1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tried every virus and spyware removal programs but still have infection

Discussion in 'Virus & Other Malware Removal' started by OliH, Apr 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    ive tried every virus and spyware removal program that ive looked up but it only finds viruses first time around. norton keeps blocking atatacks thankfully but its starting to bug me.

    also, spybot finds Win32.Delf.uc but cannot remove and when i retry in safe mode when ive come back on my norton security if down.

    can someone please help me sort this.

    heres a HiJackThis report

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 00:20:54, on 18/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
    O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [iPodVideoConverter_upgrade] "C:\Program Files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" /upgrade
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O20 - Winlogon Notify: youm_3 - youm_3.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate1c98c8b2064dd56) (gupdate1c98c8b2064dd56) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
    O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

    --
    End of file - 12539 bytes
     
  2. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello & Welcome to TechSupportGuy

    Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

    In the meantime please note the following:
    • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
    • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
      1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
      2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
    • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
    • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
    Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
    If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Thanks

    DDS
    Download DDS.scr by sUBs from one of the following links & save it to your desktop.
    Link 1
    Link 2
    • Double-Click on dds.scr and a command window will appear. This is normal
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
    Gmer
    Download GMER Rootkit Scanner from here & save it to your desktop.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.

    NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
    • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
    • Double click the gmer.exe file
    • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
    • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply


    To post in next reply:
    Contents of DDS log
    Contents of Attach.txt
    Contents of Gmer log
     
  3. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    I have run DDS and got the reports ready. gmer keeps crashing so I'll run that tomorrow.

    Just for your information, I removed some Trojan.backdoor.gen and checked my bank and nothings wrong
    but do you recommend changing bank details and passwords
     
  4. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    OK, no problem.

    Regarding Gmer, a couple of things to try -
    Make sure all security programs are properly disabled before running it
    Also run this
    DeFogger
    Download DeFogger by jpshortstuff from here & save it to your desktop.
    • Double click DeFogger to run the tool
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A Finished! message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
    Do not re-enable these drivers until otherwise instructed.

    If still no luck then try running it in Safe Mode. If you don't know how to boot your computer to Safe Mode, let me know.
     
  5. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    Defogger helped run for longer and disabling security helped but
    the scan stopped at avgtray.exe I couldn't stop avg.

    I'm gonna try safe mode now to see if my security programs get disabled when
    I log back into windows. Then scan in safe mode tomorrow. Sorry this is taking long,
    I've been busy with some things
     
  6. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    OK, no worries.
     
  7. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    ok, here are the logs in this order:
    DDS.txt
    Attach.txt
    Defogger_disable.txt
    GMER report.txt


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Oli at 20:26:19.60 on 19/04/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2043 [GMT 1:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Oli\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    mWinlogon: Userinit=c:\windows\system32\Userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
    uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe"
    mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 3600-4600 series\ezprint.exe"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
    mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
    mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
    mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
    mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
    mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
    mRun: [iPodVideoConverter_upgrade] "c:\program files\e-zsoft\ipodvideoconverter\iPodVideoConverter.exe" /upgrade
    mRun: [PWRISOVM.EXE] "c:\program files\poweriso\PWRISOVM.EXE"
    mRun: [AVG9_TRAY] "c:\progra~1\avg\avg9\avgtray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
    StartupFolder: c:\docume~1\oli\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: youm_3 - youm_3.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\oli\applic~1\mozilla\firefox\profiles\2dyponi4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\oli\application data\mozilla\firefox\profiles\2dyponi4.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\oli\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-16 52872]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-4-16 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-4-16 172592]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-16 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-16 29512]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-16 242896]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-4-16 501888]
    R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2010-4-16 108880]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-4-16 116784]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-16 308064]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-4-16 126392]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-4-16 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-16 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100415.001\IDSXpx86.sys [2010-4-16 329592]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100419.002\NAVENG.SYS [2010-4-19 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100419.002\NAVEX15.SYS [2010-4-19 1324720]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S2 gupdate1c98c8b2064dd56;Google Update Service (gupdate1c98c8b2064dd56);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-1-21 98984]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-16 369920]
    S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

    =============== Created Last 30 ================

    2010-04-19 18:47:22 0 d-----w- c:\docume~1\oli\applic~1\AVG9
    2010-04-17 23:20:25 0 d-----w- c:\program files\TrendMicro
    2010-04-17 23:02:17 0 d-----r- c:\program files\Skype
    2010-04-17 22:51:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-04-17 22:51:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-17 22:46:31 0 d-----w- c:\program files\Winamp Detect
    2010-04-17 22:28:07 0 d-----w- c:\program files\Secunia
    2010-04-17 12:49:55 0 d--h--w- C:\$AVG
    2010-04-16 22:49:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-16 22:49:26 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-04-16 22:49:24 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-16 22:49:18 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-16 22:49:13 0 d-----w- c:\windows\system32\drivers\Avg
    2010-04-16 22:48:27 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-04-16 22:43:42 0 d-----w- c:\program files\AVG
    2010-04-16 22:43:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-04-16 13:54:22 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-16 01:20:14 0 d-----w- c:\program files\MSSOAP
    2010-04-16 01:20:09 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
    2010-04-16 00:47:30 1563008 ----a-w- c:\windows\WRSetup.dll
    2010-04-16 00:47:30 0 d-----w- c:\program files\Webroot
    2010-04-16 00:47:30 0 d-----w- c:\docume~1\oli\applic~1\Webroot
    2010-04-16 00:47:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
    2010-04-15 23:59:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-04-15 23:59:55 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-04-15 23:59:55 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-04-15 23:59:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-15 23:59:55 0 d-----w- c:\program files\common files\Symantec Shared
    2010-04-15 23:59:19 0 d-----w- c:\program files\Norton Internet Security
    2010-04-15 23:57:24 0 d-----w- c:\program files\NortonInstaller
    2010-04-15 23:24:57 0 d-----w- c:\windows\ie8updates
    2010-04-15 23:15:19 0 d-----w- c:\docume~1\oli\applic~1\Tific
    2010-04-15 23:06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-15 23:06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-15 22:55:38 0 d-----w- c:\windows\ERUNT
    2010-04-15 22:54:39 0 d-----w- C:\SDFix
    2010-04-13 19:05:33 0 d-sh--w- c:\documents and settings\oli\IECompatCache
    2010-04-13 19:03:40 0 d-sh--w- c:\documents and settings\oli\PrivacIE
    2010-04-13 18:56:11 0 d-sh--w- c:\documents and settings\oli\IETldCache
    2010-04-13 17:39:38 0 dc-h--w- c:\windows\ie8
    2010-04-13 13:33:34 0 d-----w- c:\windows\system32\wbem\Repository
    2010-04-13 00:30:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-04-13 00:30:30 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-04-13 00:30:30 0 d-----w- c:\docume~1\oli\applic~1\SUPERAntiSpyware.com
    2010-04-12 14:31:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-12 14:27:53 0 d-----w- c:\program files\Lavasoft
    2010-04-06 22:04:11 0 d-----w- c:\docume~1\oli\applic~1\Malwarebytes
    2010-04-06 22:04:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-06 22:04:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-04-06 22:04:01 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-06 22:04:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-06 01:26:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-01 22:25:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
    2010-03-31 19:17:41 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
    2010-03-31 19:17:36 50688 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-03-31 19:17:36 479298 ----a-w- c:\windows\system32\wbocx.ocx
    2010-03-31 19:17:36 172032 ----a-w- c:\windows\system32\AniGIF.ocx
    2010-03-31 17:08:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
    2010-03-30 20:48:34 0 d-----w- c:\program files\common files\Blizzard Entertainment
    2010-03-30 20:48:31 0 d-----w- c:\program files\World of Warcraft
    2010-03-23 16:09:41 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-03-22 21:29:09 0 d-----w- C:\Downloads
    2010-03-22 21:29:07 0 d-----w- c:\docume~1\oli\applic~1\BitComet
    2010-03-22 21:25:28 0 d-----w- c:\program files\BitComet
    2010-03-21 02:54:04 1015014 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe

    ==================== Find3M ====================

    2010-04-13 15:42:27 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2010-04-07 19:29:49 1772 ----a-w- c:\docume~1\oli\applic~1\wklnhst.dat
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

    ============= FINISH: 20:28:58.52 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17/01/2009 11:49:48
    System Uptime: 19/04/2010 19:50:14 (1 hours ago)

    Motherboard: Dell Inc | | 0CT103
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 45.825 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP101: 29/12/2009 22:48:28 - Installed EasyInfo
    RP102: 08/01/2010 17:49:33 - System Checkpoint
    RP103: 13/01/2010 14:29:52 - System Checkpoint
    RP104: 14/01/2010 16:04:48 - Software Distribution Service 3.0
    RP105: 21/01/2010 15:42:38 - Software Distribution Service 3.0
    RP106: 22/01/2010 16:48:50 - Software Distribution Service 3.0
    RP107: 02/02/2010 18:26:17 - Installed Project64 1.6
    RP108: 06/02/2010 03:18:09 - System Checkpoint
    RP109: 14/02/2010 14:18:12 - Software Distribution Service 3.0
    RP110: 18/02/2010 14:44:21 - Software Distribution Service 3.0
    RP111: 25/02/2010 15:58:42 - Software Distribution Service 3.0
    RP112: 12/03/2010 06:58:23 - Software Distribution Service 3.0
    RP113: 17/03/2010 16:49:32 - System Checkpoint
    RP114: 20/03/2010 13:12:43 - Installed gmax
    RP115: 23/03/2010 20:53:48 - Software Distribution Service 3.0
    RP116: 29/03/2010 19:50:38 - System Checkpoint
    RP117: 31/03/2010 19:29:24 - Software Distribution Service 3.0
    RP118: 01/04/2010 20:58:19 - System Checkpoint
    RP119: 06/04/2010 23:25:12 - Downloaded and used malwarebytes to remove viruses. WoW was installed
    RP120: 08/04/2010 02:23:01 - started watching ikkitousen anime, viruses were wiped off...
    RP121: 08/04/2010 04:12:27 - latest virus sweep. started ikkitousen.
    RP122: 12/04/2010 15:48:33 - installed and ran Ad-Aware, cleared some adware
    RP123: 13/04/2010 00:23:08 - 2nd ad-aware virus sweep
    RP124: 13/04/2010 01:30:29 - Installed SUPERAntiSpyware Professional
    RP125: 13/04/2010 02:48:41 - superantispyware installed and removes viruses.
    RP126: 13/04/2010 14:32:58 - Restore Operation
    RP127: 13/04/2010 18:42:09 - Installed Windows Internet Explorer 8.
    RP128: 14/04/2010 01:43:56 - Spybot found more viruses. latest norton installed.
    RP129: 14/04/2010 15:59:54 - think viruses are not that much of probs. joe came around
    RP130: 16/04/2010 00:24:26 - Software Distribution Service 3.0
    RP131: 16/04/2010 00:29:19 - Restore Operation
    RP132: 16/04/2010 00:32:41 - Software Distribution Service 3.0
    RP133: 16/04/2010 03:00:17 - Software Distribution Service 3.0
    RP134: 16/04/2010 23:43:22 - Installed AVG 9.0
    RP135: 17/04/2010 13:25:58 - Avg Update
    RP136: 17/04/2010 13:26:50 - Avg Update
    RP137: 17/04/2010 23:41:00 - Installed QuickTime
    RP138: 17/04/2010 23:50:10 - Removed Java(TM) 6 Update 15
    RP139: 17/04/2010 23:50:51 - Installed Java(TM) 6 Update 20
    RP140: 18/04/2010 00:01:57 - Removed Skype™ 4.0
    RP141: 18/04/2010 00:02:14 - Installed Skype™ 4.2
    RP142: 18/04/2010 00:20:23 - Installed HiJackThis
    RP143: 18/04/2010 03:18:59 - Removed Adobe Reader 9.
    RP144: 18/04/2010 03:19:36 - Installed Adobe Reader 9.3.
    RP145: 18/04/2010 21:45:40 - Removed Google Earth.
    RP146: 19/04/2010 19:57:43 - Avg Update
    RP147: 19/04/2010 19:58:54 - Avg Update

    ==== Installed Programs ======================

    4U MP4 Video Converter (version 3.0.2)
    Acrobat.com
    Ad-Aware Email Scanner for Outlook
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.3
    AGEIA PhysX v7.11.13
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AVG 9.0
    AviSynth 2.5
    BitComet 1.19
    BitTorrent
    Bonjour
    CD Audio Reader Filter (remove only)
    Combined Community Codec Pack 2008-09-21 16:18
    Compatibility Pack for the 2007 Office system
    Counter-Strike: Source
    Critical Update for Windows Media Player 11 (KB959772)
    dBpoweramp Music Converter
    DC-Bass Source 1.1.1
    Debut Video Capture Software
    DirectVobSub (remove only)
    DNA
    DScaler 5 Mpeg Decoders
    EA Download Manager
    EA Download Manager UI
    ffdshow [rev 2527] [2008-12-19]
    Fraps (remove only)
    GameSpy Comrade
    Garry's Mod
    gmax
    Google Update Helper
    Haali Media Splitter
    Half-Life
    Half-Life 2
    Half-Life(R) 2
    Half-Life: Blue Shift
    Hex Workshop v6
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    K-Lite Codec Pack 4.7.0 (Basic)
    Lexmark 3600-4600 Series
    LookInMyPC
    Lugaru v1.05
    Mac OS X Cursors
    Macromedia Flash MX
    Malwarebytes' Anti-Malware
    MAX Memory for Xbox 360
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MONOGRAM AMR Splitter/Decoder (remove only)
    Mozilla Firefox (3.6.3)
    Mozilla Thunderbird (3.0.4)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    NaturalMotion endorphin 2.7.1
    NaturalMotion endorphin Control Panel for Maya 7.0 (Version 1.0
    NaturalMotion endorphin Control Panel for Maya 8.0 (Version 1.0
    Nero 7 Essentials
    neroxml
    Norton Internet Security
    NVIDIA Drivers
    OccupationCS: Source
    Oddworld: Abe's Exoddus
    OpenAL
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    PowerISO
    Project64 1.6
    PunkBuster Services
    QuickTime
    RealPlayer
    Replay Converter 3
    Roblox for Oli
    Secunia PSI
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Segoe UI
    ShellWM 0.5 (remove only)
    SHOUTcast Source (remove only)
    SigmaTel Audio
    Skype™ 4.2
    SOFTIMAGE CROSSWALK 2.05
    SOFTIMAGE XSI 6 Mod Tool
    Sound Blaster ADVANCED MB Drivers
    SPORE™
    SPORE™ Creepy & Cute Parts Pack
    Spy Sweeper Core
    Spybot - Search & Destroy
    Steam
    SUPERAntiSpyware Professional
    System Requirements Lab
    TortoiseSVN 1.6.3.16613 (32 bit)
    Uninstall 1.0.0.1
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Veoh Web Player Beta
    Videora iPod Converter 4.07
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.8a
    WebFldrs XP
    Webroot Internet Security Essentials
    Winamp
    Winamp Application Detect
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    World of Warcraft
    XML Paper Specification Shared Components Pack 1.0
    XPort 360
    YouTube Downloader App 1.02
    Zoom Player (remove only)

    ==== Event Viewer Messages From Past Week ========

    17/04/2010 19:51:10, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    16/04/2010 22:53:17, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
    16/04/2010 02:19:43, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
    16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706bf: Security Update for Windows XP (KB980232).
    16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB976662).
    16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for the 2007 Microsoft Office System (KB981715).
    16/04/2010 00:26:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB979683).
    15/04/2010 23:54:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu SRTSP SRTSPX SymIRON SYMTDI Tcpip
    15/04/2010 19:52:06, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001AA00C6CCF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    14/04/2010 21:06:14, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ABB75354-8A99-4AC6-93. The master browser is stopping or an election is being forced.
    13/04/2010 20:13:37, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: The specified module could not be found.
    13/04/2010 20:12:51, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: The specified module could not be found.
    13/04/2010 17:51:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
    13/04/2010 15:08:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    13/04/2010 14:58:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Norton Internet Security service.
    13/04/2010 14:44:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
    13/04/2010 14:40:08, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    13/04/2010 14:37:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BHDrvx86 ccHP eeCtrl Fips IDSxpx86 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu SRTSP SRTSPX SYMTDI Tcpip
    13/04/2010 14:37:32, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    13/04/2010 14:37:32, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/04/2010 14:37:32, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/04/2010 14:37:32, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    13/04/2010 14:37:32, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/04/2010 14:37:32, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/04/2010 14:35:23, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    13/04/2010 14:35:23, error: SRTSP [4] - Error loading virus definitions.
    13/04/2010 14:29:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 ccHP eeCtrl Fips IDSxpx86 SASDIFSV SASKUTIL SCDEmu SRTSP SRTSPX SYMTDI
    13/04/2010 00:08:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    13/04/2010 00:07:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 ccHP eeCtrl Fips IDSxpx86 SCDEmu SRTSP SRTSPX SYMTDI
    12/04/2010 21:04:44, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/04/2010 21:03:56, error: Service Control Manager [7034] - The lxdx_device service terminated unexpectedly. It has done this 1 time(s).
    12/04/2010 21:03:44, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    12/04/2010 21:01:14, error: Service Control Manager [7003] - The Fast User Switching Compatibility service depends on the following nonexistent service: TermService
    12/04/2010 21:00:51, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService service to connect.
    12/04/2010 21:00:51, error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/04/2010 21:00:18, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    12/04/2010 21:00:18, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    12/04/2010 19:32:26, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/04/2010 18:56:23, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    12/04/2010 16:34:46, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

    ==== End Of File ===========================


    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 16:22 on 20/04/2010 (Oli)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.

    Checking for services/drivers...


    -=E.O.F=-
     
  8. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    gmer log too long for copy and pasting, its posted as an attachment
     

    Attached Files:

  9. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

    It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

    P2P Warning!
    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitComet 1.19 | BitTorrent | DNA

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
    P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
    References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
    http://www.techweb.com/wire/160500554
    http://www.internetworldstats.com/articles/art053.htm
    See Clean/Infected P2P Programs here

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    Multiple Anti-virus Programs
    You are operating your computer with multiple Anti-virus programs running in memory at once:

    AVG 9.0 | Norton Internet Security | Webroot Internet Security Essentials

    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove two of them NOW.

    TFC (Temp File Cleaner)
    Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
    • Save any unsaved work. TFC Cleaner will close all open application windows
    • Double-click TFC.exe to run the program, your desktop will temporarily disappear
    • If prompted, click Yes to reboot
    Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

    ComboFix
    Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
    Link 1
    Link 2

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      A guide to do this can be found here
    • Double click on ComboFix.exe & follow the prompts
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
    [​IMG]
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [​IMG]

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    To post in next reply:
    ComboFix log
    Update on how the computer is running
     
  10. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    Hi,

    Thanks for a quick reply and ive taken your advice and removed P2P programs and AVG and Webroot

    my computer started up and finished malware removal and it started quicker than normal and the first time norton, (when i turned it back on), hasn't come up with an alert saying 'computer blocked incoming attack' so great progress so far.

    heres the report:


    ComboFix 10-04-21.01 - Oli 22/04/2010 17:49:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2591 [GMT 1:00]
    Running from: c:\documents and settings\Oli\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common

    Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
    .

    2010-04-22 15:54 . 2010-04-16 00:02 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG.SYS
    2010-04-22 15:54 . 2010-04-16 00:02 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\EECTRL.SYS
    2010-04-22 15:54 . 2010-04-16 00:02 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\CCERASER.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ECMSVR32.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG32.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX32A.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX15.SYS
    2010-04-22 15:54 . 2010-04-16 00:02 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ERASER.SYS
    2010-04-18 20:26 . 2010-04-18 20:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2010-04-18 02:19 . 2010-04-18 02:19 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-17 23:20 . 2010-04-17 23:20 388096 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-17 23:20 . 2010-04-17 23:20 -------- d-----w- c:\program files\TrendMicro
    2010-04-17 23:02 . 2010-04-17 23:02 -------- d-----r- c:\program files\Skype
    2010-04-17 22:52 . 2010-04-17 22:52 -------- d-----w- c:\program files\Common Files\Java
    2010-04-17 22:52 . 2010-04-17 22:52 503808 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcp71.dll
    2010-04-17 22:52 . 2010-04-17 22:52 499712 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\jmc.dll
    2010-04-17 22:52 . 2010-04-17 22:52 348160 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcr71.dll
    2010-04-17 22:52 . 2010-04-17 22:52 61440 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-sse.dll
    2010-04-17 22:52 . 2010-04-17 22:52 12800 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-d3d.dll
    2010-04-17 22:51 . 2010-04-17 22:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-17 22:49 . 2010-04-17 22:49 79488 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
    2010-04-17 22:49 . 2010-04-17 22:49 152576 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
    2010-04-17 22:46 . 2010-04-17 22:46 -------- d-----w- c:\program files\Winamp Detect
    2010-04-17 22:42 . 2010-04-17 22:43 -------- d-----w- c:\program files\QuickTime
    2010-04-17 22:28 . 2010-04-17 22:28 -------- d-----w- c:\program files\Secunia
    2010-04-17 12:49 . 2010-04-17 12:49 -------- d-----w- C:\$AVG
    2010-04-17 00:02 . 2010-04-21 21:22 0 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\prvlcl.dat
    2010-04-16 22:43 . 2010-04-16 22:43 -------- d-----w- c:\program files\AVG
    2010-04-16 22:04 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\Scxpx86.dll
    2010-04-16 22:04 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
    2010-04-16 22:04 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSvix86.sys
    2010-04-16 22:04 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
    2010-04-16 22:04 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys
    2010-04-16 13:54 . 2010-04-16 13:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-16 01:22 . 2010-04-16 01:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-16 01:20 . 2010-04-16 01:20 -------- d-----w- c:\program files\MSSOAP
    2010-04-16 00:05 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
    2010-04-16 00:05 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
    2010-04-16 00:05 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
    2010-04-16 00:05 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
    2010-04-16 00:05 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
    2010-04-16 00:05 . 2009-11-05 22:06 328752 ----a-r- c:\windows\system32\drivers\symds.sys
    2010-04-16 00:03 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSvix86.sys
    2010-04-16 00:03 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
    2010-04-16 00:03 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\Scxpx86.dll
    2010-04-16 00:03 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
    2010-04-16 00:03 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSviA64.sys
    2010-04-16 00:00 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
    2010-04-16 00:00 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
    2010-04-15 23:59 . 2010-04-16 00:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-15 23:59 . 2010-04-15 23:59 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-04-15 23:59 . 2010-04-15 23:59 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-15 23:59 . 2009-10-05 17:34 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
    2010-04-15 23:59 . 2009-11-07 01:08 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll
    2010-04-15 23:59 . 2010-04-15 23:59 -------- d-----w- c:\program files\Norton Internet Security
    2010-04-15 23:57 . 2010-04-15 23:57 -------- d-----w- c:\program files\NortonInstaller
    2010-04-15 23:24 . 2010-04-15 23:25 -------- d-----w- c:\windows\ie8updates
    2010-04-15 23:15 . 2010-04-15 23:15 -------- d-----w- c:\documents and settings\Oli\Application Data\Tific
    2010-04-15 23:06 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-15 23:06 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-15 22:55 . 2010-04-15 22:55 -------- d-----w- c:\windows\ERUNT
    2010-04-15 22:54 . 2010-04-15 23:13 -------- d-----w- C:\SDFix
    2010-04-14 13:59 . 2010-04-14 13:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-04-13 19:05 . 2010-04-13 19:05 -------- d-sh--w- c:\documents and settings\Oli\IECompatCache
    2010-04-13 19:03 . 2010-04-13 19:03 -------- d-sh--w- c:\documents and settings\Oli\PrivacIE
    2010-04-13 18:58 . 2010-04-13 18:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-04-13 18:56 . 2010-04-13 18:56 -------- d-sh--w- c:\documents and settings\Oli\IETldCache
    2010-04-13 17:39 . 2010-04-13 17:44 -------- dc-h--w- c:\windows\ie8
    2010-04-13 13:33 . 2010-04-13 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-13 00:31 . 2010-04-13 00:31 52224 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-13 00:31 . 2010-04-13 00:31 117760 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com
    2010-04-12 23:22 . 2010-04-12 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-04-12 14:31 . 2010-04-12 14:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\program files\Lavasoft
    2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-08 15:08 . 2010-04-08 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\Oli\Application Data\Malwarebytes
    2010-04-06 22:04 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-06 22:04 . 2010-04-14 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-06 22:04 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-06 01:27 . 2010-04-14 13:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-06 01:26 . 2010-04-16 13:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-02 00:30 . 2010-04-02 00:30 -------- d-----w- c:\documents and settings\Oli\Local Settings\Application Data\Blizzard Entertainment
    2010-04-01 22:25 . 2010-04-01 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-03-31 19:22 . 2010-03-31 19:22 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
    2010-03-31 19:21 . 2010-03-31 19:21 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
    2010-03-31 19:17 . 2010-03-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
    2010-03-31 19:17 . 2010-03-31 19:17 50688 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-03-31 17:08 . 2010-03-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
    2010-03-30 20:48 . 2010-03-31 16:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-03-30 20:48 . 2010-04-12 17:57 -------- d-----w- c:\program files\World of Warcraft
    2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
    2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
    2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
    2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
    2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll
    2010-03-24 08:04 . 2010-03-24 18:17 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\AdobeARM.exe
    2010-03-24 08:04 . 2010-03-24 18:17 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\AdobeExtractFiles.dll
    2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\ReaderUpdater.exe
    2010-03-24 08:04 . 2010-03-24 18:17 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28430\AcrobatUpdater.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-22 16:54 . 2004-08-10 13:00 578560 ----a-w- c:\windows\system32\user32.dll
    2010-04-22 16:38 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\Oli\Application Data\Skype
    2010-04-22 16:37 . 2009-01-20 20:15 -------- d-----w- c:\program files\Steam
    2010-04-22 16:26 . 2009-02-02 12:17 -------- d-----w- c:\program files\BitTorrent
    2010-04-22 16:26 . 2010-03-22 21:25 -------- d-----w- c:\program files\BitComet
    2010-04-18 20:39 . 2009-02-11 20:53 -------- d-----w- c:\program files\Google
    2010-04-18 02:14 . 2009-06-09 22:01 -------- d-----w- c:\program files\RealMedia
    2010-04-17 23:02 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-04-17 23:01 . 2010-03-22 21:29 -------- d-----w- c:\documents and settings\Oli\Application Data\BitComet
    2010-04-17 22:47 . 2009-02-17 17:53 -------- d-----w- c:\program files\Winamp
    2010-04-17 22:46 . 2009-02-17 17:53 -------- d-----w- c:\documents and settings\Oli\Application Data\Winamp
    2010-04-17 22:40 . 2009-01-20 22:12 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-17 22:38 . 2009-01-21 07:40 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-04-17 00:59 . 2009-02-02 12:19 -------- d-----w- c:\documents and settings\Oli\Application Data\BitTorrent
    2010-04-16 00:39 . 2009-05-17 13:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-15 23:59 . 2010-04-15 23:59 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-04-15 23:59 . 2010-04-15 23:59 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-04-15 23:59 . 2009-01-20 19:51 -------- d-----w- c:\program files\Symantec
    2010-04-15 23:34 . 2009-01-20 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-04-15 18:55 . 2009-02-08 15:45 -------- d-----w- c:\documents and settings\Oli\Application Data\skypePM
    2010-04-14 15:08 . 2009-01-29 02:49 -------- d-----w- c:\documents and settings\Oli\Application Data\Saytpu
    2010-04-14 00:10 . 2009-06-29 11:28 -------- d-----w- c:\documents and settings\Oli\Application Data\Atim
    2010-04-13 15:42 . 2004-08-10 13:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2010-04-13 00:30 . 2009-02-03 17:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-12 23:23 . 2009-04-22 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2010-04-07 19:29 . 2009-01-21 21:07 1772 ----a-w- c:\documents and settings\Oli\Application Data\wklnhst.dat
    2010-04-06 00:58 . 2009-10-27 12:58 623608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-22 02:33 . 2010-03-22 02:33 -------- d-----w- c:\documents and settings\Oli\Application Data\Media Player Classic
    2010-03-21 21:20 . 2009-01-20 20:06 44592 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-21 03:06 . 2010-03-21 02:54 1015014 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe
    2010-03-20 23:38 . 2009-06-28 14:17 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-03-17 20:13 . 2010-03-17 20:13 7680 ----a-w- c:\documents and settings\Oli\Application Data\Thinstall\Fireworks\4000001be300002i\Fireworks.exe
    2010-03-17 20:13 . 2010-03-17 20:13 -------- d-----w- c:\documents and settings\Oli\Application Data\Thinstall
    2010-03-10 06:15 . 2004-08-10 13:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2004-08-10 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-10 13:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2004-08-10 13:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 10:03 . 2010-03-23 16:09 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:33 . 2004-08-10 13:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-10 13:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-02 18:26 . 2010-02-02 18:26 8854 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
    2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    .
    Infected c:\windows\system32\user32.dll hex repaired


    ------- Sigcheck -------

    [7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

    c:\windows\System32\termsrv.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Steam"="c:\program files\steam\steam.exe" [2010-02-24 1217872]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26105128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-07-27 282624]
    "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
    "EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-03-20 107176]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "nwiz"="c:\windows\system32\nwiz.exe" [2009-06-10 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-09-08 503808]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    c:\documents and settings\Oli\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\lxdxcoms.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "86:TCP"= 86:TCP:BroadCam Web Server
    "8518:TCP"= 8518:TCP:BitComet 8518 TCP
    "8518:UDP"= 8518:UDP:BitComet 8518 UDP
    "15171:TCP"= 15171:TCP:BitComet 15171 TCP
    "15171:UDP"= 15171:UDP:BitComet 15171 UDP

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [16/04/2010 01:05 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [16/04/2010 01:05 172592]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 21:38 536112]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [16/04/2010 01:05 501888]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [16/04/2010 01:05 116784]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [16/04/2010 01:04 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/04/2010 01:02 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [16/04/2010 23:04 329592]
    S2 gupdate1c98c8b2064dd56;Google Update Service (gupdate1c98c8b2064dd56);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 21:55 133104]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [21/01/2009 22:00 98984]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\Oli\Application Data\Mozilla\Firefox\Profiles\2dyponi4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
    FF - plugin: c:\documents and settings\Oli\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
    HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray.exe
    Notify-youm_3 - youm_3.dll
    AddRemove-endorphin Control Panel for Maya 7.0_is1 - c:\mayatestinstallationfolder;\unins000.exe
    AddRemove-endorphin Control Panel for Maya 8.0_is1 - c:\mayatestinstallationfolder;\unins001.exe
    AddRemove-Veoh Web Player Beta - c:\program files\Veoh Networks\VeohWebPlayer\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-22 17:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-861567501-1214440339-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:d0,6b,8f,63,45,10,89,c3,76,cb,95,56,a3,16,40,96,b8,d5,2e,d3,87,
    53,74,42,29,96,be,6c,33,0a,74,81,15,37,f9,ed,87,64,1d,ca,a9,4c,b6,18,7d,67,\
    "rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(680)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    .
    Completion time: 2010-04-22 17:57:57
    ComboFix-quarantined-files.txt 2010-04-22 16:57

    Pre-Run: 49,799,532,544 bytes free
    Post-Run: 49,768,235,008 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    C:\wubildr.mbr = "Ubuntu"

    - - End Of File - - EB270AC91216B384AF3CE3E36F487A14
     
  11. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    Looking better.

    CFScript
    Close any open browsers.
    Open notepad and copy/paste the text in the code box below into it:

    Code:
    FCopy::
    c:\windows\ServicePackFiles\i386\termsrv.dll | c:\windows\System32\termsrv.dll
    File::
    c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    Folder::
    c:\program files\BitTorrent
    c:\program files\BitComet
    c:\documents and settings\Oli\Application Data\BitComet
    c:\documents and settings\Oli\Application Data\BitTorrent
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "8518:TCP"=-
    "8518:UDP"=-
    "15171:TCP"=-
    "15171:UDP"=-
    DDS::
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe
    If prompted by ComboFix to update, please do so
    When finished, it shall produce a log for you at "C:\ComboFix.txt"
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    Kaspersky Online Scan
    Do an online scan with >Kaspersky Online Scanner<
    • Read through the requirements and privacy statement and click on Accept button
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
    • When the downloads have finished, click on Settings
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    • Click on My Computer under Scan
    • Once the scan is complete, it will display the results. Click on View Scan Report
    • You will see a list of infected items there. Click on Save Report As...
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
    • Please post this log in your next reply
    Pictured tutorial if required.

    To post in next reply:
    ComboFix log
    Kaspersky Online Scan log
     
  12. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    Hi,

    Again, thanks for the quick reply and i'd like to ask and tell you some thing

    when will i have to click on 'enable' in defogger, and ive done CFScript instructions and have a report here which ill post now but kasperky ill have to do after the weekend as im off on a weekend trip with my family.

    ComboFix 10-04-21.01 - Oli 23/04/2010 13:01:21.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT 1:00]
    Running from: c:\documents and settings\Oli\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Oli\Desktop\CFScript.txt
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    FILE ::
    "c:\program files\Mozilla Firefox\plugins\npbittorrent.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Oli\Application Data\BitComet
    c:\documents and settings\Oli\Application Data\BitComet\BitComet.xml
    c:\documents and settings\Oli\Application Data\BitComet\cache\post_info.xml
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100322.bak
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100323.bak
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100329.bak
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100415.bak
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.20100417.bak
    c:\documents and settings\Oli\Application Data\BitComet\Downloads.xml.bak
    c:\documents and settings\Oli\Application Data\BitComet\torrents\jre-6u20-windows-i586-s.exe.xml
    c:\documents and settings\Oli\Application Data\BitComet\torrents\SkypeSetup.msi.xml
    c:\documents and settings\Oli\Application Data\BitTorrent
    c:\documents and settings\Oli\Application Data\BitTorrent\[LonE]_Saitou_Chiwa_-_Bakemonogatari_OP_Single_-_staple_stable_[w_scans]_(mp3).rar.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\[Nipponsei] Final Fantasy XIII Original Soundtrack.zip.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\[Nipponsei] Yoku Wakaru Gendai Mahou OP Single - Programming for non-fiction [Asou Natsuko].zip.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\[Voice Synth] VOCALOID 2 CV???? 01 ???? (iso+SA&VSTi Crack).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Afro Samurai - Resurrection (PSP, iPod, Zune).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Afro Samurai.1.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Afro Samurai.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Alien vs Predator 2.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Alvin.and.the.Chipmunks.The.Squeakquel.DVDRip.XviD-RUBY.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\American Pie 5 The Naked Mile[2006]DvDrip[Eng]-BugZ.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Be.Kind.Rewind[2008]DvDrip-aXXo.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Bruce Lee Collection - Dvd Rips - xvid.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Bruno.CAM.XViD.READ.NFO-BirdFlu.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\dht.dat
    c:\documents and settings\Oli\Application Data\BitTorrent\dht.dat.old
    c:\documents and settings\Oli\Application Data\BitTorrent\Download Accelerator Plus Premium v9.21+Crack [ kk ].torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Drag.Me.To.Hell.2009.DvDRip-FxM.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Fraps v2.9.9.rar.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Friday the 13th[2009][Extended Edition]DvDrip[Eng]-FXG.1.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Friday the 13th[2009][Extended Edition]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Gladiator - More Music.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Gladiator Soundtrack (Soundtrack Album 2000).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Halloween.2.2009.DVDScr.XviD-QUINCYMKT.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Ice.Age.3.Dawn.Of.The.Dinosaurs.2009.TS.XviD-Fatal.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Legion.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Macromedia Flash MX Pro 2004 + Keygen.zip.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Metallica - Discography 1983-2008 (19 Albums, 23 CDs).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Michael Jackson - Discography (320kbps).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Ministry of Sound - Chilled II - 1991 - 2009-D1~3 [EAC - FLAC] (oan).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Ministry of Sound - Chilled II - 1991 - 2009-D2~3 [EAC - FLAC] (oan).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Ministry of Sound - Chilled II - 1991 - 2009-D3~3 [EAC - FLAC] (oan).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Nero 7.10.1.0.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Ponyo_On.The.Cliff.2008.DVDRip.XviD-ViSiON.NoRar.www.torrent-loco.com.ar.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Power ISO v3.8 + keygen [h33t] [Original].torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\resume.dat
    c:\documents and settings\Oli\Application Data\BitTorrent\resume.dat.old
    c:\documents and settings\Oli\Application Data\BitTorrent\rss.dat
    c:\documents and settings\Oli\Application Data\BitTorrent\rss.dat.old
    c:\documents and settings\Oli\Application Data\BitTorrent\Russell.Howard.Live.2008.DVDRip.XviD-HAGGiS.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\S.T.A.L.K.E.R.Shadow.of.Chernobyl-ViTALiTY.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Saw VI 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\settings.dat
    c:\documents and settings\Oli\Application Data\BitTorrent\settings.dat.old
    c:\documents and settings\Oli\Application Data\BitTorrent\Soundtrack - Gladiator.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Tenacious.D-The.Pick.Of.Destiny[2006]DvDrip[Eng]-aXXo.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\The.Invention.of.Lying.2009.CAM.XVID-PrisM.[www.torrentfive.com].torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Webroot Spy Sweeper + SerialKeys.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Year One[2009][Unrated Edition]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\Oli\Application Data\BitTorrent\Zombieland 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
    c:\program files\BitComet
    c:\program files\BitTorrent
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\BitTorrent\uninst.exe
    c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

    .
    --------------- FCopy ---------------

    c:\windows\ServicePackFiles\i386\termsrv.dll --> c:\windows\System32\termsrv.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
    .

    2010-04-23 12:01 . 2008-04-14 05:42 295424 -c--a-w- c:\windows\system32\dllcache\termsrv.dll
    2010-04-23 12:01 . 2008-04-14 05:42 295424 ----a-w- c:\windows\system32\termsrv.dll
    2010-04-22 15:54 . 2010-04-16 00:02 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG.SYS
    2010-04-22 15:54 . 2010-04-16 00:02 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\EECTRL.SYS
    2010-04-22 15:54 . 2010-04-16 00:02 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\CCERASER.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ECMSVR32.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVENG32.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX32A.DLL
    2010-04-22 15:54 . 2010-04-16 00:02 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\NAVEX15.SYS
    2010-04-22 15:54 . 2010-04-16 00:02 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100422.002\ERASER.SYS
    2010-04-18 20:26 . 2010-04-18 20:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2010-04-18 02:19 . 2010-04-18 02:19 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-17 23:20 . 2010-04-17 23:20 388096 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-17 23:20 . 2010-04-17 23:20 -------- d-----w- c:\program files\TrendMicro
    2010-04-17 23:02 . 2010-04-17 23:02 -------- d-----r- c:\program files\Skype
    2010-04-17 22:52 . 2010-04-17 22:52 -------- d-----w- c:\program files\Common Files\Java
    2010-04-17 22:52 . 2010-04-17 22:52 503808 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcp71.dll
    2010-04-17 22:52 . 2010-04-17 22:52 499712 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\jmc.dll
    2010-04-17 22:52 . 2010-04-17 22:52 348160 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cb72f6e-n\msvcr71.dll
    2010-04-17 22:52 . 2010-04-17 22:52 61440 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-sse.dll
    2010-04-17 22:52 . 2010-04-17 22:52 12800 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-133a4c79-n\decora-d3d.dll
    2010-04-17 22:51 . 2010-04-17 22:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-17 22:49 . 2010-04-17 22:49 79488 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
    2010-04-17 22:49 . 2010-04-17 22:49 152576 ----a-w- c:\documents and settings\Oli\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
    2010-04-17 22:46 . 2010-04-17 22:46 -------- d-----w- c:\program files\Winamp Detect
    2010-04-17 22:42 . 2010-04-17 22:43 -------- d-----w- c:\program files\QuickTime
    2010-04-17 22:28 . 2010-04-17 22:28 -------- d-----w- c:\program files\Secunia
    2010-04-17 12:49 . 2010-04-17 12:49 -------- d-----w- C:\$AVG
    2010-04-17 00:02 . 2010-04-21 21:22 0 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\prvlcl.dat
    2010-04-16 22:43 . 2010-04-16 22:43 -------- d-----w- c:\program files\AVG
    2010-04-16 22:04 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\Scxpx86.dll
    2010-04-16 22:04 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
    2010-04-16 22:04 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSvix86.sys
    2010-04-16 22:04 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
    2010-04-16 22:04 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys
    2010-04-16 13:54 . 2010-04-16 13:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-04-16 01:22 . 2010-04-16 01:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-16 01:20 . 2010-04-16 01:20 -------- d-----w- c:\program files\MSSOAP
    2010-04-16 00:05 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
    2010-04-16 00:05 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
    2010-04-16 00:05 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
    2010-04-16 00:05 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
    2010-04-16 00:05 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
    2010-04-16 00:05 . 2009-11-05 22:06 328752 ----a-r- c:\windows\system32\drivers\symds.sys
    2010-04-16 00:03 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSvix86.sys
    2010-04-16 00:03 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
    2010-04-16 00:03 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\Scxpx86.dll
    2010-04-16 00:03 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
    2010-04-16 00:03 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSviA64.sys
    2010-04-16 00:00 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
    2010-04-16 00:00 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
    2010-04-15 23:59 . 2010-04-16 00:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-15 23:59 . 2010-04-15 23:59 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-04-15 23:59 . 2010-04-15 23:59 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-15 23:59 . 2009-10-05 17:34 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
    2010-04-15 23:59 . 2009-11-07 01:08 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll
    2010-04-15 23:59 . 2010-04-15 23:59 -------- d-----w- c:\program files\Norton Internet Security
    2010-04-15 23:57 . 2010-04-15 23:57 -------- d-----w- c:\program files\NortonInstaller
    2010-04-15 23:24 . 2010-04-15 23:25 -------- d-----w- c:\windows\ie8updates
    2010-04-15 23:15 . 2010-04-15 23:15 -------- d-----w- c:\documents and settings\Oli\Application Data\Tific
    2010-04-15 23:06 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-15 23:06 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-15 22:55 . 2010-04-15 22:55 -------- d-----w- c:\windows\ERUNT
    2010-04-15 22:54 . 2010-04-15 23:13 -------- d-----w- C:\SDFix
    2010-04-14 13:59 . 2010-04-14 13:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-04-13 19:05 . 2010-04-13 19:05 -------- d-sh--w- c:\documents and settings\Oli\IECompatCache
    2010-04-13 19:03 . 2010-04-13 19:03 -------- d-sh--w- c:\documents and settings\Oli\PrivacIE
    2010-04-13 18:58 . 2010-04-13 18:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-04-13 18:56 . 2010-04-13 18:56 -------- d-sh--w- c:\documents and settings\Oli\IETldCache
    2010-04-13 17:39 . 2010-04-13 17:44 -------- dc-h--w- c:\windows\ie8
    2010-04-13 13:33 . 2010-04-13 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-13 00:31 . 2010-04-13 00:31 52224 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-13 00:31 . 2010-04-13 00:31 117760 ----a-w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-13 00:30 . 2010-04-13 00:30 -------- d-----w- c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com
    2010-04-12 23:22 . 2010-04-12 23:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-04-12 14:31 . 2010-04-12 14:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\program files\Lavasoft
    2010-04-12 14:27 . 2010-04-13 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-08 15:08 . 2010-04-08 15:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\Oli\Application Data\Malwarebytes
    2010-04-06 22:04 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-06 22:04 . 2010-04-14 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-06 22:04 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-06 01:27 . 2010-04-14 13:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-06 01:26 . 2010-04-23 11:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-02 00:30 . 2010-04-02 00:30 -------- d-----w- c:\documents and settings\Oli\Local Settings\Application Data\Blizzard Entertainment
    2010-04-01 22:25 . 2010-04-01 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-03-31 19:22 . 2010-03-31 19:22 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
    2010-03-31 19:21 . 2010-03-31 19:21 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
    2010-03-31 19:17 . 2010-03-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
    2010-03-31 19:17 . 2010-03-31 19:17 50688 ----a-w- c:\windows\system32\wbhelp2.dll
    2010-03-31 17:08 . 2010-03-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
    2010-03-30 20:48 . 2010-03-31 16:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-03-30 20:48 . 2010-04-12 17:57 -------- d-----w- c:\program files\World of Warcraft
    2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
    2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
    2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
    2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
    2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-22 17:19 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\Oli\Application Data\Skype
    2010-04-22 17:19 . 2009-01-20 20:15 -------- d-----w- c:\program files\Steam
    2010-04-22 16:54 . 2004-08-10 13:00 578560 ----a-w- c:\windows\system32\user32.dll
    2010-04-18 20:39 . 2009-02-11 20:53 -------- d-----w- c:\program files\Google
    2010-04-18 02:14 . 2009-06-09 22:01 -------- d-----w- c:\program files\RealMedia
    2010-04-17 23:02 . 2009-02-08 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-04-17 22:47 . 2009-02-17 17:53 -------- d-----w- c:\program files\Winamp
    2010-04-17 22:46 . 2009-02-17 17:53 -------- d-----w- c:\documents and settings\Oli\Application Data\Winamp
    2010-04-17 22:40 . 2009-01-20 22:12 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-17 22:38 . 2009-01-21 07:40 -------- d-----w- c:\program files\Mozilla Thunderbird
    2010-04-16 00:39 . 2009-05-17 13:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-15 23:59 . 2010-04-15 23:59 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-04-15 23:59 . 2010-04-15 23:59 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-04-15 23:59 . 2009-01-20 19:51 -------- d-----w- c:\program files\Symantec
    2010-04-15 23:34 . 2009-01-20 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-04-15 18:55 . 2009-02-08 15:45 -------- d-----w- c:\documents and settings\Oli\Application Data\skypePM
    2010-04-14 15:08 . 2009-01-29 02:49 -------- d-----w- c:\documents and settings\Oli\Application Data\Saytpu
    2010-04-14 00:10 . 2009-06-29 11:28 -------- d-----w- c:\documents and settings\Oli\Application Data\Atim
    2010-04-13 15:42 . 2004-08-10 13:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2010-04-13 00:30 . 2009-02-03 17:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-12 23:23 . 2009-04-22 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2010-04-07 19:29 . 2009-01-21 21:07 1772 ----a-w- c:\documents and settings\Oli\Application Data\wklnhst.dat
    2010-04-06 00:58 . 2009-10-27 12:58 623608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-22 02:33 . 2010-03-22 02:33 -------- d-----w- c:\documents and settings\Oli\Application Data\Media Player Classic
    2010-03-21 21:20 . 2009-01-20 20:06 44592 ----a-w- c:\documents and settings\Oli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-21 03:06 . 2010-03-21 02:54 1015014 ----a-w- c:\windows\OccupationCS_ Source Uninstaller.exe
    2010-03-20 23:38 . 2009-06-28 14:17 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-03-17 20:13 . 2010-03-17 20:13 7680 ----a-w- c:\documents and settings\Oli\Application Data\Thinstall\Fireworks\4000001be300002i\Fireworks.exe
    2010-03-17 20:13 . 2010-03-17 20:13 -------- d-----w- c:\documents and settings\Oli\Application Data\Thinstall
    2010-03-10 06:15 . 2004-08-10 13:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2004-08-10 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-10 13:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2004-08-10 13:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 10:03 . 2010-03-23 16:09 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:33 . 2004-08-10 13:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-10 13:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-02 18:26 . 2010-02-02 18:26 8854 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
    2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2010-02-02 18:26 . 2010-02-02 18:26 40960 ----a-r- c:\documents and settings\Oli\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    .

    ((((((((((((((((((((((((((((( [email protected]_16.55.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-22 17:17 . 2010-04-22 17:17 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
    + 2010-04-22 17:18 . 2010-04-22 17:18 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
    + 2009-12-21 19:09 . 2009-12-21 19:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
    + 2009-12-22 00:57 . 2009-12-22 00:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
    + 2009-12-21 19:02 . 2009-12-21 19:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
    + 2009-12-21 22:21 . 2009-12-21 22:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
    + 2009-12-21 22:37 . 2009-12-21 22:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
    + 2009-12-21 17:39 . 2009-12-21 17:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
    + 2009-12-21 17:27 . 2009-12-21 17:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
    + 2009-12-21 17:27 . 2009-12-21 17:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
    + 2009-12-21 17:35 . 2009-12-21 17:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
    + 2009-12-21 19:05 . 2009-12-21 19:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
    + 2009-12-21 17:34 . 2009-12-21 17:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
    + 2009-11-09 18:18 . 2009-11-09 18:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
    + 2009-12-21 19:02 . 2009-12-21 19:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
    + 2009-12-21 17:43 . 2009-12-21 17:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
    + 2009-12-22 00:57 . 2009-12-22 00:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
    + 2009-12-21 17:15 . 2009-12-21 17:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
    + 2009-12-21 18:32 . 2009-12-21 18:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
    + 2009-12-21 18:15 . 2009-12-21 18:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
    + 2009-12-21 17:29 . 2009-12-21 17:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
    + 2009-10-27 19:34 . 2009-10-27 19:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
    + 2009-12-21 22:31 . 2009-12-21 22:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
    + 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\462b5.msp
    + 2009-12-21 22:21 . 2009-12-21 22:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Steam"="c:\program files\steam\steam.exe" [2010-02-24 1217872]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26105128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-07-27 282624]
    "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
    "EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-03-20 107176]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "nwiz"="c:\windows\system32\nwiz.exe" [2009-06-10 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-09-08 503808]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

    c:\documents and settings\Oli\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\youm_3]
    [BU]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\lxdxcoms.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "86:TCP"= 86:TCP:BroadCam Web Server
    "8518:TCP"= 8518:TCP:BitComet 8518 TCP
    "8518:UDP"= 8518:UDP:BitComet 8518 UDP
    "15171:TCP"= 15171:TCP:BitComet 15171 TCP
    "15171:UDP"= 15171:UDP:BitComet 15171 UDP

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [16/04/2010 01:05 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [16/04/2010 01:05 172592]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 21:38 536112]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [16/04/2010 01:05 501888]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [16/04/2010 01:05 116784]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [16/04/2010 01:04 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/04/2010 01:02 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys [16/04/2010 23:04 329592]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
    S2 gupdate1c98c8b2064dd56;Google Update Service (gupdate1c98c8b2064dd56);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 21:55 133104]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [21/01/2009 22:00 98984]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 20:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    FF - ProfilePath - c:\documents and settings\Oli\Application Data\Mozilla\Firefox\Profiles\2dyponi4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
    FF - plugin: c:\documents and settings\Oli\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-23 13:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-861567501-1214440339-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:d0,6b,8f,63,45,10,89,c3,76,cb,95,56,a3,16,40,96,b8,d5,2e,d3,87,
    53,74,42,29,96,be,6c,33,0a,74,81,15,37,f9,ed,87,64,1d,ca,a9,4c,b6,18,7d,67,\
    "rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(680)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    c:\documents and settings\Oli\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    .
    Completion time: 2010-04-23 13:09:40
    ComboFix-quarantined-files.txt 2010-04-23 12:09
    ComboFix2.txt 2010-04-22 16:57

    Pre-Run: 49,611,976,704 bytes free
    Post-Run: 49,570,676,736 bytes free

    - - End Of File - - B84FC360D217D2EC1C196457AA7BD856
     
  13. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    We usually wait until the Clean up to re-enable your CD Emulation Drivers, but you can probably do that now if you like.

    No problem with the Kaspersky Scan... I'll be here. Have a good trip.
     
  14. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    Hi,

    Thanks for the wait but, im just sending this message to let you know that im back from the trip and updating kasperky oninescanner as this message is being sent.

    will post scan log as soon as its done
     
  15. OliH

    OliH Thread Starter

    Joined:
    Apr 17, 2010
    Messages:
    16
    Hi,

    kaspersky is 43% done scanning right now and a question came to mind about my anti virus, (Norton),
    Would i be able to get my money back off them for not protecting my computer twice now, and if so, could you help me do so?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Tried every virus
  1. poke0908
    Replies:
    0
    Views:
    661
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917555

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice