Request to examine log file

D

dbt

New Member
In the past week I've been getting messages from AVG stating that I have "Trojan Horse Generic 17.CLWU" located in C:\windows\system32\userinit.exe. The only websites I could access were ones that I had bookmarked. Everything else was getting hijacked.

Here is the malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4169

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/4/2010 4:57:24 PM
mbam-log-2010-06-04 (16-57-24).txt

Scan type: Quick scan
Objects scanned: 180833
Time elapsed: 20 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ernel32.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\AA93e7.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\EI93q7.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\SK1793cE9.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\SK5y5.dll (Trojan.TDSS) -> No action taken.
C:\Documents and Settings\Brad\Local Settings\Temp\Thk.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Tzinoa.exe (Trojan.Fraudpack) -> No action taken.
C:\Documents and Settings\Brad\Local Settings\Temp\ie1B.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
 
I think my infection is preventing me from posting my hijackthis log. I tried to include it in my first post as well as separately but had no luck.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:59 PM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [{24F796D3-1E4A-7E93-8D91-18271346ADC1}] "C:\Documents and Settings\Brad\Application Data\Acsati\luuxu.exe"
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C
 
Last edited:
You didn't post the full hijackthis log, however since you have rootkits on your system then you need to do the following.

If you can't get to the website i'm gonna link you to then you will need to use a usb flash drive and download it from a different computer and then transfer it to the infected computers desktop.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Below are the logs I think you're looking for. My PC is working ok at this point.

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:59 PM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [{24F796D3-1E4A-7E93-8D91-18271346ADC1}] "C:\Documents and Settings\Brad\Application Data\Acsati\luuxu.exe"
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1226162942796
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7901 bytes



combofix log:

ComboFix 10-06-03.01 - Brad 06/05/2010 11:14:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1330 [GMT -4:00]
Running from: C:\Documents and Settings\Brad\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Brad\Application Data\inst.exe
C:\Documents and Settings\Brad\Local Settings\Application Data\Windows Server
C:\Documents and Settings\Brad\Local Settings\Application Data\Windows Server\flags.ini
C:\Documents and Settings\Brad\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\WINDOWS\desktop
C:\WINDOWS\desktop\Virtual Pool 3.lnk
C:\WINDOWS\system32\Chip.dll
C:\WINDOWS\system32\ernel32.dll
C:\WINDOWS\system32\Pvt.tmp

----- BITS: Possible infected sites -----

hxxp://goldencaravela.net
Infected copy of C:\WINDOWS\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-05 15:12:01 . 2010-06-02 20:58:25 72192 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\5mYW5.dll
2010-06-05 15:09:47 . 2010-06-02 20:58:25 72192 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\9qGM9gM7g.dll
2010-06-04 20:35:59 . 2010-04-29 19:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-06-04 20:35:57 . 2010-06-04 20:36:05 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-04 20:35:57 . 2010-04-29 19:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-03 01:57:49 . 2010-06-03 01:57:49 -------- d-----w- C:\Program Files\Trend Micro
2010-06-03 00:57:30 . 2010-06-03 00:57:30 -------- d-----w- C:\Documents and Settings\Brad\Application Data\Malwarebytes
2010-06-03 00:57:18 . 2010-06-03 00:57:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-02 22:22:54 . 2010-06-02 22:23:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-02 22:22:05 . 2010-06-02 22:22:05 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-01 18:26:07 . 2010-06-03 02:06:42 -------- d-----w- C:\Program Files\Ask.com
2010-06-01 05:28:09 . 2010-06-01 05:28:09 -------- d-s---w- C:\Documents and Settings\NetworkService\UserData
2010-05-31 15:31:24 . 2010-05-31 15:40:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DivX
2010-05-25 03:50:26 . 2010-05-25 03:50:26 -------- d-----w- C:\Documents and Settings\Danielle\Local Settings\Application Data\Identities
2010-05-22 17:07:38 . 2008-04-14 00:12:38 26112 ----a-w- C:\WINDOWS\system32\stu2.exe
2010-05-19 17:22:43 . 2010-05-19 17:22:47 -------- d-----w- C:\Documents and Settings\Shelley\Application Data\Media Player Classic
2010-05-17 19:43:15 . 2010-05-17 19:43:15 -------- d-----w- C:\Documents and Settings\Danielle\Application Data\Search Settings
2010-05-17 19:43:12 . 2010-05-17 19:43:12 -------- d-----w- C:\Documents and Settings\Danielle\Application Data\pdfforge
2010-05-16 04:13:15 . 2010-04-12 21:29:19 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-05-11 21:48:15 . 2010-05-11 21:48:15 -------- d-----w- C:\Documents and Settings\Shelley\Application Data\Search Settings
2010-05-11 21:48:04 . 2010-05-11 21:48:04 -------- d-----w- C:\Documents and Settings\Shelley\Application Data\pdfforge
2010-05-11 09:08:29 . 2010-05-24 02:51:30 670024 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-11 03:58:30 . 2010-05-11 03:58:30 -------- d-----w- C:\Documents and Settings\Justin\Application Data\Search Settings
2010-05-11 03:58:11 . 2010-05-11 03:58:11 -------- d-----w- C:\Documents and Settings\Justin\Application Data\pdfforge
2010-05-11 00:55:29 . 2001-10-28 20:42:30 116224 ----a-w- C:\WINDOWS\system32\pdfcmnnt.dll
2010-05-11 00:55:26 . 2010-05-11 00:56:17 -------- d-----w- C:\Program Files\PDFCreator
2010-05-11 00:55:26 . 1998-07-06 04:00:00 23552 ----a-w- C:\WINDOWS\system32\MSMPIDE.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 14:27:56 . 2010-04-21 16:55:23 -------- d-----w- C:\Documents and Settings\Brad\Application Data\Goah
2010-06-03 21:49:37 . 2009-01-22 22:43:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\avg8
2010-06-03 21:46:35 . 2008-12-15 19:57:35 -------- d-----w- C:\Documents and Settings\Brad\Application Data\uTorrent
2010-06-03 21:46:28 . 2009-04-15 05:12:57 -------- d-----w- C:\Documents and Settings\Brad\Application Data\Wuzoid
2010-06-03 20:15:16 . 2010-03-27 13:22:48 -------- d-----w- C:\Documents and Settings\Brad\Application Data\Zaam
2010-06-03 02:07:48 . 2009-11-10 04:30:49 -------- d-----w- C:\Program Files\Yahoo!
2010-06-03 02:07:14 . 2009-11-10 17:33:30 -------- d-----w- C:\Program Files\LimeWire
2010-06-03 01:48:37 . 2008-11-11 00:10:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Kodak
2010-06-03 01:45:43 . 2008-11-11 00:12:10 -------- d-----w- C:\Program Files\Kodak EasyShare software
2010-06-03 01:08:39 . 2008-11-07 00:57:03 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-06-02 22:22:55 . 2008-12-15 11:58:33 -------- d-----w- C:\Program Files\Lavasoft
2010-06-02 20:03:39 . 2009-01-22 04:33:48 -------- d-----w- C:\Documents and Settings\Justin\Application Data\LimeWire
2010-06-02 07:03:43 . 2008-11-11 05:11:01 -------- d-----w- C:\Documents and Settings\Danielle\Application Data\LimeWire
2010-06-01 18:27:34 . 2010-06-01 18:27:34 8462336 ----a-w- C:\Documents and Settings\Justin\Application Data\LimeWire\browser\xulrunner\xul.dll
2010-05-31 17:43:09 . 2008-11-09 12:35:17 -------- d-----w- C:\Documents and Settings\Brad\Application Data\DivX
2010-05-31 15:54:24 . 2010-05-31 15:54:23 57344 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-31 15:40:24 . 2008-11-09 12:34:32 -------- d-----w- C:\Program Files\DivX
2010-05-31 15:40:20 . 2010-05-31 15:40:20 56978 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-31 15:40:20 . 2010-05-31 15:40:20 56766 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-31 15:40:16 . 2010-05-31 15:40:16 53600 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-31 15:40:15 . 2010-05-31 15:40:15 57679 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-31 15:39:38 . 2010-05-31 15:39:38 84040 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-31 15:39:33 . 2010-05-31 15:39:33 57054 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-31 15:39:33 . 2010-05-31 15:39:33 54166 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-31 15:39:32 . 2010-05-31 15:39:32 57532 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-31 15:39:31 . 2010-05-31 15:39:31 56458 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-31 15:39:31 . 2010-05-31 15:39:31 54174 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-31 15:39:27 . 2010-05-31 15:39:27 54153 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-31 15:39:24 . 2010-05-31 15:39:24 54128 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-31 15:39:23 . 2010-05-31 15:39:23 54629 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-31 15:39:15 . 2010-05-31 15:39:15 57409 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-31 15:39:15 . 2010-05-31 15:39:15 54101 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-31 15:39:14 . 2010-05-31 15:39:14 52963 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-31 15:38:47 . 2010-05-31 15:38:46 54073 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-31 15:38:41 . 2010-05-31 15:38:41 56969 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-31 15:38:41 . 2009-04-10 10:20:30 -------- d-----w- C:\Program Files\Common Files\DivX Shared
2010-05-31 15:31:54 . 2010-05-31 15:31:53 144696 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-31 15:31:45 . 2010-05-31 15:40:24 754984 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-31 15:31:23 . 2010-05-31 15:40:24 1180952 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-28 21:33:32 . 2010-05-28 21:33:32 61440 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29ad05e5-n\decora-sse.dll
2010-05-28 21:33:32 . 2010-05-28 21:33:32 503808 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-365bf0f9-n\msvcp71.dll
2010-05-28 21:33:32 . 2010-05-28 21:33:32 499712 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-365bf0f9-n\jmc.dll
2010-05-28 21:33:32 . 2010-05-28 21:33:32 348160 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-365bf0f9-n\msvcr71.dll
2010-05-28 21:33:32 . 2010-05-28 21:33:32 12800 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29ad05e5-n\decora-d3d.dll
2010-05-25 13:24:58 . 2010-05-25 13:24:57 503808 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a088a4d-n\msvcp71.dll
2010-05-25 13:24:57 . 2010-05-25 13:24:57 61440 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3127e312-n\decora-sse.dll
2010-05-25 13:24:57 . 2010-05-25 13:24:57 499712 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a088a4d-n\jmc.dll
2010-05-25 13:24:57 . 2010-05-25 13:24:57 348160 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a088a4d-n\msvcr71.dll
2010-05-25 13:24:57 . 2010-05-25 13:24:57 12800 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3127e312-n\decora-d3d.dll
2010-05-24 15:57:10 . 2010-05-24 15:57:10 503808 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-402fa89c-n\msvcp71.dll
2010-05-24 15:57:10 . 2010-05-24 15:57:10 499712 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-402fa89c-n\jmc.dll
2010-05-24 15:57:10 . 2010-05-24 15:57:10 348160 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-402fa89c-n\msvcr71.dll
2010-05-24 15:57:10 . 2010-05-24 15:57:09 12800 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49cdf5fc-n\decora-d3d.dll
2010-05-24 15:57:09 . 2010-05-24 15:57:09 61440 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49cdf5fc-n\decora-sse.dll
2010-05-22 23:44:32 . 2010-05-22 23:44:32 61440 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67d6d222-n\decora-sse.dll
2010-05-22 23:44:32 . 2010-05-22 23:44:32 503808 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-706ff738-n\msvcp71.dll
2010-05-22 23:44:32 . 2010-05-22 23:44:32 499712 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-706ff738-n\jmc.dll
2010-05-22 23:44:32 . 2010-05-22 23:44:32 348160 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-706ff738-n\msvcr71.dll
2010-05-22 23:44:32 . 2010-05-22 23:44:32 12800 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67d6d222-n\decora-d3d.dll
2010-05-22 17:07:38 . 2004-08-04 12:00:00 26616 ----a-w- C:\WINDOWS\system32\userinit.exe
2010-05-17 19:09:28 . 2010-05-17 19:09:28 503808 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ef3c848-n\msvcp71.dll
2010-05-17 19:09:28 . 2010-05-17 19:09:28 499712 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ef3c848-n\jmc.dll
2010-05-17 19:09:28 . 2010-05-17 19:09:28 348160 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ef3c848-n\msvcr71.dll
2010-05-17 19:09:27 . 2010-05-17 19:09:27 61440 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b753baf-n\decora-sse.dll
2010-05-17 19:09:27 . 2010-05-17 19:09:27 12800 ----a-w- C:\Documents and Settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b753baf-n\decora-d3d.dll
2010-05-17 18:38:47 . 2010-05-17 18:38:47 503808 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd94474-n\msvcp71.dll
2010-05-17 18:38:47 . 2010-05-17 18:38:47 499712 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd94474-n\jmc.dll
2010-05-17 18:38:47 . 2010-05-17 18:38:47 348160 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd94474-n\msvcr71.dll
2010-05-17 18:38:43 . 2010-05-17 18:38:43 12800 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7cd3504c-n\decora-d3d.dll
2010-05-17 18:38:42 . 2010-05-17 18:38:42 61440 ----a-w- C:\Documents and Settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7cd3504c-n\decora-sse.dll
2010-05-17 15:57:17 . 2010-05-17 15:57:17 503808 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ab067c-n\msvcp71.dll
2010-05-17 15:57:17 . 2010-05-17 15:57:17 499712 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ab067c-n\jmc.dll
2010-05-17 15:57:17 . 2010-05-17 15:57:17 348160 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ab067c-n\msvcr71.dll
2010-05-17 15:57:14 . 2010-05-17 15:57:14 61440 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54001205-n\decora-sse.dll
2010-05-17 15:57:14 . 2010-05-17 15:57:14 12800 ----a-w- C:\Documents and Settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54001205-n\decora-d3d.dll
2010-05-16 04:13:42 . 2008-11-08 04:34:55 -------- d-----w- C:\Program Files\Common Files\Java
2010-05-16 04:13:26 . 2010-05-16 04:13:26 503808 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59d27524-n\msvcp71.dll
2010-05-16 04:13:26 . 2010-05-16 04:13:26 499712 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59d27524-n\jmc.dll
2010-05-16 04:13:26 . 2010-05-16 04:13:26 348160 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59d27524-n\msvcr71.dll
2010-05-16 04:13:24 . 2010-05-16 04:13:24 61440 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cf69dcb-n\decora-sse.dll
2010-05-16 04:13:24 . 2010-05-16 04:13:24 12800 ----a-w- C:\Documents and Settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cf69dcb-n\decora-d3d.dll
2010-05-16 04:13:13 . 2008-11-08 04:35:11 -------- d-----w- C:\Program Files\Java
2010-05-14 21:30:16 . 2008-12-15 11:58:33 -------- d-----w- C:\Program Files\uTorrent
2010-04-04 16:36:03 . 2010-04-04 16:36:03 151596 ----a-w- C:\Documents and Settings\Brad\Application Data\Acsati\luuxu.exe
2010-03-31 01:58:04 . 2008-11-09 12:34:43 44944 ----a-w- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 . 2008-11-09 12:34:43 133616 ------w- C:\WINDOWS\system32\pxafs.dll
2010-03-31 01:58:04 . 2008-11-09 12:34:43 125424 ------w- C:\WINDOWS\system32\pxinsi64.exe
2010-03-31 01:58:04 . 2008-11-09 12:34:43 123888 ------w- C:\WINDOWS\system32\pxcpyi64.exe
2010-03-17 21:27:29 . 2010-03-17 21:27:29 3663 ----a-w- C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-03-17 21:27:06 . 2009-02-11 21:37:54 1085616 ----a-w- C:\WINDOWS\system32\SpoonUninstall.exe
2010-03-17 21:25:42 . 2010-03-17 21:25:42 1259 ----a-w- C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
2010-03-17 21:25:06 . 2010-03-17 21:25:06 3175 ----a-w- C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Utilities.dat
2010-03-10 18:00:00 . 2010-03-14 12:00:58 85504 ----a-w- C:\WINDOWS\system32\ff_vfw.dll
2010-03-09 11:09:18 . 2004-08-04 12:00:00 430080 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-03-08 17:59:18 . 2010-03-08 17:59:18 94208 ----a-w- C:\WINDOWS\system32\dpl100.dll
2003-08-27 22:19:18 . 2008-11-08 04:57:25 36963 -c--a-r- C:\Program Files\Common Files\SM1updtr.dll
.

------- Sigcheck -------

[-] 2010-05-22 17:07:38 . 95D1367B64595D08C2E5C555045BB378 . 26616 . . [------] . . C:\WINDOWS\system32\userinit.exe
[7] 2008-04-14 00:12:38 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[7] 2004-08-04 12:00:00 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 18:06:38 700416]
"{24F796D3-1E4A-7E93-8D91-18271346ADC1}"="C:\Documents and Settings\Brad\Application Data\Acsati\luuxu.exe" [2010-04-04 16:36:03 151596]
 
Here's the full combofix log:

ComboFix 10-06-03.01 - Brad 06/05/2010 16:03:23.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1306 [GMT -4:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Brad\Application Data\inst.exe
c:\documents and settings\Brad\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Brad\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
c:\windows\desktop\Virtual Pool 3.lnk
c:\windows\system32\Chip.dll
c:\windows\system32\ernel32.dll
c:\windows\system32\Pvt.tmp

----- BITS: Possible infected sites -----

hxxp://goldencaravela.net
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-05 15:12 . 2010-06-02 20:58 72192 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5mYW5.dll
2010-06-05 15:09 . 2010-06-02 20:58 72192 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\9qGM9gM7g.dll
2010-06-04 20:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 20:35 . 2010-06-04 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 20:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 01:57 . 2010-06-03 01:57 -------- d-----w- c:\program files\Trend Micro
2010-06-03 00:57 . 2010-06-03 00:57 -------- d-----w- c:\documents and settings\Brad\Application Data\Malwarebytes
2010-06-03 00:57 . 2010-06-03 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-02 22:22 . 2010-06-02 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-02 22:22 . 2010-06-02 22:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-01 18:26 . 2010-06-03 02:06 -------- d-----w- c:\program files\Ask.com
2010-06-01 05:28 . 2010-06-01 05:28 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-05-31 15:31 . 2010-05-31 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-25 03:50 . 2010-05-25 03:50 -------- d-----w- c:\documents and settings\Danielle\Local Settings\Application Data\Identities
2010-05-22 17:07 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2010-05-19 17:22 . 2010-05-19 17:22 -------- d-----w- c:\documents and settings\Shelley\Application Data\Media Player Classic
2010-05-17 19:43 . 2010-05-17 19:43 -------- d-----w- c:\documents and settings\Danielle\Application Data\Search Settings
2010-05-17 19:43 . 2010-05-17 19:43 -------- d-----w- c:\documents and settings\Danielle\Application Data\pdfforge
2010-05-16 04:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-11 21:48 . 2010-05-11 21:48 -------- d-----w- c:\documents and settings\Shelley\Application Data\Search Settings
2010-05-11 21:48 . 2010-05-11 21:48 -------- d-----w- c:\documents and settings\Shelley\Application Data\pdfforge
2010-05-11 09:08 . 2010-05-24 02:51 670024 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-11 03:58 . 2010-05-11 03:58 -------- d-----w- c:\documents and settings\Justin\Application Data\Search Settings
2010-05-11 03:58 . 2010-05-11 03:58 -------- d-----w- c:\documents and settings\Justin\Application Data\pdfforge
2010-05-11 00:55 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-05-11 00:55 . 2010-05-11 00:56 -------- d-----w- c:\program files\PDFCreator
2010-05-11 00:55 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 19:59 . 2008-12-15 19:57 -------- d-----w- c:\documents and settings\Brad\Application Data\uTorrent
2010-06-05 15:48 . 2010-04-04 16:36 -------- d-----w- c:\documents and settings\Brad\Application Data\Acsati
2010-06-05 14:27 . 2010-04-21 16:55 -------- d-----w- c:\documents and settings\Brad\Application Data\Goah
2010-06-03 21:49 . 2009-01-22 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-03 21:46 . 2009-04-15 05:12 -------- d-----w- c:\documents and settings\Brad\Application Data\Wuzoid
2010-06-03 20:15 . 2010-03-27 13:22 -------- d-----w- c:\documents and settings\Brad\Application Data\Zaam
2010-06-03 02:07 . 2009-11-10 04:30 -------- d-----w- c:\program files\Yahoo!
2010-06-03 02:07 . 2009-11-10 17:33 -------- d-----w- c:\program files\LimeWire
2010-06-03 01:48 . 2008-11-11 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-06-03 01:45 . 2008-11-11 00:12 -------- d-----w- c:\program files\Kodak EasyShare software
2010-06-03 01:08 . 2008-11-07 00:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 22:22 . 2008-12-15 11:58 -------- d-----w- c:\program files\Lavasoft
2010-06-02 20:03 . 2009-01-22 04:33 -------- d-----w- c:\documents and settings\Justin\Application Data\LimeWire
2010-06-02 07:03 . 2008-11-11 05:11 -------- d-----w- c:\documents and settings\Danielle\Application Data\LimeWire
2010-06-01 18:27 . 2010-06-01 18:27 8462336 ----a-w- c:\documents and settings\Justin\Application Data\LimeWire\browser\xulrunner\xul.dll
2010-05-31 17:43 . 2008-11-09 12:35 -------- d-----w- c:\documents and settings\Brad\Application Data\DivX
2010-05-31 15:54 . 2010-05-31 15:54 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-31 15:40 . 2008-11-09 12:34 -------- d-----w- c:\program files\DivX
2010-05-31 15:40 . 2010-05-31 15:40 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-31 15:40 . 2010-05-31 15:40 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-31 15:40 . 2010-05-31 15:40 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-31 15:40 . 2010-05-31 15:40 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-31 15:39 . 2010-05-31 15:39 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-31 15:38 . 2010-05-31 15:38 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-31 15:38 . 2010-05-31 15:38 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-31 15:38 . 2009-04-10 10:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-31 15:31 . 2010-05-31 15:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-31 15:31 . 2010-05-31 15:40 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-31 15:31 . 2010-05-31 15:40 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-28 21:33 . 2010-05-28 21:33 61440 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29ad05e5-n\decora-sse.dll
2010-05-28 21:33 . 2010-05-28 21:33 503808 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-365bf0f9-n\msvcp71.dll
2010-05-28 21:33 . 2010-05-28 21:33 499712 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-365bf0f9-n\jmc.dll
2010-05-28 21:33 . 2010-05-28 21:33 348160 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-365bf0f9-n\msvcr71.dll
2010-05-28 21:33 . 2010-05-28 21:33 12800 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-29ad05e5-n\decora-d3d.dll
2010-05-25 13:24 . 2010-05-25 13:24 503808 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a088a4d-n\msvcp71.dll
2010-05-25 13:24 . 2010-05-25 13:24 61440 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3127e312-n\decora-sse.dll
2010-05-25 13:24 . 2010-05-25 13:24 499712 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a088a4d-n\jmc.dll
2010-05-25 13:24 . 2010-05-25 13:24 348160 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a088a4d-n\msvcr71.dll
2010-05-25 13:24 . 2010-05-25 13:24 12800 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3127e312-n\decora-d3d.dll
2010-05-24 15:57 . 2010-05-24 15:57 503808 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-402fa89c-n\msvcp71.dll
2010-05-24 15:57 . 2010-05-24 15:57 499712 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-402fa89c-n\jmc.dll
2010-05-24 15:57 . 2010-05-24 15:57 348160 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-402fa89c-n\msvcr71.dll
2010-05-24 15:57 . 2010-05-24 15:57 12800 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49cdf5fc-n\decora-d3d.dll
2010-05-24 15:57 . 2010-05-24 15:57 61440 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49cdf5fc-n\decora-sse.dll
2010-05-22 23:44 . 2010-05-22 23:44 61440 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67d6d222-n\decora-sse.dll
2010-05-22 23:44 . 2010-05-22 23:44 503808 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-706ff738-n\msvcp71.dll
2010-05-22 23:44 . 2010-05-22 23:44 499712 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-706ff738-n\jmc.dll
2010-05-22 23:44 . 2010-05-22 23:44 348160 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-706ff738-n\msvcr71.dll
2010-05-22 23:44 . 2010-05-22 23:44 12800 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-67d6d222-n\decora-d3d.dll
2010-05-17 19:09 . 2010-05-17 19:09 503808 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ef3c848-n\msvcp71.dll
2010-05-17 19:09 . 2010-05-17 19:09 499712 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ef3c848-n\jmc.dll
2010-05-17 19:09 . 2010-05-17 19:09 348160 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ef3c848-n\msvcr71.dll
2010-05-17 19:09 . 2010-05-17 19:09 61440 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b753baf-n\decora-sse.dll
2010-05-17 19:09 . 2010-05-17 19:09 12800 ----a-w- c:\documents and settings\Danielle\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b753baf-n\decora-d3d.dll
2010-05-17 18:38 . 2010-05-17 18:38 503808 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd94474-n\msvcp71.dll
2010-05-17 18:38 . 2010-05-17 18:38 499712 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd94474-n\jmc.dll
2010-05-17 18:38 . 2010-05-17 18:38 348160 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5cd94474-n\msvcr71.dll
2010-05-17 18:38 . 2010-05-17 18:38 12800 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7cd3504c-n\decora-d3d.dll
2010-05-17 18:38 . 2010-05-17 18:38 61440 ----a-w- c:\documents and settings\Justin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7cd3504c-n\decora-sse.dll
2010-05-17 15:57 . 2010-05-17 15:57 503808 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ab067c-n\msvcp71.dll
2010-05-17 15:57 . 2010-05-17 15:57 499712 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ab067c-n\jmc.dll
2010-05-17 15:57 . 2010-05-17 15:57 348160 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ab067c-n\msvcr71.dll
2010-05-17 15:57 . 2010-05-17 15:57 61440 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54001205-n\decora-sse.dll
2010-05-17 15:57 . 2010-05-17 15:57 12800 ----a-w- c:\documents and settings\Shelley\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54001205-n\decora-d3d.dll
2010-05-16 04:13 . 2008-11-08 04:34 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 04:13 . 2010-05-16 04:13 503808 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59d27524-n\msvcp71.dll
2010-05-16 04:13 . 2010-05-16 04:13 499712 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59d27524-n\jmc.dll
2010-05-16 04:13 . 2010-05-16 04:13 348160 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59d27524-n\msvcr71.dll
2010-05-16 04:13 . 2010-05-16 04:13 61440 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cf69dcb-n\decora-sse.dll
2010-05-16 04:13 . 2010-05-16 04:13 12800 ----a-w- c:\documents and settings\Brad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5cf69dcb-n\decora-d3d.dll
2010-05-16 04:13 . 2008-11-08 04:35 -------- d-----w- c:\program files\Java
2010-05-14 21:30 . 2008-12-15 11:58 -------- d-----w- c:\program files\uTorrent
2010-03-31 01:58 . 2008-11-09 12:34 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-11-09 12:34 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2008-11-09 12:34 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2008-11-09 12:34 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-17 21:27 . 2010-03-17 21:27 3663 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-03-17 21:27 . 2009-02-11 21:37 1085616 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-17 21:25 . 2010-03-17 21:25 1259 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
2010-03-17 21:25 . 2010-03-17 21:25 3175 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Utilities.dat
2010-03-10 18:00 . 2010-03-14 12:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2003-08-27 22:19 . 2008-11-08 04:57 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-28 1179648]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-29 17331200]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"RemoteControl"="c:\program files\Roxio\Roxio DVDMax Player\PDVDServ.exe" [2003-10-27 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 13:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/22/2009 6:44 PM 12552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/11/2009 6:22 AM 721904]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/22/2009 6:43 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/22/2009 6:43 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/23/2009 9:42 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/23/2009 9:42 AM 297752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/4/2010 4:36 PM 304464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/8/2008 3:25 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/4/2010 4:35 PM 20952]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/23/2008 10:58 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/23/2008 10:58 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/23/2008 10:58 AM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/23/2008 10:58 AM 23680]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\g6xuc01e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{24F796D3-1E4A-7E93-8D91-18271346ADC1} - c:\documents and settings\Brad\Application Data\Acsati\luuxu.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 16:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppm.sys >>UNKNOWN [0x8A4A4938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba5fbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4d7bb0
PacketIndicateHandler -> NDIS.sys @ 0xba4e4a21
SendHandler -> NDIS.sys @ 0xba4c287b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-05 16:26:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-05 20:26

Pre-Run: 10,591,428,608 bytes free
Post-Run: 10,551,771,136 bytes free

- - End Of File - - 546B87C79638929D2B81C14D2E12E485
 
Are you having any issues now? Sorry its taking me long to reply, been extremely busy lately. I'll look through your combofix log for any remaining infections.
 
I'm not having any issues per say but AVG is still notifying me that I have some Trojan horse generic infections as well as Trojan Horse dropper, CSW & Cryptic infections.

I've never run malwarebytes before but I've noticed that it's been blocking an awful lot of malicious websites.

No need to apologize - I'm glad you're helping me.
 
Malwarebytes doesn't have any realtime protection unless you downloaded and bought the paid version?

Can you give me some file locations as to where avg is picking up these infections?
 
Here are the infection notices I'm getting:

C:\System Volume Information\_restore{*}\RP5\ *.exe (3 instances)
C:\System Volume Information\_restore{*.sys}
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\afd.sys.vir
C:\Documents and settings\Brad\Local Settings\Temp\IXP000.TMP\regfix.exe
C:\Documents and settings\Brad\Local Settings\Application data\Windows Server\cvqrug.dll
C:\Documents and settings\Brad\Local Settings\Application data\Acsati\luuxu.exe
C:\System Volume Information\_restore{*}\A0001173.exe
C:\Documents and settings\Brad\Local Settings\Temp\IXP000.TMP\regfix.exe

There are a few tracking cookie warnings, too but I won't include them.

I probably won't correspond with you until tomorrow evening. It's getting late here and I'll be at work tomorrow followed by golf league. Thanks again.
 
You must log in or register to reply here.
Back
Top