Possible backdoor! [Pros only please]

Respital

Respital

Active Member
Hello.
I need all of the help i can get.
Recently Avira-AntiVir alerted me saying i had a backdoor virus. (404.exe in the system32 folder)
The first thing i did was completely shut down my internet.
I lockedown my Comodo Firewall and my McAFee Firewall i also opened up peerguardian2 and blocked all http.
Then i ran a scan with every single scanning software i have on my computer.
I also reimmunized my system using Spybot Search and Destroy.
Scans were completed with:
  • Comodo Scanner (Found nothing)
  • TrojanHunter5 (Found trojan file C:\cleanup.exe[TrojanDownloader.Banload.1273])
  • SuperAntiSpyware (Found nothing)
  • McAFee Virus Scanner (Found nothing)
  • Ad-Aware 2008 (Found some tracking cookies)
  • Luke Filewalker (Avira-AntiVir)
  • ComboFix
  • DSS
  • Malwarebytes' Anti-Malware (Found nothing)

I am going to include the following logs:
  • ComboFix log
  • DSS log
  • And a HJT log (After everything)

After posting all of the logs i will lockdown my firewall again if told
I thanks you for reading this and helping me.
 
Last edited:
Here are all of the logs:
Starting with main.txt.


Deckard's System Scanner v20071014.68
Run by mdg on 2008-07-17 17:33:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as mdg.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34, on 2008-07-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\mdg\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mdg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-873644563-2105205266-1105227018-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Kuzniak')
O4 - HKUS\S-1-5-21-873644563-2105205266-1105227018-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kuzniak')
O4 - HKUS\S-1-5-21-873644563-2105205266-1105227018-1007\..\Run: [Skype] "C:\Documents and Settings\Kuzniak\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Kuzniak')
O4 - S-1-5-21-873644563-2105205266-1105227018-1007 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Kuzniak')
O4 - S-1-5-21-873644563-2105205266-1105227018-1007 User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Kuzniak')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0233271214445745) (0233271214445745mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023327~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

--
End of file - 10832 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 14:45:49 0 dr-h----- C:\Documents and Settings\mdg\Recent
2008-07-17 14:31:39 0 d-------- C:\Documents and Settings\mdg\Application Data\Mozilla
2008-07-17 11:57:47 0 d-------- C:\Program Files\Defraggler
2008-07-17 11:45:51 188928 --a------ C:\WINDOWS\system32\vbuzip10.DLL <Not Verified; Info-ZIP; UNZIP32 Dynamic Link Library>
2008-07-17 11:45:50 159744 --a------ C:\WINDOWS\system32\wt_menu.dll <Not Verified; vbAccelerator; vbAccelerator PopupMenu Active X DLL>
2008-07-17 11:45:50 40960 --a------ C:\WINDOWS\system32\ssubtmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-07-17 11:45:49 0 d-------- C:\Program Files\Smarty Uninstaller Pro
2008-07-17 11:13:58 0 d-------- C:\Documents and Settings\mdg\Application Data\Desktopicon
2008-07-14 12:01:38 0 d-------- C:\Program Files\Sun
2008-07-14 11:35:33 0 d-------- C:\Documents and Settings\mdg\Application Data\Helios
2008-07-14 11:35:15 0 d-------- C:\Program Files\TextPad 5
2008-07-12 21:33:03 0 d-------- C:\Program Files\HDD Health
2008-07-12 00:08:09 0 d-------- C:\Documents and Settings\mdg\Application Data\Opera
2008-07-12 00:07:53 0 d-------- C:\Program Files\Opera
2008-07-11 19:51:37 391680 --a------ C:\WINDOWS\system32\CF22797.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-10 22:44:48 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-10 22:38:40 0 d-------- C:\Program Files\RegCleaner
2008-07-10 15:50:55 0 d-------- C:\Nexon(0.58)
2008-07-10 15:46:51 0 d-------- C:\Nexon
2008-07-09 19:48:09 0 d-------- C:\Documents and Settings\mdg\Application Data\MySQL
2008-07-09 19:44:40 0 d-------- C:\Program Files\MySQL
2008-07-08 22:25:07 0 d-------- C:\Documents and Settings\mdg\.netbeans-registration
2008-07-08 22:21:57 0 d-------- C:\Program Files\NetBeans 6.1
2008-07-08 13:16:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-08 13:14:00 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-08 13:14:00 0 d-------- C:\Program Files\Autodesk
2008-07-08 12:25:15 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-08 12:20:07 68096 --a------ C:\WINDOWS\zip.exe
2008-07-08 12:20:07 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-08 12:20:07 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-08 12:20:07 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-08 12:20:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-08 12:20:07 98816 --a------ C:\WINDOWS\sed.exe
2008-07-08 12:20:07 80412 --a------ C:\WINDOWS\grep.exe
2008-07-08 12:20:07 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-07 23:26:06 0 d-------- C:\Program Files\Common Files\Stardock
2008-07-07 23:26:00 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-07-07 22:46:58 0 d--h---c- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-07-07 22:40:30 0 d-------- C:\Program Files\Stardock
2008-07-07 17:30:22 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-07 17:30:12 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-07 17:30:11 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-07 17:30:10 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-07 17:30:10 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-07 17:30:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-07 17:30:09 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-07 17:30:07 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-07 17:30:04 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-06 13:47:36 0 d-------- C:\Program Files\Media Player Classic
2008-07-05 20:48:07 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-05 20:47:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-05 15:57:13 0 d-------- C:\DVDTemp
2008-07-05 15:56:50 0 d-------- C:\Program Files\Super_DVD_Creator_9.8
2008-07-05 09:44:52 0 d-------- C:\Documents and Settings\Kuzniak\Application Data\Hamachi
2008-07-05 09:32:37 0 d-------- C:\Documents and Settings\Kuzniak\Application Data\Comodo
2008-07-04 16:40:12 0 d-------- C:\Program Files\Hamachi
2008-07-04 15:58:00 0 d-------- C:\Documents and Settings\mdg\Application Data\Media Player Classic
2008-07-04 10:53:52 0 d-------- C:\Documents and Settings\mdg\Application Data\Comodo
2008-07-04 10:53:50 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-04 10:53:45 0 d-------- C:\Program Files\COMODO
2008-07-03 20:48:40 0 d-------- C:\Documents and Settings\mdg\Application Data\Vso
2008-07-03 18:18:30 0 d-------- C:\Program Files\PowerISO
2008-07-02 17:54:58 2054 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-02 17:54:10 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 17:54:10 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-02 17:54:10 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-02 17:54:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-02 17:54:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-30 18:43:41 0 d-------- C:\Documents and Settings\mdg\Application Data\Uniblue
2008-06-30 18:43:35 0 d-------- C:\Program Files\Uniblue
2008-06-29 23:13:49 0 d-------- C:\Documents and Settings\mdg\Application Data\TrojanHunter
2008-06-29 20:33:03 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-29 19:37:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-29 17:25:16 0 d-------- C:\Program Files\Avira
2008-06-29 17:25:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-28 13:51:54 0 d-------- C:\Documents and Settings\Kuzniak\Application Data\OpenOffice.org2
2008-06-28 13:18:27 0 d-------- C:\Documents and Settings\Kuzniak\Application Data\HPAppData
2008-06-27 13:09:46 0 d-------- C:\Documents and Settings\Kuzniak\Application Data\Real
2008-06-26 23:33:53 0 d-------- C:\Program Files\Oxin's Style!
2008-06-26 19:49:41 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-26 16:10:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-26 15:58:36 0 d-------- C:\Documents and Settings\mdg\Application Data\OpenOffice.org2
2008-06-26 15:56:16 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-26 15:40:32 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-25 22:58:54 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 22:58:21 0 d-------- C:\Program Files\Real
2008-06-25 22:58:12 0 d-------- C:\Program Files\Common Files\Real
2008-06-25 22:58:09 0 d-------- C:\Documents and Settings\mdg\Application Data\Real
2008-06-25 22:54:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 22:49:40 0 d-------- C:\Documents and Settings\mdg\Application Data\Malwarebytes
2008-06-25 22:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 22:49:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 22:30:35 0 d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-06-25 22:30:35 0 d-------- C:\Program Files\Google Earth Pro 4.2
2008-06-24 13:10:45 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-18 14:28:03 0 d-------- C:\Documents and Settings\Kuzniak\Application Data\McAfee
2008-06-18 14:27:31 0 d---s---- C:\Documents and Settings\Kuzniak\Cookies
2008-06-17 22:47:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 13:19:40 0 d-------- C:\Program Files\HammerHead
 
-- Find3M Report ---------------------------------------------------------------

2008-07-17 17:37:14 0 d-------- C:\Program Files\PeerGuardian2
2008-07-17 14:44:43 0 d-------- C:\Program Files\SiteAdvisor
2008-07-17 10:22:53 0 d-------- C:\Documents and Settings\mdg\Application Data\Hamachi
2008-07-14 12:36:53 0 d-------- C:\Documents and Settings\mdg\Application Data\Skype
2008-07-14 12:01:28 0 d-------- C:\Program Files\Java
2008-07-13 23:58:28 0 d-------- C:\Documents and Settings\mdg\Application Data\uTorrent
2008-07-08 13:14:00 0 d-------- C:\Program Files\Common Files
2008-07-06 23:33:39 0 d-------- C:\Documents and Settings\mdg\Application Data\McAfee
2008-07-03 20:50:34 668 --a------ C:\Documents and Settings\mdg\Application Data\vso_ts_preview.xml
2008-07-03 16:57:37 0 d-------- C:\Program Files\Steam
2008-07-03 13:26:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 20:53:24 0 d-------- C:\Program Files\OCCT
2008-06-30 20:53:24 0 d-------- C:\Program Files\Guild Wars
2008-06-30 20:53:24 0 d-------- C:\Program Files\Cheat Engine
2008-06-29 23:13:28 0 d-------- C:\Program Files\DAEMON Tools
2008-06-29 19:25:41 0 d-------- C:\Program Files\Yahoo!
2008-06-26 22:39:22 0 d-------- C:\Program Files\LimeWire
2008-06-26 16:09:48 0 d-------- C:\Program Files\CyberLink
2008-06-25 22:01:26 0 d-------- C:\Program Files\McAfee
2008-06-23 13:38:37 0 d-------- C:\Program Files\ShortKeys2
2008-06-23 13:38:06 0 d-------- C:\Program Files\SpeedFan
2008-06-17 22:48:05 0 d-------- C:\Program Files\Lavasoft
2008-06-17 22:48:04 0 d-------- C:\Documents and Settings\mdg\Application Data\Lavasoft
2008-06-17 22:47:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 20:06:36 10942 --a----c- C:\Documents and Settings\mdg\Application Data\wklnhst.dat
2008-05-31 20:44:19 0 d-------- C:\Documents and Settings\mdg\Application Data\Nero
2008-05-31 20:41:54 0 d-------- C:\Program Files\Common Files\Nero
2008-05-31 20:38:59 0 d-------- C:\Program Files\Nero
2008-05-31 17:14:39 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-28 19:18:18 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-28 19:16:28 0 d-------- C:\Program Files\McAfee.com
2008-05-25 22:52:04 0 d-------- C:\Program Files\Paint.NET
2008-05-25 22:51:30 0 d-------- C:\Program Files\QuickTime
2008-05-24 00:11:47 0 d-------- C:\Documents and Settings\mdg\Application Data\HPAppData
2008-05-23 20:54:15 0 d-------- C:\Program Files\7-Zip
2008-05-22 13:33:30 0 d-------- C:\Program Files\Trymedia
2008-05-20 17:11:40 0 d-------- C:\Documents and Settings\mdg\Application Data\HP
2008-05-19 22:27:48 139775 --a------ C:\WINDOWS\hpoins15.dat
2008-05-18 18:17:19 0 d-------- C:\Program Files\nLite
2008-05-18 17:14:13 0 d-------- C:\Program Files\HP
2008-05-18 17:11:18 0 d-------- C:\Program Files\Common Files\HP
2008-05-18 17:10:27 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-18 14:35:17 0 d-------- C:\Program Files\Copysafe
2008-05-18 14:35:01 0 d-------- C:\Program Files\ATITool
2008-05-18 13:58:13 0 d-------- C:\Program Files\Incomplete
2008-05-17 22:19:56 0 d-------- C:\Program Files\Lavalys
2008-05-17 21:48:39 0 d-------- C:\Program Files\Electronic Arts


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
2007-11-26 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 14:59]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-04-29 21:58 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mdg^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\COMODO\Firewall\cfp.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
"C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayShred]
c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q C:\PROGRA~1\SPYWAR~1.SH!

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
C:\FRAPS\FRAPS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iconcache]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
C:\Program Files\McAfee\MBK\LogOnHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"Dcfssvc"=2 (0x2)
"BITS"=2 (0x2)
"ATI Smart"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - MBAMCATCHME
*Newly Created Service* - PGFILTER



-- End of Deckard's System Scanner: finished at 2008-07-17 17:39:13 ------------

There was no extra.txt (hopfully that isn't bad).
 
Here is the ComboFix log.

ComboFix 08-07-11.1 - mdg 2008-07-17 17:42:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.795 [GMT -4:00]
Running from: C:\Documents and Settings\mdg\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 17:33 . 2008-07-17 17:33 <DIR> d-------- C:\Deckard
2008-07-17 11:57 . 2008-07-17 11:57 <DIR> d-------- C:\Program Files\Defraggler
2008-07-17 11:45 . 2008-07-17 11:46 <DIR> d-------- C:\Program Files\Smarty Uninstaller Pro
2008-07-17 11:45 . 2007-08-15 13:09 417,792 --a------ C:\WINDOWS\system32\vbalCmdBar6.ocx
2008-07-17 11:45 . 2007-08-15 13:09 262,144 --a------ C:\WINDOWS\system32\lst_v.ocx
2008-07-17 11:45 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-17 11:45 . 1999-02-09 21:40 188,928 --a------ C:\WINDOWS\system32\vbuzip10.DLL
2008-07-17 11:45 . 2007-08-15 13:09 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-07-17 11:45 . 2007-08-15 13:09 94,208 --a------ C:\WINDOWS\system32\img_lst.ocx
2008-07-17 11:45 . 2007-08-15 13:09 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll
2008-07-17 11:13 . 2008-07-17 11:16 <DIR> d-------- C:\Program Files\Unlocker
2008-07-17 11:13 . 2008-07-17 11:13 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Desktopicon
2008-07-14 12:01 . 2008-07-14 12:01 <DIR> d-------- C:\Program Files\Sun
2008-07-14 12:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-14 11:35 . 2008-07-14 11:35 <DIR> d-------- C:\Program Files\TextPad 5
2008-07-14 11:35 . 2008-07-14 11:35 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Helios
2008-07-12 21:33 . 2008-07-12 21:33 <DIR> d-------- C:\Program Files\HDD Health
2008-07-12 00:07 . 2008-07-12 00:08 <DIR> d-------- C:\Program Files\Opera
2008-07-10 22:44 . 2008-07-10 23:16 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-10 22:38 . 2008-07-10 23:43 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-10 15:50 . 2008-07-10 15:50 <DIR> d-------- C:\Nexon(0.58)
2008-07-10 15:46 . 2008-07-10 15:46 <DIR> d-------- C:\Nexon
2008-07-09 19:48 . 2008-07-11 16:10 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\MySQL
2008-07-09 19:44 . 2008-07-09 19:45 <DIR> d-------- C:\Program Files\MySQL
2008-07-08 22:25 . 2008-07-08 22:25 <DIR> d-------- C:\Documents and Settings\mdg\.netbeans-registration
2008-07-08 22:21 . 2008-07-08 22:24 <DIR> d-------- C:\Program Files\NetBeans 6.1
2008-07-08 16:49 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-08 13:16 . 2008-07-08 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-08 13:14 . 2008-07-08 13:23 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-08 13:14 . 2008-07-10 22:41 <DIR> d-------- C:\Program Files\Autodesk
2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-07 23:26 . 2008-07-08 13:03 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-07-07 22:46 . 2008-07-07 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-07-07 22:40 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\Stardock
2008-07-07 17:30 . 2008-07-07 17:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-06 13:47 . 2008-07-06 13:47 <DIR> d-------- C:\Program Files\Media Player Classic
2008-07-05 15:57 . 2008-07-05 21:55 <DIR> d-------- C:\DVDTemp
2008-07-05 15:56 . 2008-07-07 00:21 <DIR> d-------- C:\Program Files\Super_DVD_Creator_9.8
2008-07-05 09:44 . 2008-07-05 09:45 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\Hamachi
2008-07-05 09:32 . 2008-07-05 09:32 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\Comodo
2008-07-04 16:40 . 2008-07-04 16:40 <DIR> d-------- C:\Program Files\Hamachi
2008-07-04 15:58 . 2008-07-04 15:58 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Media Player Classic
2008-07-04 11:55 . 2008-07-04 11:55 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-04 11:55 . 2008-07-04 11:55 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-04 10:54 . 2008-07-04 10:54 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-07-04 10:53 . 2008-07-04 10:54 <DIR> d-------- C:\Program Files\COMODO
2008-07-04 10:53 . 2008-07-04 10:53 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Comodo
2008-07-04 10:53 . 2008-07-04 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-04 10:53 . 2008-07-04 10:53 143,104 --a------ C:\WINDOWS\system32\guard32.dll1
2008-07-04 10:53 . 2008-07-04 11:55 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-03 20:48 . 2008-07-03 20:50 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Vso
2008-07-03 18:18 . 2008-07-03 18:18 <DIR> d-------- C:\Program Files\PowerISO
2008-07-02 21:30 . 2008-07-02 21:29 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-02 17:54 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 17:54 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 17:54 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 17:54 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 17:54 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 17:54 . 2008-07-02 17:54 2,054 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-30 18:43 . 2008-07-14 16:14 <DIR> d-------- C:\Program Files\Uniblue
2008-06-30 18:43 . 2008-07-11 20:09 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Uniblue
2008-06-29 23:13 . 2008-06-29 23:13 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\TrojanHunter
2008-06-29 20:33 . 2008-06-29 20:33 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-29 19:37 . 2008-06-29 19:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Program Files\Avira
2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-28 13:51 . 2008-07-08 11:47 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\OpenOffice.org2
2008-06-28 13:18 . 2008-06-28 13:18 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\HPAppData
2008-06-26 23:33 . 2008-06-26 23:33 <DIR> d-------- C:\Program Files\Oxin's Style!
2008-06-26 19:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-26 19:49 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-26 16:10 . 2008-06-26 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-26 15:58 . 2008-07-17 13:11 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\OpenOffice.org2
2008-06-26 15:56 . 2008-06-26 15:56 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-26 15:40 . 2008-06-26 15:40 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-26 13:20 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-26 13:20 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 13:20 . 2008-05-08 08:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-25 23:01 . 2008-06-25 23:01 25 --a------ C:\WINDOWS\cdplayer.ini
2008-06-25 22:58 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Real
2008-06-25 22:58 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-25 22:58 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-25 22:54 . 2008-06-25 22:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 22:54 . 2008-07-17 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 22:49 . 2008-06-25 22:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 22:49 . 2008-06-25 22:49 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Malwarebytes
2008-06-25 22:49 . 2008-06-25 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 22:49 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 22:49 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 22:30 . 2008-06-25 22:30 <DIR> d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-06-25 22:30 . 2008-06-25 22:30 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-06-25 21:48 . 2004-06-10 10:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe
2008-06-25 21:48 . 2004-06-10 10:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys
2008-06-25 21:48 . 2004-06-09 19:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys
2008-06-24 13:10 . 2008-06-24 13:10 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-06-23 17:10 . 2008-06-23 17:10 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 05:52 . 2008-06-20 05:52 225,920 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 14:28 . 2008-06-18 14:28 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\McAfee
2008-06-17 22:47 . 2008-06-17 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 17:27 . 2008-06-17 17:27 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-17 13:19 . 2008-06-17 13:26 <DIR> d-------- C:\Program Files\HammerHead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 21:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-17 19:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-17 18:44 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-17 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-17 14:22 --------- d-----w C:\Documents and Settings\mdg\Application Data\Hamachi
2008-07-14 16:36 --------- d-----w C:\Documents and Settings\mdg\Application Data\Skype
2008-07-14 16:01 --------- d-----w C:\Program Files\Java
2008-07-14 03:58 --------- d-----w C:\Documents and Settings\mdg\Application Data\uTorrent
2008-07-07 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-07 03:33 --------- d-----w C:\Documents and Settings\mdg\Application Data\McAfee
2008-07-04 20:40 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-03 20:57 --------- d-----w C:\Program Files\Steam
2008-07-03 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 13:17 --------- d-----w C:\Documents and Settings\Kuzniak\Application Data\Skype
2008-07-01 00:53 --------- d-----w C:\Program Files\OCCT
2008-07-01 00:53 --------- d-----w C:\Program Files\Guild Wars
2008-07-01 00:53 --------- d-----w C:\Program Files\Cheat Engine
2008-06-30 03:13 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-29 23:25 --------- d-----w C:\Program Files\Yahoo!
2008-06-27 02:39 --------- d-----w C:\Program Files\LimeWire
2008-06-26 20:09 --------- d-----w C:\Program Files\CyberLink
2008-06-26 02:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-26 02:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-26 02:01 --------- d-----w C:\Program Files\McAfee
2008-06-23 17:38 --------- d-----w C:\Program Files\SpeedFan
2008-06-23 17:38 --------- d-----w C:\Program Files\ShortKeys2
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 19:16 2,842 -c--a-w C:\Documents and Settings\Kuzniak\Application Data\wklnhst.dat
2008-06-18 02:48 --------- d-----w C:\Program Files\Lavasoft
2008-06-18 02:48 --------- d-----w C:\Documents and Settings\mdg\Application Data\Lavasoft
2008-06-18 02:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 00:06 10,942 -c--a-w C:\Documents and Settings\mdg\Application Data\wklnhst.dat
2008-06-01 00:44 --------- d-----w C:\Documents and Settings\mdg\Application Data\Nero
2008-06-01 00:41 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-01 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-01 00:38 --------- d-----w C:\Program Files\Nero
2008-05-31 21:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-28 23:18 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-28 23:16 --------- d-----w C:\Program Files\McAfee.com
2008-05-28 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-26 02:52 --------- d-----w C:\Program Files\Paint.NET
2008-05-26 02:51 --------- d-----w C:\Program Files\QuickTime
2008-05-26 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 04:11 --------- d-----w C:\Documents and Settings\mdg\Application Data\HPAppData
2008-05-24 00:54 --------- d-----w C:\Program Files\7-Zip
2008-05-22 17:33 --------- d-----w C:\Program Files\Trymedia
2008-05-20 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-20 21:11 --------- d-----w C:\Documents and Settings\mdg\Application Data\HP
2008-05-18 22:17 --------- d-----w C:\Program Files\nLite
2008-05-18 21:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\HP
2008-05-18 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-18 21:14 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-05-18 21:14 --------- d-----w C:\Program Files\HP
2008-05-18 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-18 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-18 21:11 --------- d-----w C:\Program Files\Common Files\HP
2008-05-18 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-18 21:10 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-18 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-18 18:35 --------- d-----w C:\Program Files\Copysafe
2008-05-18 18:35 --------- d-----w C:\Program Files\ATITool
2008-05-18 17:58 --------- d-----w C:\Program Files\Incomplete
2008-05-18 02:19 --------- d-----w C:\Program Files\Lavalys
2008-05-18 01:48 --------- d-----w C:\Program Files\Electronic Arts
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-26 20:14 42,672 ----a-w C:\WINDOWS\system32\wbsys.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-04-29 21:26 374 -c--a-w C:\Documents and Settings\mdg\Application Data\internaldb6334.dat
2007-04-29 21:25 18,432 ----a-w C:\Documents and Settings\mdg\Application Data\internaldb41.dat
2007-04-29 21:24 538 -c--a-w C:\Documents and Settings\mdg\Application Data\internaldb8467.dat
2006-12-06 03:57 59,952 -c--a-w C:\Documents and Settings\Kuzniak\Application Data\GDIPFONTCACHEV1.DAT
2007-10-17 00:35 56 --sh--r C:\WINDOWS\system32\CF7EBFD16D.sys
2007-10-17 00:38 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2007-06-13 06:23 1617920 5411554c84b28fc522ca788aaf3d2e44 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 1617920 5411554c84b28fc522ca788aaf3d2e44 C:\WINDOWS\icon_TMP\explorer.exe
2007-06-13 06:23 4918784 a4d32bd82c68d8f1407064ad8d2b9ccb C:\WINDOWS\system_backup\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 14:59 266497]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]

C:\Documents and Settings\Kuzniak\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-04-29 21:58 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mdg^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-07-04 11:55 1655552 C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
--a------ 2008-07-04 10:54 278264 C:\Program Files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 10:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayShred]
--a------ 2007-12-04 13:32 111904 c:\PROGRA~1\McAfee\MSHR\ShrCL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 05:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2007-03-15 23:58 781992 C:\Fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 11:22 20480 C:\Program Files\McAfee\MBK\LogonHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 13:59 4838952 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-31 17:40 22879528 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-06-30 23:33 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-25 22:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a------ 2006-06-29 19:55 707376 C:\WINDOWS\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"Dcfssvc"=2 (0x2)
"BITS"=2 (0x2)
"ATI Smart"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\kuzniak2\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\kuzniak2\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Steam\\steamapps\\kuzniak2\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-04 11:55]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-04 11:55]
R3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-19 17:48]
S2 0233271214445745mcinstcleanup;McAfee Application Installer Cleanup (0233271214445745);C:\WINDOWS\TEMP\023327~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 cheetah1;cheetah1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX01.375\ce13\cheetah.sys []
S3 cpuz126;cpuz126;C:\DOCUME~1\mdg\LOCALS~1\Temp\cpuz.sys []
S3 cpuz128;cpuz128;C:\DOCUME~1\mdg\LOCALS~1\Temp\cpuz_x32.sys []
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 iCheat1;iCheat1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX04.953\Engine\WWW.TSFOROS.COM\bin\iDriver.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX00.609\MoonLight_Engine_1083.3\IlvMoney1083.sys []
S3 kaspersky1;Kaspersky1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX19.406\Kaspersky.sys []
S3 sejt1;sejt1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX01.469\akuma\akuma\sejt.sys []
S3 SoRa01;SoRa01;C:\Documents and Settings\mdg\Desktop\SoRa Remake Engine 2.6\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX00.078\Spuc3ngine!\spuce.sys []
S3 SQTECH930B;USB 2.0 PC CAMERA;C:\WINDOWS\system32\Drivers\Capt930b.sys []
S3 sys_com001;sys_com001;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX00.219\SysComEngine_1059\syscom.sys []
S3 TSHAK3T1;TSHAK3T1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX02.891\RE 3.2\spuce.sys []
S3 xp1;xp1;C:\Documents and Settings\mdg\Desktop\XPEngine\xp.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - MBAMCATCHME
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 23:16:37 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-28 23:16:36 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-07-11 02:44:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-01 00:50:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 17:47:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-17 17:49:20
ComboFix-quarantined-files.txt 2008-07-17 21:49:11

Pre-Run: 123,790,409,728 bytes free
Post-Run: 123,780,014,080 bytes free

375 --- E O F --- 2008-07-10 17:34:29

Thanks in advance.:)
P.S: Please PLEASE PLEASE tell me it was a false positive.... :(
Nest is the HJT log.
 
Here is the ComboFix log.

ComboFix 08-07-11.1 - mdg 2008-07-17 17:42:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.795 [GMT -4:00]
Running from: C:\Documents and Settings\mdg\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 17:33 . 2008-07-17 17:33 <DIR> d-------- C:\Deckard
2008-07-17 11:57 . 2008-07-17 11:57 <DIR> d-------- C:\Program Files\Defraggler
2008-07-17 11:45 . 2008-07-17 11:46 <DIR> d-------- C:\Program Files\Smarty Uninstaller Pro
2008-07-17 11:45 . 2007-08-15 13:09 417,792 --a------ C:\WINDOWS\system32\vbalCmdBar6.ocx
2008-07-17 11:45 . 2007-08-15 13:09 262,144 --a------ C:\WINDOWS\system32\lst_v.ocx
2008-07-17 11:45 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-07-17 11:45 . 1999-02-09 21:40 188,928 --a------ C:\WINDOWS\system32\vbuzip10.DLL
2008-07-17 11:45 . 2007-08-15 13:09 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-07-17 11:45 . 2007-08-15 13:09 94,208 --a------ C:\WINDOWS\system32\img_lst.ocx
2008-07-17 11:45 . 2007-08-15 13:09 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll
2008-07-17 11:13 . 2008-07-17 11:16 <DIR> d-------- C:\Program Files\Unlocker
2008-07-17 11:13 . 2008-07-17 11:13 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Desktopicon
2008-07-14 12:01 . 2008-07-14 12:01 <DIR> d-------- C:\Program Files\Sun
2008-07-14 12:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-14 11:35 . 2008-07-14 11:35 <DIR> d-------- C:\Program Files\TextPad 5
2008-07-14 11:35 . 2008-07-14 11:35 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Helios
2008-07-12 21:33 . 2008-07-12 21:33 <DIR> d-------- C:\Program Files\HDD Health
2008-07-12 00:07 . 2008-07-12 00:08 <DIR> d-------- C:\Program Files\Opera
2008-07-10 22:44 . 2008-07-10 23:16 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-10 22:38 . 2008-07-10 23:43 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-10 15:50 . 2008-07-10 15:50 <DIR> d-------- C:\Nexon(0.58)
2008-07-10 15:46 . 2008-07-10 15:46 <DIR> d-------- C:\Nexon
2008-07-09 19:48 . 2008-07-11 16:10 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\MySQL
2008-07-09 19:44 . 2008-07-09 19:45 <DIR> d-------- C:\Program Files\MySQL
2008-07-08 22:25 . 2008-07-08 22:25 <DIR> d-------- C:\Documents and Settings\mdg\.netbeans-registration
2008-07-08 22:21 . 2008-07-08 22:24 <DIR> d-------- C:\Program Files\NetBeans 6.1
2008-07-08 16:49 . 2006-08-16 07:58 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-08 13:16 . 2008-07-08 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-08 13:14 . 2008-07-08 13:23 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-08 13:14 . 2008-07-10 22:41 <DIR> d-------- C:\Program Files\Autodesk
2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-07 23:26 . 2008-07-08 13:03 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-07-07 22:46 . 2008-07-07 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-07-07 22:40 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\Stardock
2008-07-07 17:30 . 2008-07-07 17:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-06 13:47 . 2008-07-06 13:47 <DIR> d-------- C:\Program Files\Media Player Classic
2008-07-05 15:57 . 2008-07-05 21:55 <DIR> d-------- C:\DVDTemp
2008-07-05 15:56 . 2008-07-07 00:21 <DIR> d-------- C:\Program Files\Super_DVD_Creator_9.8
2008-07-05 09:44 . 2008-07-05 09:45 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\Hamachi
2008-07-05 09:32 . 2008-07-05 09:32 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\Comodo
2008-07-04 16:40 . 2008-07-04 16:40 <DIR> d-------- C:\Program Files\Hamachi
2008-07-04 15:58 . 2008-07-04 15:58 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Media Player Classic
2008-07-04 11:55 . 2008-07-04 11:55 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-04 11:55 . 2008-07-04 11:55 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-04 10:54 . 2008-07-04 10:54 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-07-04 10:53 . 2008-07-04 10:54 <DIR> d-------- C:\Program Files\COMODO
2008-07-04 10:53 . 2008-07-04 10:53 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Comodo
2008-07-04 10:53 . 2008-07-04 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-04 10:53 . 2008-07-04 10:53 143,104 --a------ C:\WINDOWS\system32\guard32.dll1
2008-07-04 10:53 . 2008-07-04 11:55 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-03 20:48 . 2008-07-03 20:50 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Vso
2008-07-03 18:18 . 2008-07-03 18:18 <DIR> d-------- C:\Program Files\PowerISO
2008-07-02 21:30 . 2008-07-02 21:29 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-02 17:54 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 17:54 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 17:54 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 17:54 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 17:54 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 17:54 . 2008-07-02 17:54 2,054 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-30 18:43 . 2008-07-14 16:14 <DIR> d-------- C:\Program Files\Uniblue
2008-06-30 18:43 . 2008-07-11 20:09 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Uniblue
2008-06-29 23:13 . 2008-06-29 23:13 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\TrojanHunter
2008-06-29 20:33 . 2008-06-29 20:33 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-29 19:37 . 2008-06-29 19:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Program Files\Avira
2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-28 13:51 . 2008-07-08 11:47 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\OpenOffice.org2
2008-06-28 13:18 . 2008-06-28 13:18 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\HPAppData
2008-06-26 23:33 . 2008-06-26 23:33 <DIR> d-------- C:\Program Files\Oxin's Style!
2008-06-26 19:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-26 19:49 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-26 16:10 . 2008-06-26 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-26 15:58 . 2008-07-17 13:11 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\OpenOffice.org2
2008-06-26 15:56 . 2008-06-26 15:56 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-26 15:40 . 2008-06-26 15:40 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-26 13:20 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-26 13:20 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 13:20 . 2008-05-08 08:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-25 23:01 . 2008-06-25 23:01 25 --a------ C:\WINDOWS\cdplayer.ini
2008-06-25 22:58 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Real
2008-06-25 22:58 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-25 22:58 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-25 22:54 . 2008-06-25 22:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 22:54 . 2008-07-17 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 22:49 . 2008-06-25 22:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 22:49 . 2008-06-25 22:49 <DIR> d-------- C:\Documents and Settings\mdg\Application Data\Malwarebytes
2008-06-25 22:49 . 2008-06-25 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 22:49 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 22:49 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 22:30 . 2008-06-25 22:30 <DIR> d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-06-25 22:30 . 2008-06-25 22:30 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-06-25 21:48 . 2004-06-10 10:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe
2008-06-25 21:48 . 2004-06-10 10:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys
2008-06-25 21:48 . 2004-06-09 19:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys
2008-06-24 13:10 . 2008-06-24 13:10 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-06-23 17:10 . 2008-06-23 17:10 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 05:52 . 2008-06-20 05:52 225,920 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 14:28 . 2008-06-18 14:28 <DIR> d-------- C:\Documents and Settings\Kuzniak\Application Data\McAfee
2008-06-17 22:47 . 2008-06-17 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 17:27 . 2008-06-17 17:27 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-17 13:19 . 2008-06-17 13:26 <DIR> d-------- C:\Program Files\HammerHead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 21:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-17 19:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-17 18:44 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-17 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-17 14:22 --------- d-----w C:\Documents and Settings\mdg\Application Data\Hamachi
2008-07-14 16:36 --------- d-----w C:\Documents and Settings\mdg\Application Data\Skype
2008-07-14 16:01 --------- d-----w C:\Program Files\Java
2008-07-14 03:58 --------- d-----w C:\Documents and Settings\mdg\Application Data\uTorrent
2008-07-07 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-07 03:33 --------- d-----w C:\Documents and Settings\mdg\Application Data\McAfee
2008-07-04 20:40 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-03 20:57 --------- d-----w C:\Program Files\Steam
2008-07-03 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 13:17 --------- d-----w C:\Documents and Settings\Kuzniak\Application Data\Skype
2008-07-01 00:53 --------- d-----w C:\Program Files\OCCT
2008-07-01 00:53 --------- d-----w C:\Program Files\Guild Wars
2008-07-01 00:53 --------- d-----w C:\Program Files\Cheat Engine
2008-06-30 03:13 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-29 23:25 --------- d-----w C:\Program Files\Yahoo!
2008-06-27 02:39 --------- d-----w C:\Program Files\LimeWire
2008-06-26 20:09 --------- d-----w C:\Program Files\CyberLink
2008-06-26 02:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-26 02:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-26 02:01 --------- d-----w C:\Program Files\McAfee
2008-06-23 17:38 --------- d-----w C:\Program Files\SpeedFan
2008-06-23 17:38 --------- d-----w C:\Program Files\ShortKeys2
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 19:16 2,842 -c--a-w C:\Documents and Settings\Kuzniak\Application Data\wklnhst.dat
2008-06-18 02:48 --------- d-----w C:\Program Files\Lavasoft
2008-06-18 02:48 --------- d-----w C:\Documents and Settings\mdg\Application Data\Lavasoft
2008-06-18 02:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 00:06 10,942 -c--a-w C:\Documents and Settings\mdg\Application Data\wklnhst.dat
2008-06-01 00:44 --------- d-----w C:\Documents and Settings\mdg\Application Data\Nero
2008-06-01 00:41 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-01 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-01 00:38 --------- d-----w C:\Program Files\Nero
2008-05-31 21:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-28 23:18 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-28 23:16 --------- d-----w C:\Program Files\McAfee.com
2008-05-28 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-26 02:52 --------- d-----w C:\Program Files\Paint.NET
2008-05-26 02:51 --------- d-----w C:\Program Files\QuickTime
2008-05-26 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 04:11 --------- d-----w C:\Documents and Settings\mdg\Application Data\HPAppData
2008-05-24 00:54 --------- d-----w C:\Program Files\7-Zip
2008-05-22 17:33 --------- d-----w C:\Program Files\Trymedia
2008-05-20 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-20 21:11 --------- d-----w C:\Documents and Settings\mdg\Application Data\HP
2008-05-18 22:17 --------- d-----w C:\Program Files\nLite
2008-05-18 21:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\HP
2008-05-18 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-18 21:14 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-05-18 21:14 --------- d-----w C:\Program Files\HP
2008-05-18 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-18 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-18 21:11 --------- d-----w C:\Program Files\Common Files\HP
2008-05-18 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-18 21:10 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-18 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-18 18:35 --------- d-----w C:\Program Files\Copysafe
2008-05-18 18:35 --------- d-----w C:\Program Files\ATITool
2008-05-18 17:58 --------- d-----w C:\Program Files\Incomplete
2008-05-18 02:19 --------- d-----w C:\Program Files\Lavalys
2008-05-18 01:48 --------- d-----w C:\Program Files\Electronic Arts
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-26 20:14 42,672 ----a-w C:\WINDOWS\system32\wbsys.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-04-29 21:26 374 -c--a-w C:\Documents and Settings\mdg\Application Data\internaldb6334.dat
2007-04-29 21:25 18,432 ----a-w C:\Documents and Settings\mdg\Application Data\internaldb41.dat
2007-04-29 21:24 538 -c--a-w C:\Documents and Settings\mdg\Application Data\internaldb8467.dat
2006-12-06 03:57 59,952 -c--a-w C:\Documents and Settings\Kuzniak\Application Data\GDIPFONTCACHEV1.DAT
2007-10-17 00:35 56 --sh--r C:\WINDOWS\system32\CF7EBFD16D.sys
2007-10-17 00:38 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2007-06-13 06:23 1617920 5411554c84b28fc522ca788aaf3d2e44 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 06:23 1617920 5411554c84b28fc522ca788aaf3d2e44 C:\WINDOWS\icon_TMP\explorer.exe
2007-06-13 06:23 4918784 a4d32bd82c68d8f1407064ad8d2b9ccb C:\WINDOWS\system_backup\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\VCP_SAVE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 14:59 266497]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]

C:\Documents and Settings\Kuzniak\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-04-29 21:58 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mdg^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 14:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-07-04 11:55 1655552 C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
--a------ 2008-07-04 10:54 278264 C:\Program Files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 10:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayShred]
--a------ 2007-12-04 13:32 111904 c:\PROGRA~1\McAfee\MSHR\ShrCL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 05:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2007-03-15 23:58 781992 C:\Fraps\fraps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBkLogOnHook]
--a------ 2007-01-08 11:22 20480 C:\Program Files\McAfee\MBK\LogonHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup]
--a------ 2007-01-16 13:59 4838952 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-31 17:40 22879528 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-06-30 23:33 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-25 22:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a------ 2006-06-29 19:55 707376 C:\WINDOWS\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=3 (0x3)
"PnkBstrA"=2 (0x2)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"Dcfssvc"=2 (0x2)
"BITS"=2 (0x2)
"ATI Smart"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\steamapps\\kuzniak2\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\kuzniak2\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Steam\\steamapps\\kuzniak2\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-04 11:55]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-04 11:55]
R3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-19 17:48]
S2 0233271214445745mcinstcleanup;McAfee Application Installer Cleanup (0233271214445745);C:\WINDOWS\TEMP\023327~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 cheetah1;cheetah1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX01.375\ce13\cheetah.sys []
S3 cpuz126;cpuz126;C:\DOCUME~1\mdg\LOCALS~1\Temp\cpuz.sys []
S3 cpuz128;cpuz128;C:\DOCUME~1\mdg\LOCALS~1\Temp\cpuz_x32.sys []
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 iCheat1;iCheat1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX04.953\Engine\WWW.TSFOROS.COM\bin\iDriver.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX00.609\MoonLight_Engine_1083.3\IlvMoney1083.sys []
S3 kaspersky1;Kaspersky1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX19.406\Kaspersky.sys []
S3 sejt1;sejt1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX01.469\akuma\akuma\sejt.sys []
S3 SoRa01;SoRa01;C:\Documents and Settings\mdg\Desktop\SoRa Remake Engine 2.6\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX00.078\Spuc3ngine!\spuce.sys []
S3 SQTECH930B;USB 2.0 PC CAMERA;C:\WINDOWS\system32\Drivers\Capt930b.sys []
S3 sys_com001;sys_com001;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX00.219\SysComEngine_1059\syscom.sys []
S3 TSHAK3T1;TSHAK3T1;C:\DOCUME~1\mdg\LOCALS~1\Temp\Rar$EX02.891\RE 3.2\spuce.sys []
S3 xp1;xp1;C:\Documents and Settings\mdg\Desktop\XPEngine\xp.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - MBAMCATCHME
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 23:16:37 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-28 23:16:36 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-07-11 02:44:27 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-01 00:50:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 17:47:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-17 17:49:20
ComboFix-quarantined-files.txt 2008-07-17 21:49:11

Pre-Run: 123,790,409,728 bytes free
Post-Run: 123,780,014,080 bytes free

375 --- E O F --- 2008-07-10 17:34:29

Thanks in advance.:)
P.S: Please PLEASE PLEASE tell me it was a false positive.... :(
Nest is the HJT log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:11 PM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-873644563-2105205266-1105227018-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Kuzniak')
O4 - HKUS\S-1-5-21-873644563-2105205266-1105227018-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Kuzniak')
O4 - HKUS\S-1-5-21-873644563-2105205266-1105227018-1007\..\Run: [Skype] "C:\Documents and Settings\Kuzniak\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Kuzniak')
O4 - S-1-5-21-873644563-2105205266-1105227018-1007 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Kuzniak')
O4 - S-1-5-21-873644563-2105205266-1105227018-1007 User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Kuzniak')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0233271214445745) (0233271214445745mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023327~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

--
End of file - 10568 bytes
 
Hello!
I hope I may try to help :D
Well I identified couple of viruses in System32 folder, but only one appears to be a backdoor Trojan ( cssdll32.dll ).

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\WINDOWS\system32\vbalCmdBar6.ocx
C:\WINDOWS\system32\lst_v.ocx
C:\WINDOWS\system32\img_lst.ocx
C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
C:\WINDOWS\system32\cssdll32.dll
C:\WINDOWS\system32\guard32.dll1
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\SrchSTS.exe
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.

Please post a fresh HijackThis log along with the Avenger.txt in your next reply, please.
Is your system running better?

Note: I saw you're using LimeWire and uTorrent if not anything else. I hope you know that P2P software can bring you only viruses and nothing good, so don't be surprised when your pc gets heavily infected.
 
GameMaster said:
Please post a fresh HijackThis log along with the Avenger.txt in your next reply, please.
Is your system running better?

Note: I saw you're using LimeWire and uTorrent if not anything else. I hope you know that P2P software can bring you only viruses and nothing good, so don't be surprised when your pc gets heavily infected.
Click to expand...
Yes i know it can bring me viruses and i am fully aware of the risks.
However i wasn't downloading anything when this happened.
Weird enough i was downloading Firefox from the Mozilla website. (Weird)
I appreciate your help GameMaster. :)

Here is avenger.txt:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\vbalCmdBar6.ocx" deleted successfully.
File "C:\WINDOWS\system32\lst_v.ocx" deleted successfully.
File "C:\WINDOWS\system32\img_lst.ocx" deleted successfully.

Error: "C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}" is a folder, not a file!
Deletion of file "C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "C:\WINDOWS\system32\cssdll32.dll" deleted successfully.
File "C:\WINDOWS\system32\guard32.dll1" deleted successfully.
File "C:\WINDOWS\system32\tmp.reg" deleted successfully.
File "C:\WINDOWS\system32\IEDFix.C.exe" deleted successfully.
File "C:\WINDOWS\system32\SrchSTS.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Here is a new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:49 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - (no file)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

--
End of file - 7875 bytes

Wow, i realized it's much smaller then it was.
It used to be 3400bytes bigger. (I'm guessing this is an improvement.)
I will be awaiting your next reply. :)
P.S: If it makes any difference the file you said was a backdoor was not detected by Avira, and also my Comodo Firewalls' security setting is set to paranoid. :)
 
I enjoyed your support Gamemaster. Im looking forward to your support again.
Thanks..........Odie

Learned a lot from this site.
even though your all straight shooters.
i hang out downstairs often enough.

nice show
 
GameMaster said:
Hi again. Your logfile appears to be clean. However I want to be sure your computer is clean :D

So I'll recommend you F-secure online scan. Follow their prompts, scan and post a logfile :D
Click to expand...

Thanks again GameMaster.:D
Here is the log.
My computer is clean according to it, all it found was a tracking cookie and a ...... (which we cannot discuss on the forums.)

Scanning Report
Saturday, July 19, 2008 11:55:24 - 15:14:41

Computer name: MDG-5912FDC157A
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 2 malware found
Suspicious_F.gen (virus)

* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\FOLDERZ\SIN\CRACKED PROGRAMS\IMAGING PROGRAMS\POWERISO V3.9\KEYGEN\KEYGEN.EXE (Submitted)

Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 54849
* System: 4216
* Not scanned: 289

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 1

Files not scanned:

��

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-07-19
* F-Secure AVP: 7.0.171, 2008-07-18
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
Update
Just got another warning from Avira.
I'm starting to think Avira is giving me false positives.
I'm running scans with Kaspersky, NOD32, and F-Secure.
And none of them have found anything where Avira said the virus was.
GameMaster, WHERE ARE YOU?! :(
 
Hi. I am sorry, we're different timezone. Sorry sorry sorry I was out yesterday evening and this whole night I was sleeping :D

Indeed, keygen.exe is a virus. Every keygen comes packed to a virus ( interesting, evey virus that comes with keygens is backdoor Trojan).

If you were keeping Nod32 as your residental Protection, it would have noticed Keygen and reported it.
But, all you have to do now is delete C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\FOLDERZ\SIN\CRACKED PROGRAMS\IMAGING PROGRAMS\POWERISO V3.9\KEYGEN\KEYGEN.EXE.
In fact, I would delete the whole KEYGEN folder. If not going in normal mode, do it in safe or use Avenger.

Please report back, if needed, we will run another online scan.
 
GameMaster said:
Hi. I am sorry, we're different timezone. Sorry sorry sorry I was out yesterday evening and this whole night I was sleeping :D

Indeed, keygen.exe is a virus. Every keygen comes packed to a virus ( interesting, evey virus that comes with keygens is backdoor Trojan).

If you were keeping Nod32 as your residental Protection, it would have noticed Keygen and reported it.
But, all you have to do now is delete C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\FOLDERZ\SIN\CRACKED PROGRAMS\IMAGING PROGRAMS\POWERISO V3.9\KEYGEN\KEYGEN.EXE.
In fact, I would delete the whole KEYGEN folder. If not going in normal mode, do it in safe or use Avenger.

Please report back, if needed, we will run another online scan.
Click to expand...
Thanks for your help GameMaster. :)
Here is the log from avenger.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\mdg\Desktop\Folderz\Sin\Cracked Programs\Imaging Programs\PowerISO v3.9\Keygen" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Update
Just got ANOTHER warning from avira.
But i think it's okay.

A virus or unwanted program was found!
What should happen with the file?

C:\System Volume Information\...\A0753128.exe

Contains a recognition pattern of the (harmful)
BDS/IRC Chazz 41 back door program

I'm selecting delete.
GameMaster. Help! :(
 
Select Delete that should be just fine.

It wouldn't be a bad idea to flush System Restore points now. Do you know how?
 
You must log in or register to reply here.
Back
Top