Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\WINDOWS\system32\qiawpbjj.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.melaleuca.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - C:\WINDOWS\system32\qiawpbjj.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Robo TaskBar Icon &1 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: [url]http://*.7search.com[/url]
O15 - Trusted Zone: [url]http://members.melaleuca.com[/url]
O15 - Trusted Zone: [url]http://www.melaleuca.com[/url]

O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - http://mfr.mlxchange.com/Control/Specfile.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

We need the header information from that log...

I had closed the log file I ran again and this is the 2nd log header
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:19 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

SmitFraudFix v2.237

Scan done at 14:13:06.43, Thu 10/04/2007
Run from C:\Documents and Settings\comp.VALUED-3253602F\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\WINDOWS\system32\qiawpbjj.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\msole32.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\comp.VALUED-3253602F


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\comp.VALUED-3253602F\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMP~1.VAL\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection
DNS Server Search Order: 192.168.15.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E29E635-6C1E-472A-8B89-982389B89A11}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2E29E635-6C1E-472A-8B89-982389B89A11}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2E29E635-6C1E-472A-8B89-982389B89A11}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 07-10-04.6 - comp 2007-10-04 14:22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.538 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
* Created a new restore point
.

Other Deletions
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\9350.exe
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jp g
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gi f
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
Files Created from 2007-09-04 to 2007-10-04 2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 14:13 4,670 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-04 14:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-04 14:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-04 14:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-04 14:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-04 14:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-04 10:31 21,504 --a------ C:\WINDOWS\system32\qiawpbjj.dll
2007-10-04 01:16 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-03 23:22 13,056 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-03 23:22 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-03 23:01 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-10-03 23:01 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-10-03 23:01 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-10-03 23:01 <DIR> d-------- C:\Program Files\SoftPortal
2007-10-03 21:44 444,928 --a------ C:\WINDOWS\system32\SoUI.dll
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-10-01 02:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-12 13:15 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-12 13:15 <DIR> d-------- C:\Program Files\Coupons

Find3M Report
.
2007-10-04 10:48 --------- d-------- C:\Program Files\Trend Micro
2007-10-03 23:01 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-03 23:01 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
2007-10-03 23:01 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
2007-10-03 23:01 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
2007-10-03 23:01 580 --a------ C:\WINDOWS\system32\drivers\features.gif
2007-10-03 23:01 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-03 23:01 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
2007-10-03 23:01 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-10-03 23:01 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-03 23:01 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
2007-10-03 23:01 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
2007-10-03 23:01 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-03 23:01 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
2007-10-03 23:01 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-10-03 23:01 1009 --a------ C:\WINDOWS\system32\drivers\arrow.gif
2007-10-02 08:48 --------- d-------- C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-09-23 20:20 --------- d-------- C:\Program Files\StorageSync
2007-09-16 21:12 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-12 11:17 --------- d-------- C:\Program Files\TurboTax
2007-09-12 01:55 --------- d-------- C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 18:36 --------- d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 07:57 --------- d-------- C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 15:13 --------- d-------- C:\Program Files\MTV Networks
2007-08-13 16:41 --------- dr--s---- C:\Program Files\Maxthon
2004-11-05 12:00 457 --a--c--- C:\Program Files\INSTALL.LOG
2004-02-19 16:16 386235 --a--c--- C:\Program Files\Printkey2000.zip
2001-05-08 08:54 797443 --a--c--- C:\Program Files\Printkey2000.exe
.

Reg Loading Points
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026B5895-3E8E-49A9-8EEE-B52A326DA962}]
2007-10-04 10:31 21504 --a------ C:\WINDOWS\system32\qiawpbjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"nwiz"="nwiz.exe" [2003-07-16 14:22 C:\WINDOWS\system32\nwiz.exe]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:56 C:\WINDOWS\system32\bthprops.cpl]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-30 07:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-04 14:29:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe?D~??A~??????A~??A~??m??? ????????A~???????????????????????????????|????]?A~????;?E??????!=???D???J??????pD???????=????? ???A?F?????b?@?????]?A~ ???;?E?????????????????????E?A~??????????????????? ?????????x?G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-04 14:32:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 14:32
.
--- E O F ---

Any other help?

Any other help?

Yes, but keep in mind we are volunteers and not here 24/7...

Please do this:

It would be a good idea to print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

SmitFraudFix v2.237

Scan done at 19:30:08.68, Thu 10/04/2007
Run from C:\Documents and Settings\comp.VALUED-3253602F\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ace16win.dll Deleted
C:\WINDOWS\system32\msole32.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E29E635-6C1E-472A-8B89-982389B89A11}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2E29E635-6C1E-472A-8B89-982389B89A11}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2E29E635-6C1E-472A-8B89-982389B89A11}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Still has the same virus background and warning popups.

Unfortunately, you were lucky enough to get infected with the latest version of Smitfraud and the fix hasn't even been updated yet to kill it... You also have a keylogger/spy program that may have stolen any personal and financial information you have ever typed on this computer... It is a legal program so it is possible you installed it yourself... If you did not, you need to consider anything you have typed on this computer to be compromised... Please post a complete fresh HJT log and let me know if this is your computer and if that is your program...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:28 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\qiawpbjj.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\H SChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - C:\WINDOWS\system32\qiawpbjj.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-21-2554091808-13519833-1650968600-1014 Startup: VistaAccess.lnk = ? (User '?')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Robo TaskBar Icon &1 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.7search.com
O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - http://mfr.mlxchange.com/Control/Specfile.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

As to the keylogger program, what is the name of it? Not sure if I did or not.
Thanks for the help. I didn't mean to seem ungrateful yesterday.

This is the keylogger/spy program and it was apparently recently installed:

C:\WINDOWS\system32\acespy

Please open a HJT scan and put checks by:

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - C:\WINDOWS\system32\qiawpbjj.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O15 - Trusted Zone: http://*.7search.com
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab

Please close all open windows except HJT and press Fix checked...

There are several items I wasn't able to clearly identify... Do you recognize these??

O4 - S-1-5-21-2554091808-13519833-1650968600-1014 Startup: VistaAccess.lnk = ? (User '?')
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm

and did you place these in your Trusted Zone??

O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com

Please download a fresh copy of ComboFix (since it is updated frequently) and run a new ComboFix scan... Post that log and a new HJT log after reboot... Please note if these entries and acespy are familiar... Also, note how you computer is running...

Acespy wasn't installed by me. melelueca is protected. vistaaccess is part of the scanner software i use.
Maxthon is a browesr my wife uses
combofix doesn't run all the way through.
completes up to stage 21 then i get a

windows - no disk
Exception processing message c0000013 parameters
75b6bf9c 4 75b6bf9c 75b6bf9c

it just sits there then.

If necessary, try running ComboFix in Safe Mode... Tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu...

Same error in safe mode also.

I am afraid that there are a number of different reasons for that error message and it isn't clear what is causing your problem... Do you only get that when running ComboFix or is it happening with other programs as well??

Go ahead and post the fresh HJT log so I can see if there are clues there...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23, on 2007-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\qiawpbjj.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\H SChkProxyExe.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - C:\WINDOWS\system32\qiawpbjj.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Robo TaskBar Icon &1 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - http://mfr.mlxchange.com/Control/Specfile.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} - http://www.spybouncer.com/downloader/gdownloader.ocx
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

Seems to be only with combofix, hjt runs fine. IE keeps stopping, saying done with nothing showing when it loads a page. I have to hit reload to have it show.

Did you do the HJT fixes??

yes we did.

Okay, we will try a different approach and I am going to ask the developer of ComboFix to take a look at this if this option doesn't work... Please do this:

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\qiawpbjj.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\arrow.gif

Folder::
C:\WINDOWS\system32\acespy
C:\Program Files\SoftPortal

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026B5895-3E8E-49A9-8EEE-B52A326DA962}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]



Save this as CFScript.txt


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Post back with the log if it creates one or let me know if it didn't work...

Before I do this: An update.
My wife called Trend Micro and worked with them over the phone and email last night.
here is what the said

The following items below are the items that you would need to mark with a check on your Hijackthis program for the removal of malware on your computer. If you still don’t have Hijackthis program opened, just double-click it from the desktop and then click “Do a System Scan Only”. Please take note that you have the option not to check the websites below that you’re familiar with. But if same problem will persist, you would just need to check them.

C:\WINDOWS\system32\qiawpbjj.exe

C:\WINDOWS\system32\kdfmgr.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)



O2 - BHO: qiawpbjj.msdn_hlp - {026B5895-3E8E-49A9-8EEE-B52A326DA962} - C:\WINDOWS\system32\qiawpbjj.dll



O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)



O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)



O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)



O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)



O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)



O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)



O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)



O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)



O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)



O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)



O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)



O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)



O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)



O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)



O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)



O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)



O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)



O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)



O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)



O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)



O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)



O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')



O4 - Startup: Printkey2000.exe



O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - http://mfr.mlxchange.com/Control/FileCruiser.cab



O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - http://mfr.mlxchange.com/Control/Specfile.cab



O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://www.streamaudio.com/download/ccpm_0237.cab



O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - http://mfr.mlxchange.com/Control/SISC.cab



O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab



O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab



O16 - DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} - http://www.spybouncer.com/downloader/gdownloader.ocx



O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab



O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - http://mfr.mlxchange.com/Control/LiteGrid.cab



O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab



O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe



O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB



O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab





Click “FIX CHECKED” after checking the items above then scan your computer again with the Trend Micro Internet Security.



In case this solution was unable to solve the problem or should you need more help to guide you through the procedures, please call us back and present your case number.

We went to safe mode and deleted the first 2 from there folder
then we ran a HJT and fixed the others except rof the MLXchane entries

Not sur if AceSpy is still there the backgrounds are normal and it isn't throwing the fake warnings up but task manger is still disabledhere is a new hjt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36, on 2007-10-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\H SChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Robo TaskBar Icon &1 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36, on 2007-10-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\H SChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Robo TaskBar Icon &1 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - http://mfr.mlxchange.com/Control/Specfile.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - http://mfr.mlxchange.com/Control/SISC.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

Acespy is probably still there since nothing in that fix will kill it... That means that your personal info is probably still being stolen... It is designed to operate without you knowing it is there, so the lack of popups and warnings doesn't mean much for that...

Since it appears you are opting to work with someone else on cleanup, I will bow out... However, I recommend that you contact anyone you might have had financial dealings with on this computer and inform them that your data has been stolen and you need to change account numbers, close accounts and so on... I would then avoid any further financial or personal use of this computer since it is likely still spying on you... Even entering your account number of passwords once will compromise your accounts... That also means any accounts like your membership here can be hacked...

(repentant wife seeks forgivness)

Budfred,
Please help up still, I'm sorry if getting another party involved confused the issue, I thought perhapse talking to someone live would be easier and get the virus off the machine. My husband has been working at it so long now... It didn't really help though. they just work off scripts and procedures and don't seem to have much of a clue. your help has been much more affective.
Thank you for the insights and tools you have given us so far. If you are not comfortable helping us further can you recomend a good AV program/company or another person on this forum or even another forum to try?

Either way this information may help if anyone else has this problem in the future...
I did do a few new things and I think we might be clear now but won't bank on hat untill you feel the same way.

I had to do this all in safe mode because files would not delet in normal mode...
I deleted several files showing a creation/last altered date after this infection begain in the sysem32 folder including -
ace16win.dll
din.ip
eshoppe.exe
fntchache.dat
msole32.exe
rtnka.dat
Swreg.exe
tmp.reg
tmp.txt
vxddsk.exe
wml.exe
qiawpdbjj.exe
qiawpdbjj.dll
Kdfmgr.exe
Kdfvmgr.exe
Kdfaip.dll
kdfhok.dll
kdfinj.dll
kdfnmgr.exe
perfc009.dat
perfh009.dat
perfStringBackup.ini

Other files showing a creation /last altered date after this infection begain in the system 32 folder that I can not delete
SoUI.dll
SoUI.flag

The files I deleted I put into a zip folder in case any of them were system criitical. Simply opening that zip file to type the above list appears to have respawned the kdf virus.
I ran the HJT program and checked every line recomended by you and by trend again. Witch included a few with catchme in the key info ( they keep coming back)
I went into the registry and removed the taskmangr restriction under both mine and my husbands log in aco****s.
I disabled xp restore points to allow trend to do a complete scan and clean.
Trend detected and removed the acespy files this time
I looked up smitfraud on the trend website and went through the clean process for all three versions of the virus on their site (most of the keys and files indicated were not present on my machine but, anything that was, I removed as indicated in those solution files can't tell you all I did as it was about 1 am and honestly don't remember now)

I reinstalled combofix and ran it again (first log folows) It ran without a hitch this time without doing the work around you mentioned in the previous responce...

For the moment, everything appears to be back to normal... I'm not convinced of that yet though as I've thought we were clean at least twice before this.

We have not logged into any financial sites or done any online purchaces of any kind since this started. I'm hoping that saved information on the computer is safe.?.

ComboFix 07-10-07.2 - comp 2007-10-07 13:20:59.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.629 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Local Settings\Temporary Internet Files\Content.IE5\VQE112Y3\ComboFix[1].exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jp g
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gi f
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 12:17 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-10-07 12:17 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-10-07 12:17 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-10-07 12:17 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-10-07 12:17 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:38 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 23:01 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-10-03 23:01 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-10-03 23:01 <DIR> d-------- C:\Program Files\SoftPortal
2007-10-03 21:44 444,928 --a------ C:\WINDOWS\system32\SoUI.dll
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-12 13:15 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-12 13:15 <DIR> d-------- C:\Program Files\Coupons

.

Part 2
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-06 14:07 --------- d-------- C:\Program Files\Common Files\efax
2007-10-06 08:52 --------- d-------- C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-06 08:48 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 08:48 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
2007-10-06 08:48 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
2007-10-06 08:48 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
2007-10-06 08:48 580 --a------ C:\WINDOWS\system32\drivers\features.gif
2007-10-06 08:48 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 08:48 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
2007-10-06 08:48 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-10-06 08:48 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 08:48 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
2007-10-06 08:48 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
2007-10-06 08:48 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-06 08:48 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
2007-10-06 08:48 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-10-06 08:48 1009 --a------ C:\WINDOWS\system32\drivers\arrow.gif
2007-10-04 21:36 --------- d-------- C:\Program Files\Trend Micro
2007-09-23 20:20 --------- d-------- C:\Program Files\StorageSync
2007-09-16 21:12 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-12 11:17 --------- d-------- C:\Program Files\TurboTax
2007-09-12 01:55 --------- d-------- C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 18:36 --------- d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 07:57 --------- d-------- C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 15:13 --------- d-------- C:\Program Files\MTV Networks
2007-08-13 16:41 --------- dr--s---- C:\Program Files\Maxthon
2004-11-05 12:00 457 --a--c--- C:\Program Files\INSTALL.LOG
2004-02-19 16:16 386235 --a--c--- C:\Program Files\Printkey2000.zip
2001-05-08 08:54 797443 --a--c--- C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
.
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
.

part 3
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-07 13:30:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??|@???????@??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C?????@??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1??????????????????????????????????????? ???(?????G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-07 13:33:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 13:33
C:\ComboFix2.txt ... 2007-10-04 14:32
.
--- E O F ---

I have no problem continuing to help you... It confuses things when more than one helper is involved... Also, all the other things you did may have helped and may have made it more difficult... Please stay with the instructions I give you if you want me to help... At this point, I would still like you to run that CFScript I post earlier, though I think a number of those things are already gone... After you do that and post the log, also please post a HJT log...

And no, it is not safe that you haven't done any financial transactions since this all started... It is quite likely that the malware was designed to search your hard drive for any account information (passwords and account number for example) that have ever been entered on this computer...

Please run this CFScript after you do the other one...

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\kdfinj.dll
C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\kdfmgr.exe
C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\kdfvmgr.exe
C:\WINDOWS\system32\Drivers\neokdss.sys

Folder::
C:\WINDOWS\kdefense

Driver::
neokdss.sys

Rootkit::
C:\WINDOWS\system32\Drivers\neokdss.sys



Save this as CFScript.txt


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Post the log in your next response...

ComboFix 07-10-07.2 - comp 2007-10-07 15:20:44.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.555 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\smitfraud fix work files\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:38 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 23:01 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-10-03 23:01 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-10-03 23:01 <DIR> d-------- C:\Program Files\SoftPortal
2007-10-03 21:44 444,928 --a------ C:\WINDOWS\system32\SoUI.dll
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-12 13:15 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-12 13:15 <DIR> d-------- C:\Program Files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-06 14:07 --------- d-------- C:\Program Files\Common Files\efax
2007-10-06 08:52 --------- d-------- C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-06 08:48 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 08:48 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
2007-10-06 08:48 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
2007-10-06 08:48 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
2007-10-06 08:48 580 --a------ C:\WINDOWS\system32\drivers\features.gif
2007-10-06 08:48 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 08:48 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
2007-10-06 08:48 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-10-06 08:48 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 08:48 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
2007-10-06 08:48 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
2007-10-06 08:48 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-06 08:48 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
2007-10-06 08:48 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-10-06 08:48 1009 --a------ C:\WINDOWS\system32\drivers\arrow.gif
2007-10-04 21:36 --------- d-------- C:\Program Files\Trend Micro
2007-09-23 20:20 --------- d-------- C:\Program Files\StorageSync
2007-09-16 21:12 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-12 11:17 --------- d-------- C:\Program Files\TurboTax
2007-09-12 01:55 --------- d-------- C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 18:36 --------- d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 07:57 --------- d-------- C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 15:13 --------- d-------- C:\Program Files\MTV Networks
2007-08-13 16:41 --------- dr--s---- C:\Program Files\Maxthon
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a--c--- C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\wups.dll
2004-11-05 12:00 457 --a--c--- C:\Program Files\INSTALL.LOG
2004-02-19 16:16 386235 --a--c--- C:\Program Files\Printkey2000.zip
2001-05-08 08:54 797443 --a--c--- C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
.
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

original script log part 2 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-07 15:23:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??|@???????@??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C?????@??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1??????????????????????????????????????? ???(?????G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-07 15:25:05
C:\ComboFix-quarantined-files.txt ... 2007-10-07 15:24
C:\ComboFix2.txt ... 2007-10-07 14:07
C:\ComboFix3.txt ... 2007-10-07 13:33
.
--- E O F ---

ComboFix 07-10-07.2 - comp 2007-10-07 15:28:23.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.582 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\smitfraud fix work files\cfscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\Drivers\neokdss.sys
C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\kdfinj.dll
C:\WINDOWS\system32\kdfmgr.exe
C:\WINDOWS\system32\kdfvmgr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\kdefense
C:\WINDOWS\kdefense\k52010.ico
C:\WINDOWS\kdefense\k52011.ico
C:\WINDOWS\kdefense\k52012.bmp
C:\WINDOWS\kdefense\KStartClean.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 23:01 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-10-03 23:01 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-10-03 23:01 <DIR> d-------- C:\Program Files\SoftPortal
2007-10-03 21:44 444,928 --a------ C:\WINDOWS\system32\SoUI.dll
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-12 13:15 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-12 13:15 <DIR> d-------- C:\Program Files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-06 14:07 --------- d-------- C:\Program Files\Common Files\efax
2007-10-06 08:52 --------- d-------- C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-06 08:48 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 08:48 811 --a------ C:\WINDOWS\system32\drivers\download_btn.gif
2007-10-06 08:48 746 --a------ C:\WINDOWS\system32\drivers\buy_btn.gif
2007-10-06 08:48 737 --a------ C:\WINDOWS\system32\drivers\logo_bg.gif
2007-10-06 08:48 580 --a------ C:\WINDOWS\system32\drivers\features.gif
2007-10-06 08:48 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 08:48 567 --a------ C:\WINDOWS\system32\drivers\users_rating.gif
2007-10-06 08:48 5097 --a------ C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-10-06 08:48 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 08:48 427 --a------ C:\WINDOWS\system32\drivers\4_stars.gif
2007-10-06 08:48 365 --a------ C:\WINDOWS\system32\drivers\5_stars.gif
2007-10-06 08:48 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-06 08:48 14484 --a------ C:\WINDOWS\system32\drivers\protect.gif
2007-10-06 08:48 1139 --a------ C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-10-06 08:48 1009 --a------ C:\WINDOWS\system32\drivers\arrow.gif
2007-10-04 21:36 --------- d-------- C:\Program Files\Trend Micro
2007-09-23 20:20 --------- d-------- C:\Program Files\StorageSync
2007-09-16 21:12 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-12 11:17 --------- d-------- C:\Program Files\TurboTax
2007-09-12 01:55 --------- d-------- C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 18:36 --------- d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 07:57 --------- d-------- C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 15:13 --------- d-------- C:\Program Files\MTV Networks
2007-08-13 16:41 --------- dr--s---- C:\Program Files\Maxthon
2004-11-05 12:00 457 --a--c--- C:\Program Files\INSTALL.LOG
2004-02-19 16:16 386235 --a--c--- C:\Program Files\Printkey2000.zip
2001-05-08 08:54 797443 --a--c--- C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-w 457,248 2007-10-07 19:32:10 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
.
-c--a-w 457,248 2007-09-30 11:14:46 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

second log part 2
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-07 15:34:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??| ??????? ??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C????? ??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1???????????????????????????????????????????(???? ?G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-07 15:37:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 15:37
C:\ComboFix2.txt ... 2007-10-07 15:25
C:\ComboFix3.txt ... 2007-10-07 14:07
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:43 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

HJT part2
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14413 bytes

There are still some bad files in that ComboFix log, so you will need another CFScript... Please download the latest version of ComboFix before you begin... And run this before the script as well:

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder after you finish the CFScript.

and then....

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\uccspecc.sys
C:\WINDOWS\system32\Drivers\neokdss.sys

Folder::
C:\Program Files\Coupons
C:\Program Files\SoftPortal

Driver::
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\Drivers\neokdss.sys

Rootkit::
C:\WINDOWS\system32\Drivers\neokdss.sys



Save this as CFScript.txt


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Post all of the logs in your next response...

I used the link in another thread (the one right under mine that said he was having the same winh problem) to combofix that was posted on sep 22nd but don't know if it's the latest one... I'm going to go with that for now and do everything you've asked. if there is another version of the program please giv eme a link and i'll do everything over again.
Thank you

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\comp.VALUED-3253602F\Desktop\smitfraud fix work files\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:55 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\WgaTray.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: [url]http://members.melaleuca.com[/url]
O15 - Trusted Zone: [url]http://www.melaleuca.com[/url]
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - [url]http://esupport.sony.com/VaioInfo.CAB[/url]
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - [url]http://www.alternatiff.com/install/00/alttiff.cab[/url]
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - [url]http://www.musicnotes.com/download/mnviewer.cab[/url]
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - [url]https://support.microsoft.com/OAS/ActiveX/odc.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - [url]http://www.snapfish.com/SnapfishImageEditor.cab[/url]
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - [url]http://zone.msn.com/binGame/ZAxRcMgr.cab[/url]
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - [url]http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab[/url]
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - [url]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [url]http://www.trendmicro.com/spyware-scan/as4web.cab[/url]
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - [url]http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[/url]

hjt III
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14561 bytes

ComboFix 07-10-07.2 - comp 2007-10-08 2:01:17.14 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.583 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\smitfraud fix work files\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\smitfraud fix work files\cfscript.txt

FILE::
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\Drivers\neokdss.sys
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\uccspecc.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Coupons
C:\Program Files\Coupons\Coupons.com.url
C:\Program Files\Coupons\uninstall.exe
C:\Program Files\Coupons\Uninstall\IRIMG1.JPG
C:\Program Files\Coupons\Uninstall\IRIMG2.JPG
C:\Program Files\Coupons\Uninstall\IRIMG3.JPG
C:\Program Files\Coupons\Uninstall\IRIMG4.JPG
C:\Program Files\Coupons\Uninstall\IRIMG5.JPG
C:\Program Files\Coupons\Uninstall\IRIMG6.JPG
C:\Program Files\Coupons\Uninstall\IRIMG7.JPG
C:\Program Files\Coupons\Uninstall\IRIMG8.JPG
C:\Program Files\Coupons\Uninstall\uninstall.dat
C:\Program Files\Coupons\Uninstall\uninstall.xml
C:\Program Files\SoftPortal
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part001.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part002.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\info.txt
C:\Program Files\SoftPortal\Soft\RTNKa\info.txt
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part01.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part02.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part03.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part04.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part05.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part06.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part07.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part08.rar
C:\Program Files\SoftPortal\Soft\RTNKa\RTNKa.part09.rar
C:\Program Files\SoftPortal\Soft\RTNKa\ui.uim
C:\Program Files\SoftPortal\Soft\XBS\ui.uim
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\uccspecc.sys

.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 01:33 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-10-08 01:33 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-10-08 01:33 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-10-08 01:33 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-10-08 01:33 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-10-07 18:12 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-07 21:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-07 21:31 --------- d-------- C:\Program Files\TrojanHunter 4.2
2007-10-06 14:07 --------- d-------- C:\Program Files\Common Files\efax
2007-10-06 08:52 --------- d-------- C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-06 08:48 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 08:48 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 08:48 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 08:48 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-04 21:36 --------- d-------- C:\Program Files\Trend Micro
2007-09-23 20:20 --------- d-------- C:\Program Files\StorageSync
2007-09-16 21:12 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-12 11:17 --------- d-------- C:\Program Files\TurboTax
2007-09-12 01:55 --------- d-------- C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 18:36 --------- d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 07:57 --------- d-------- C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 15:13 --------- d-------- C:\Program Files\MTV Networks
2007-08-13 16:41 --------- dr--s---- C:\Program Files\Maxthon
2004-11-05 12:00 457 --a--c--- C:\Program Files\INSTALL.LOG
2004-02-19 16:16 386235 --a--c--- C:\Program Files\Printkey2000.zip
2001-05-08 08:54 797443 --a--c--- C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-w 457,248 2007-10-07 19:32:10 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
.
-c--a-w 457,248 2007-09-30 11:14:46 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]
"THGuard"="C:\Program Files\TrojanHunter 4.2\THGuard.exe" [2005-02-19 16:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-08 02:08:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??| ??????? ??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C????? ??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1???????????????????????????????????????????(???? ?G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-08 2:11:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 02:11
C:\ComboFix2.txt ... 2007-10-08 01:42
C:\ComboFix3.txt ... 2007-10-07 19:10
.
--- E O F ---

I've also turned on the trend firewall and set the security up to maximum for the duration. There are two things asking for internet access that i don't know. Tgcmd (blocking it leads to an error that crashes THGuard.exe) and Generic Host Process for Win32 Services (blocking this sems to cut off all internet access completely) Can you tell me anything about these? are they safe to allow free access?

It appears that you are getting reinfected between each of the fixes... I don't have time this morning to put together a new fix, but yes - DEFINITELY - turn on the firewall and stay off of the internet as much as possible until this is cleaned up... Do not install new programs other than what is needed for cleanup and maintain full security...

Generic host process is needed and generally benign, but it can be from any number of different programs... The other one is from a bit of Sony spyware that I was going to comment on later since it is an optional... I would allow it for now since it has already spied on you and it isn't probably malicious in intent... You have bigger fish to fry at the moment...

As for the latest version of ComboFix, you can use the same link every time... The link is not changed when the version is updated...

It appears that you are getting reinfected between each of the fixes... I don't have time this morning to put together a new fix, but yes - DEFINITELY - turn on the firewall and stay off of the internet as much as possible until this is cleaned up... Do not install new programs other than what is needed for cleanup and maintain full security...

Generic host process is needed and generally benign, but it can be from any number of different programs... The other one is from a bit of Sony spyware that I was going to comment on later since it is an optional... I would allow it for now since it has already spied on you and it isn't probably malicious in intent... You have bigger fish to fry at the moment...

As for the latest version of ComboFix, you can use the same link every time... The link is not changed when the version is updated...Have you tried McAffee? They may help your problem.

Metalhead73:

Unless you are trained and approved to post in these areas, it is best to leave malware/spyware threads to the experts. Your advice could do more harm than good.....

Start with a couple of other tools this time... You will need to use Internet Explorer for the first one:

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


And then...............

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the Registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the Desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your Desktop icons.
Finally open the SDFix folder on your Desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.


Then please do this:


Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
They should have this icon next to any that are there: http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Select any found and click Remove.


and now the CFScript:

File::
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\uccspecc.sys

Folder::
C:\Program Files\Coupons
C:\Program Files\SoftPortal

Drivers::
perfect_cleaner_header _small
download_btn
buy_btn
logo_bg
features
spy_away_header_small
users_rating
spy_away_box_small
perfect_cleaner_box_sm all
4_stars
5_stars
perfect_cleaner_header
protect
spy_away_header
drivers\arrow
neokdss

FileLook::
C:\WINDOWS\system32\cdm.dll
C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\DRIVERS\z525obex.sys
C:\WINDOWS\Installer\libexpat.dll
C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll

DirLook::
C:\WINDOWS\LocalSSL



Post all of the logs after you complete the scans...

Scanning Report
Monday, October 08, 2007 21:38:31 - 23:53:15
Computer name: GAMBRELLDT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ K:\ L:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 88031
System: 0
Not scanned: 16
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
C:\WINDOWS\$NTUNINSTALLKB833998$\SHELL32.DLL
C:\WINDOWS\$NTUNINSTALLKB829558$\DAO360.DLL
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\DHCPCSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\WZCDLG.DLL
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
C:\SHARED\CDRPDACC.SYS
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\{499663EE-202C-4468-874C-198A9E0BC058}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14A5356B5487 F18B54A4098A401AF7BE_E862AA9D-11E5-4C36-B9C2-7D67FF080964
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA35D7EF1B6B 88CDB4B151CC677B62BE_E862AA9D-11E5-4C36-B9C2-7D67FF080964

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-10-07
F-Secure AVP: 7.0.171, 2007-10-08
F-Secure Orion: 1.2.37, 2007-10-08
F-Secure Blacklight: 1.0.64
F-Secure Pegasus: 1.19.0, 2007-09-02
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT WMF NWS TAR
Use Advanced heuristics

SDFix: Version 1.107

Run by Administrator on Tue 10/09/2007 at 12:04 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\VDM1A.TMP - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 2 Jul 2005 52,224 ..SHR --- "C:\Program Files\DeluxeFTP\Setup.exe"
Wed 4 Aug 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 24 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sun 10 Dec 2006 1,710,080 A..H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Templates\~WRD1437.tmp"
Sun 10 Dec 2006 1,714,176 A..H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Templates\~WRD2005.tmp"
Sun 10 Dec 2006 1,713,152 A..H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Templates\~WRD2925.tmp"
Sun 10 Dec 2006 1,713,152 A..H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Templates\~WRD3290.tmp"
Fri 10 Feb 2006 162 A..H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Word\~$RL3919.tmp"
Thu 9 Feb 2006 596,992 ...H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Word\~WRL0829.tmp"
Sun 26 Nov 2006 250,880 ...H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Word\~WRL1011.tmp"
Thu 9 Feb 2006 449,024 ...H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Word\~WRL3588.tmp"
Thu 9 Feb 2006 316,416 ...H. --- "C:\Documents and Settings\comp.VALUED-3253602F\Application Data\Microsoft\Word\~WRL3919.tmp"
Mon 6 Dec 2004 2,142 A.SH. --- "C:\Documents and Settings\Steve\Application Data\Roxio\Dragon\DiscInfoCache\PIONEER__DVD-ROM_DVD-121R_1.00_300_DICV017_DRGV2000027.TMP"

Finished!

At the end of the sdfix run it instruct the user to run Catchme.exe next... should I do that and where do I get catchme?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:56 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14238 bytes

ComboFix 07-10-07.2 - comp 2007-10-09 0:26:35.15 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.566 [GMT -4:00]
Running from: C:\Documents and Settings\All Users\Desktop\smitfraud fix work files\ComboFix.exe
Command switches used :: C:\Documents and Settings\All Users\Desktop\smitfraud fix work files\cfscript.txt

FILE::
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\uccspecc.sys
.

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 00:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-08 21:29 <DIR> d-------- C:\fsaua.data
2007-10-08 08:48 <DIR> d-------- C:\Documents and Settings\COMP~1~VAL\LOCALS~1
2007-10-07 18:12 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-08 10:36 --------- d-------- C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-07 21:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 14:07 --------- d-------- C:\Program Files\Common Files\efax
2007-10-06 08:48 841 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 08:48 579 --a------ C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 08:48 4557 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 08:48 1804 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-04 21:36 --------- d-------- C:\Program Files\Trend Micro
2007-09-23 20:20 --------- d-------- C:\Program Files\StorageSync
2007-09-16 21:12 --------- d-------- C:\Program Files\FlexiMusic Wave Editor
2007-09-12 11:17 --------- d-------- C:\Program Files\TurboTax
2007-09-12 01:55 --------- d-------- C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 18:36 --------- d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 07:57 --------- d-------- C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 15:13 --------- d-------- C:\Program Files\MTV Networks
2007-08-13 16:41 --------- dr--s---- C:\Program Files\Maxthon
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a--c--- C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\wups.dll
2004-11-05 12:00 457 --a--c--- C:\Program Files\INSTALL.LOG
2004-02-19 16:16 386235 --a--c--- C:\Program Files\Printkey2000.zip
2001-05-08 08:54 797443 --a--c--- C:\Program Files\Printkey2000.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))


- Not a PE file.

---- C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll ----

Company: Trend Micro Inc.
File Description: TSEasyInstall Dynamic Link Library
File Version: 3.0.0.1134
Product Name: TrendSecure
Copyright: Copyright (C) 2006 Trend Micro Incorporated. All rights reserved.
Original file name: TSEasyInstallMgr.dll

- Unable to find file version info. in file.

---- C:\WINDOWS\system32\cdm.dll ----

Company: Microsoft Corporation
File Description: Windows Update CDM Stub
File Version: 7.0.6000.381 (winmain(wmbla).070730-1740)
Product Name: Microsoftr Windowsr Operating System
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: CDM.dll

---- C:\WINDOWS\system32\DRIVERS\z525obex.sys ----

Company: MCCI
File Description: Sony Ericsson Z525 USB WMC OBEX Interface Device Driver
File Version: V4.34
Product Name: Sony Ericsson Z525 USB WMC OBEX Interface
Copyright: Copyright (c) MCCI 1997-2005
Original file name: z525obex.sys

---- Directory of C:\WINDOWS\LocalSSL ----

2007-08-24 00:01 1122 --a------ C:\WINDOWS\LocalSSL\lssllang.ini


((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 290,816 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\auc_lib.dll
----a-w 500,120 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 286,720 2007-08-28 20:28:14 C:\WINDOWS\Downloaded Program Files\fscax.dll
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NT USER.DAT
----a-w 8,192 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\Us rClass.dat
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
.
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-09 00:29:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??|@???????@??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C?????@??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1??????????????????????????????????????? ???(?????G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-09 0:30:53
C:\ComboFix-quarantined-files.txt ... 2007-10-09 00:30
C:\ComboFix2.txt ... 2007-10-08 02:11
C:\ComboFix3.txt ... 2007-10-08 01:42
.
--- E O F ---

I ran the hjt before the combofix. this is the second hjt run after combofix.
DO I need to do the entire process over?

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:56 AM, on 10/9/2007
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://members.melaleuca.com
O15 - Trusted Zone: http://www.melaleuca.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - http://www.snapfish.com/SnapfishImageEditor.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14149 bytes

Catchme runs as part of ComboFix, so you don't need to run it separately... You don't need to run all of this again, but some of the fixes didn't work and some infections have returned... I need to get some sleep, so I will need to look at this more tomorrow... Please stay off of the internet as much as possible until tomorrow afternoon... DO NOT go on without full security protection on...

And if you must be on the internet, until the mess is cleaned up, consider using Knoppix (http://www.knoppix.org/). It is a complete, working Linux install that runs from a bootable CD. It will detect and autoconfigure most hardware configurations, even setting up networking, allowing you to be able to access the internet, without using Windows or your hard drive. About the only thing you will need are your login passwords for any websites.

While running Knoppix, your Windows install is not even being used, so there are no changes being made to it...this may allow you to catch the info from here without risking reinfecting your machine or spreading the current infection.

I have limited my use of this computer to checking this forum and doing the fixes you suggest... but I do have 2 other computers on the home network. There is not really anything goinging on between the computers, the network is primarily just for the sharing of the internet connection, but there is one folder on the infected computer that is shared for the other two to access. Is it possable that the continuing contamination is coming from one of the other machines? I have AVG on one and Norton on the other and both scan clean... but then so does this one with Trend at times....

Yes,it is possible that one or both of the other machines is also infected. I would recommend isolating the infected machine from the network and looking into each of them, in turn.

I asked about the problem here with the developer of the tool and one of the responses indicated that ComboFix needs to be run from the Desktop and you have it installed here:

C:\Documents and Settings\All Users\Desktop\smitfraud fix work files\ComboFix.exe

Please download a fresh copy and run it from the Desktop with the last 3 CFScripts that I posted...

Also, I was told that Kdefense is a legit Korean security program... However, unless you installed it, it seems likely that there is something wrong with it... Especially since it seems to be hard to kill... Did you intentionally install it?? It is listed with one source as malware, so I want to be clear about your wishes...

unless kdf is part of trend, spybot or one of the programs you have hd me install, no I did not install it and it does not show up in the list of programs in add remove under the control pannel. I'll work on runningall the combofix scripts again next.
Thank you

ComboFix 07-10-09.3 - comp 2007-10-10 7:15:39.18 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.528 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\cfscript_used_2007-10-07@15.20.txt
.

((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 20:16 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-10-09 20:16 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-10-09 20:16 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-10-09 20:16 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-10-09 20:16 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-10-09 16:51 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 00:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-08 21:29 <DIR> d-------- C:\fsaua.data
2007-10-08 08:48 <DIR> d-------- C:\Documents and Settings\COMP~1~VAL\LOCALS~1
2007-10-07 18:12 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-09 04:46 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\ATI
2007-10-08 14:36 --------- d-----w C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-08 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:07 --------- d-----w C:\Program Files\Common Files\efax
2007-10-06 12:48 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 12:48 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 12:48 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 12:48 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-05 01:36 --------- d-----w C:\Program Files\Trend Micro
2007-09-24 00:20 --------- d-----w C:\Program Files\StorageSync
2007-09-17 01:12 --------- d-----w C:\Program Files\FlexiMusic Wave Editor
2007-09-12 15:17 --------- d-----w C:\Program Files\TurboTax
2007-09-12 05:55 --------- d-----w C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 22:36 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 11:57 --------- d-----w C:\Documents and Settings\Steve\Application Data\U3
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 19:13 --------- d-----w C:\Program Files\MTV Networks
2007-08-13 20:41 --------- d-s---r C:\Program Files\Maxthon
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2004-11-05 16:00 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-02-19 20:16 386,235 -c--a-w C:\Program Files\Printkey2000.zip
2001-05-08 12:54 797,443 -c--a-w C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll

----a-w 290,816 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\auc_lib.dll
----a-w 500,120 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 286,720 2007-08-28 20:28:14 C:\WINDOWS\Downloaded Program Files\fscax.dll
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NT USER.DAT
----a-w 8,192 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\Us rClass.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 17:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 17:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-r 593,920 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe

----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 457,248 2007-10-09 23:51:35 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll

----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
.
----a-r 593,920 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
-c--a-w 457,248 2007-09-30 11:14:46 C:\WINDOWS\system32\FNTCACHE.DAT
------w 61,952 2006-10-17 17:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:44 C:\WINDOWS\system32\rpcrt4.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll [2007-09-16 10:21 103760]

[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-10 07:19:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??|@???????@??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C?????@??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1??????????????????????????????????????? ???(?????G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-10 7:20:57
C:\ComboFix-quarantined-files.txt ... 2007-10-10 07:20
C:\ComboFix2.txt ... 2007-10-09 19:01
C:\ComboFix3.txt ... 2007-10-09 13:32
.

ComboFix 07-10-09.3 - comp 2007-10-10 7:27:10.19 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.529 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\cfscript_used_2007-10-07@15.28.txt

FILE::
C:\WINDOWS\system32\Drivers\neokdss.sys
C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\kdfinj.dll
C:\WINDOWS\system32\kdfmgr.exe
C:\WINDOWS\system32\kdfvmgr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\kdefense
C:\WINDOWS\kdefense\k52010.ico
C:\WINDOWS\kdefense\k52011.ico
C:\WINDOWS\kdefense\k52012.bmp
C:\WINDOWS\kdefense\KStartClean.ini
C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\kdfinj.dll
C:\WINDOWS\system32\kdfmgr.exe
C:\WINDOWS\system32\kdfvmgr.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 16:51 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 00:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-08 21:29 <DIR> d-------- C:\fsaua.data
2007-10-08 08:48 <DIR> d-------- C:\Documents and Settings\COMP~1~VAL\LOCALS~1
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-09 04:46 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\ATI
2007-10-08 14:36 --------- d-----w C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-08 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:07 --------- d-----w C:\Program Files\Common Files\efax
2007-10-06 12:48 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 12:48 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 12:48 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 12:48 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-05 01:36 --------- d-----w C:\Program Files\Trend Micro
2007-09-24 00:20 --------- d-----w C:\Program Files\StorageSync
2007-09-17 01:12 --------- d-----w C:\Program Files\FlexiMusic Wave Editor
2007-09-12 15:17 --------- d-----w C:\Program Files\TurboTax
2007-09-12 05:55 --------- d-----w C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 22:36 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 11:57 --------- d-----w C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 19:13 --------- d-----w C:\Program Files\MTV Networks
2007-08-13 20:41 --------- d-s---r C:\Program Files\Maxthon
2004-11-05 16:00 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-02-19 20:16 386,235 -c--a-w C:\Program Files\Printkey2000.zip
2001-05-08 12:54 797,443 -c--a-w C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll
----a-w 290,816 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\auc_lib.dll
----a-w 500,120 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 286,720 2007-08-28 20:28:14 C:\WINDOWS\Downloaded Program Files\fscax.dll
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NT USER.DAT
----a-w 8,192 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\Us rClass.dat

-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 17:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 17:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll

----a-r 593,920 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll

----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll

----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 457,248 2007-10-09 23:51:35 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll

-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
.
----a-r 593,920 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
-c--a-w 457,248 2007-09-30 11:14:46 C:\WINDOWS\system32\FNTCACHE.DAT
------w 61,952 2006-10-17 17:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:44 C:\WINDOWS\system32\rpcrt4.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll [2007-09-16 10:21 103760]

[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-10 07:32:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??| ??????? ??????? ?B?(???Linda Gambrell??m?b?r?e?l?l????|????m??|???|???????????? x?????C????? ??????? ?B?????????????????????070112084135781?4?1?3?5?7?8 ?1???????????????????????????????????????????(???? ?G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-10 7:36:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 07:35
C:\ComboFix2.txt ... 2007-10-10 07:21
C:\ComboFix3.txt ... 2007-10-09 19:01
.
--- E O F ---

ComboFix 07-10-09.3 - comp 2007-10-10 7:38:46.20 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.618 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\cfscript_used_2007-10-08@2.01.txt

FILE::
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\Drivers\neokdss.sys
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\uccspecc.sys
.

((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 16:51 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 00:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-08 21:29 <DIR> d-------- C:\fsaua.data
2007-10-08 08:48 <DIR> d-------- C:\Documents and Settings\COMP~1~VAL\LOCALS~1
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-09 04:46 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\ATI
2007-10-08 14:36 --------- d-----w C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-08 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:07 --------- d-----w C:\Program Files\Common Files\efax
2007-10-06 12:48 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 12:48 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 12:48 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 12:48 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-05 01:36 --------- d-----w C:\Program Files\Trend Micro
2007-09-24 00:20 --------- d-----w C:\Program Files\StorageSync
2007-09-17 01:12 --------- d-----w C:\Program Files\FlexiMusic Wave Editor
2007-09-12 15:17 --------- d-----w C:\Program Files\TurboTax
2007-09-12 05:55 --------- d-----w C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 22:36 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 11:57 --------- d-----w C:\Documents and Settings\Steve\Application Data\U3
2007-08-17 19:13 --------- d-----w C:\Program Files\MTV Networks
2007-08-13 20:41 --------- d-s---r C:\Program Files\Maxthon
2004-11-05 16:00 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-02-19 20:16 386,235 -c--a-w C:\Program Files\Printkey2000.zip
2001-05-08 12:54 797,443 -c--a-w C:\Program Files\Printkey2000.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll

----a-w 290,816 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\auc_lib.dll
----a-w 500,120 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 286,720 2007-08-28 20:28:14 C:\WINDOWS\Downloaded Program Files\fscax.dll
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NT USER.DAT
----a-w 8,192 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\Us rClass.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 17:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 17:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll
----a-r 593,920 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe

----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 457,248 2007-10-09 23:51:35 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll

-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
.

----a-r 593,920 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
-c--a-w 457,248 2007-09-30 11:14:46 C:\WINDOWS\system32\FNTCACHE.DAT
------w 61,952 2006-10-17 17:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\inetcomm.dll
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:44 C:\WINDOWS\system32\rpcrt4.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll

-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll [2007-09-16 10:21 103760]

[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-10 07:45:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe?D~??A~??????A~??A~??l??? ????????A~???????????????????????????????|????]?A~????;?E??????!=???D???J??????pD???????=????? ???A?F?????b?@?????]?A~ ???;?E?????????????????????E?A~??????????????????? ?????????x?G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-10 7:48:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 07:48
C:\ComboFix2.txt ... 2007-10-10 07:36
C:\ComboFix3.txt ... 2007-10-10 07:21
.
--- E O F ---

ComboFix 07-10-09.3 - comp 2007-10-10 7:51:47.21 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.599 [GMT -4:00]
Running from: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp.VALUED-3253602F\Desktop\cfscript_used_2007-10-09@0.26.txt

FILE::
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small. gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\uccspecc.sys
.

((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 16:51 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 00:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-08 21:29 <DIR> d-------- C:\fsaua.data
2007-10-08 08:48 <DIR> d-------- C:\Documents and Settings\COMP~1~VAL\LOCALS~1
2007-10-07 10:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2007-10-04 21:37 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-04 21:36 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-10-04 21:36 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-10-04 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-04 20:55 <DIR> d-------- C:\Documents and Settings\comp.VALUED-3253602F\Application Data\HouseCall 6.6
2007-10-04 20:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-04 14:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 02:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-18 02:31 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 02:31 333,328 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-18 02:31 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-18 02:31 65,936 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:31 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-09 04:46 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\ATI
2007-10-08 14:36 --------- d-----w C:\Documents and Settings\Steve\Application Data\MailWasherPro
2007-10-08 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:07 --------- d-----w C:\Program Files\Common Files\efax
2007-10-06 12:48 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header _small.gif
2007-10-06 12:48 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small. gif
2007-10-06 12:48 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_sm all.jpg
2007-10-06 12:48 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header .gif
2007-10-05 01:36 --------- d-----w C:\Program Files\Trend Micro
2007-09-24 00:20 --------- d-----w C:\Program Files\StorageSync
2007-09-17 01:12 --------- d-----w C:\Program Files\FlexiMusic Wave Editor
2007-09-12 15:17 --------- d-----w C:\Program Files\TurboTax
2007-09-12 05:55 --------- d-----w C:\Documents and Settings\Steve\Application Data\ContentGuard
2007-09-10 22:36 --------- d-----w C:\Documents and Settings\comp.VALUED-3253602F\Application Data\U3
2007-09-04 11:57 --------- d-----w C:\Documents and Settings\Steve\Application Data\U3
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 19:13 --------- d-----w C:\Program Files\MTV Networks
2007-08-13 20:41 --------- d-s---r C:\Program Files\Maxthon
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2004-11-05 16:00 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-02-19 20:16 386,235 -c--a-w C:\Program Files\Printkey2000.zip
2001-05-08 12:54 797,443 -c--a-w C:\Program Files\Printkey2000.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.

- Not a PE file.

---- C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll ----

Company: Trend Micro Inc.
File Description: TSEasyInstall Dynamic Link Library
File Version: 3.0.0.1134
Product Name: TrendSecure
Copyright: Copyright (C) 2006 Trend Micro Incorporated. All rights reserved.
Original file name: TSEasyInstallMgr.dll

- Unable to find file version info. in file.

---- C:\WINDOWS\system32\cdm.dll ----

Company: Microsoft Corporation
File Description: Windows Update CDM Stub
File Version: 7.0.6000.381 (winmain(wmbla).070730-1740)
Product Name: Microsoftr Windowsr Operating System
Copyright: c Microsoft Corporation. All rights reserved.
Original file name: CDM.dll

---- C:\WINDOWS\system32\DRIVERS\z525obex.sys ----

Company: MCCI
File Description: Sony Ericsson Z525 USB WMC OBEX Interface Device Driver
File Version: V4.34
Product Name: Sony Ericsson Z525 USB WMC OBEX Interface
Copyright: Copyright (c) MCCI 1997-2005
Original file name: z525obex.sys

---- Directory of C:\WINDOWS\LocalSSL ----

2007-08-24 00:01 1122 --a------ C:\WINDOWS\LocalSSL\lssllang.ini

((((((((((((((((((((((((((((( snapshot@2007-10-04_14.31.54.20 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll
----a-w 290,816 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\auc_lib.dll
----a-w 500,120 2007-08-28 20:26:56 C:\WINDOWS\Downloaded Program Files\daas_s.dll
----a-w 286,720 2007-08-28 20:28:14 C:\WINDOWS\Downloaded Program Files\fscax.dll
----a-w 212,992 2007-09-21 20:58:24 C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
-c--a-w 49,152 2004-10-27 16:06:30 C:\WINDOWS\Downloaded Program Files\VaioInfo.dll
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 8,192 2007-10-09 04:03:20 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-28 02:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 1,413,120 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NT USER.DAT
----a-w 8,192 2007-10-09 04:03:05 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\Us rClass.dat
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-17 17:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-17 17:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-w 96,256 2007-09-18 06:31:16 C:\WINDOWS\Installer\atl80.dll
----a-w 156,936 2007-09-18 06:31:16 C:\WINDOWS\Installer\libexpat.dll
----a-w 1,101,824 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80.dll
----a-w 1,093,120 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfc80u.dll
----a-w 69,632 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80.dll
----a-w 57,856 2007-09-18 06:31:16 C:\WINDOWS\Installer\mfcm80u.dll
----a-w 479,232 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcm80.dll
----a-w 548,864 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcp80.dll
----a-w 626,688 2007-09-18 06:31:16 C:\WINDOWS\Installer\msvcr80.dll
----a-w 124,168 2007-09-18 06:31:16 C:\WINDOWS\Installer\TmDbg32.dll

----a-r 593,920 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-10-10 00:20:33 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll

----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 457,248 2007-10-09 23:51:35 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 279,552 2007-10-05 14:07:31 C:\WINDOWS\system32\swreg.exe
----a-w 370,688 2006-11-29 21:21:29 C:\WINDOWS\system32\swsc.exe
----a-w 212,480 2006-12-01 09:20:32 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 600,576 2006-11-07 08:06:47 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 1,866,240 2006-11-13 06:02:58 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
.

----a-r 593,920 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 86,016 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
----a-r 135,168 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-30 10:57:32 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-30 10:57:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
-c--a-w 457,248 2007-09-30 11:14:46 C:\WINDOWS\system32\FNTCACHE.DAT
------w 61,952 2006-10-17 17:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
-c--a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 581,120 2004-08-04 07:56:44 C:\WINDOWS\system32\rpcrt4.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 40,960 2006-01-09 14:36:00 C:\WINDOWS\system32\swsc.exe
----a-w 79,360 2006-12-01 10:20:00 C:\WINDOWS\system32\swxcacls.exe
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
-c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-17 17:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c--a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 407,552 2004-08-04 05:59:40 C:\WINDOWS\system32\dllcache\mstsc.exe
-c--a-w 655,360 2004-08-04 05:59:43 C:\WINDOWS\system32\dllcache\mstscax.dll
-c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
2007-09-16 10:21 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll [2007-09-16 10:21 103760]

[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2004-07-19 16:12]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-01 21:37]
"KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.exe" [2004-09-27 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 13:38 C:\WINDOWS\AGRSMMSG.exe]
"ABBYY Community Agent"="C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe" [2001-01-31 11:32]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 06:01]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-03-10 10:07]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 01:04]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 02:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2006-10-28 12:31]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\apache2triad.GAMBRELLDT\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2003-09-17 20:07:58]

C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\
Printkey2000.exe [2001-05-08 08:54:50]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VistaAccess.lnk - C:\VstaScan\VsAccess.exe [2004-01-03 21:03:47]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
R2 SfCtlCom;Trend Micro Central Control Component;"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\ tmactmon.sys
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service;"C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\ tmevtmgr.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpfl t.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S2 DeviceScanner;UMAX Astra 4400 Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 FINEPIX_PCC;FinePix Digital Camera 020717;C:\WINDOWS\system32\Drivers\V4CB011D.SYS
S3 GENERICDRV;GENERICDRV;\??\C:\DOCUME~1\Steve\LOCALS ~1\Temp\pft7E.tmp\amifldrv.sys
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sy s
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology;C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sy s
S3 neokdss;neokdss;C:\WINDOWS\system32\Drivers\neokds s.sys
S3 z525bus;Sony Ericsson Z525 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z525bus.sys
S3 z525mdfl;Sony Ericsson Z525 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z525mdfl.sys
S3 z525mdm;Sony Ericsson Z525 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z525mdm.sys
S3 z525mgmt;Sony Ericsson Z525 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z525mgmt.sys
S3 z525obex;Sony Ericsson Z525 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z525obex.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-06-06 03:08:17 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2004-01-18 13:56:57 C:\WINDOWS\Tasks\UPS System Shutdown Program.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-10 07:55:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe?D~??A~??????A~??A~??l??? ????????A~???????????????????????????????|????]?A~????;?E??????!=???D???J??????pD???????=????? ???A?F?????b?@?????]?A~ ???;?E?????????????????????E?A~??????????????????? ?????????x?G

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-10 7:56:38
C:\ComboFix-quarantined-files.txt ... 2007-10-10 07:56
C:\ComboFix2.txt ... 2007-10-10 07:48
C:\ComboFix3.txt ... 2007-10-10 07:36
. EOF

C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Documents and Settings\comp.VALUED-3253602F\Start Menu\Programs\Startup\Printkey2000.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: VistaAccess.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: VistaAccess.lnk = ? (User 'Default user')
O4 - Startup: Printkey2000.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: [url]http://members.melaleuca.com[/url]
O15 - Trusted Zone: [url]http://www.melaleuca.com[/url]
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - [url]http://esupport.sony.com/VaioInfo.CAB[/url]
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - [url]http://www.alternatiff.com/install/00/alttiff.cab[/url]
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - [url]http://www.musicnotes.com/download/mnviewer.cab[/url]
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - [url]https://support.microsoft.com/OAS/ActiveX/odc.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.com/SnapfishActivia.cab[/url]
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} - [url]http://www.snapfish.com/SnapfishImageEditor.cab[/url]
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - [url]http://zone.msn.com/binGame/ZAxRcMgr.cab[/url]
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} - [url]http://www.sonypictures.com/charliesangelsgame/SonyPicturesGameDownloader.cab[/url]
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - [url]http://support.f-secure.com/ols3beta/fscax.cab[/url]
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - [url]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [url]http://www.trendmicro.com/spyware-scan/as4web.cab[/url]
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - [url]http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[/url]

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corp