified, prompting me to block or allow. 
