[Resolved] pop sites

Till about a month ago I had an NOD32 Eset antivirus installed on my computer.
Lately I installed instead the Norton Internet Security. It advises that all the features are ON.
However in the last few days I receive various pop screens when surfing the Internet. I checked my computer with Ad-Aware and Malwarebytes and no infection was found. Is it possible that Norton doesn’t defends against some pops?
Please advise
Thanks

Switching from NOD to Norton wasn't your best move to start with.

What browser, version do you use?

Download HijackThis:
TrendSecure | Download TrendMicro HijackThis
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

__________________
My Home Page

sorry did not see Broni

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

No problem Neal

__________________
My Home Page

my browser is IE7
and here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:53:29, on 20/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Smart PDF Converter\sspd***entd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Tracks Eraser\te.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fum.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\ePad995\ePad995.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ed2e7de7-07db-4941-a06d-f780b93ba730} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter\sspd***entd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter\sspd***entd.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Free Upload Manager] C:\PROGRA~1\FREEDO~1\FUM\fum.exe -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerfMon] C:\Program Files\PerfMon3x\PerfMon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to White List - C:\PROGRA~1\ADVANC~2\POPUPJ~1\addtolist.js
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Delete from White List - C:\PROGRA~1\ADVANC~2\POPUPJ~1\delfromlist.js
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save To MHT - res://C:\Program Files\EZ Save MHT\EZSaveMHT.dll/CtxMenu
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.comsecure.co.il/OnlineScanner.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 13020 bytes

There is some infection present, so we'll have to run some scans.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.14972 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

__________________
My Home Page

Thanks Broni
Here are the four log files as per your instructions
referring to your remark in your first message - do you propose to revert to NOD32 instead remaining with Norton. or perhaps some still better AV?
**
log superanti spyware
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 07/21/2009 at 10:16 AM

Application Version : 4.26.1006

Core Rules Database Version : 4006
Trace Rules Database Version: 1946

Scan type : Complete Scan
Total Scan Time : 01:31:05

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 6383
Registry threats detected : 1
File items scanned : 23878
File threats detected : 11

Adware.DesktopSmileyToolbar
HKU\S-1-5-21-1085031214-1960408961-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

Trojan.Agent/Gen-PEC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP406\A0148381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP406\A0148433.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP406\A0148460.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP406\A0148515.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP406\A0148613.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP407\A0148768.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP430\A0158615.EXE

Application.Agent/Gen-TempZ
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP425\A0156303.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP425\A0156304.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP425\A0156305.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5CDDD316-8831-4852-9F06-3D3E55E1275D}\RP425\A0156307.EXE
**
log Malwarebytes
Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 2

21/07/2009 17:12:54
mbam-log-2009-07-21 (17-12-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 318927
Time elapsed: 1 hour(s), 40 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
c:\program files\media access startup\1.5.0.850 (Adware.DoubleD) -> Delete on reboot.
c:\program files\media access startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> Delete on reboot.
c:\program files\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
c:\downloads\Software\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
c:\program files\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFHelperComponen t.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperCompo nent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
**
log GMER
GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-22 05:34:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 86B7E050 ZwAlertResumeThread
SSDT 86D33050 ZwAlertThread
SSDT 85975DF8 ZwAllocateVirtualMemory
SSDT 86C0A050 ZwAssignProcessToJobObject
SSDT 86E764E0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA87C040]
SSDT 8596AD80 ZwCreateMutant
SSDT 859645F0 ZwCreateSymbolicLinkObject
SSDT 86BB9488 ZwCreateThread
SSDT 86C08050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA87C2C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA87C820]
SSDT 85976128 ZwDuplicateObject
SSDT 859755D8 ZwFreeVirtualMemory
SSDT 86BA8050 ZwImpersonateAnonymousToken
SSDT 86B8A050 ZwImpersonateThread
SSDT 86E3EC48 ZwLoadDriver
SSDT 86B6B3A0 ZwMapViewOfSection
SSDT 86B9E050 ZwOpenEvent
SSDT 85976448 ZwOpenProcess
SSDT 86BF9050 ZwOpenProcessToken
SSDT 86C90CE0 ZwOpenSection
SSDT 859762B8 ZwOpenThread
SSDT 85964FC0 ZwProtectVirtualMemory
SSDT 86B80528 ZwResumeThread
SSDT 86CB3050 ZwSetContextThread
SSDT 85975138 ZwSetInformationProcess
SSDT 86BEB050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA87CA70]
SSDT 86C4A050 ZwSuspendProcess
SSDT 86C4D050 ZwSuspendThread
SSDT 86CB1050 ZwTerminateProcess
SSDT 86BD5050 ZwTerminateThread
SSDT 86CB2050 ZwUnmapViewOfSection
SSDT 85975A28 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? senlsls.sys The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text Ntfs.sys F727BB59 5 Bytes JMP 86F5276C
.text Ntfs.sys F727CF3D 5 Bytes JMP 86F5240C
.text Ntfs.sys F727D61A 5 Bytes JMP 86F522DC
PAGE Ntfs.sys F729AB59 5 Bytes JMP 86F5252C
PAGE Ntfs.sys F729EF83 5 Bytes JMP 86F5264C
PAGE ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{8E0DAC4D-3BDA-F803-EA1E-F467BAC0E37A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E2B7670A-823F-325D-C116-5B1A3709AF12}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E2B7670A-823F-325D-C116-5B1A3709AF12}@eadjmfflcc 0x67 0x61 0x65 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E2B7670A-823F-325D-C116-5B1A3709AF12}@dacjlfoe 0x64 0x62 0x6D 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E2B7670A-823F-325D-C116-5B1A3709AF12}@iallgifgfpnefbjfek 0x6A 0x61 0x6D 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E2B7670A-823F-325D-C116-5B1A3709AF12}@hafhipclagnkdmpi 0x6B 0x61 0x6D 0x65 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\dmio.sys (size mismatch) 197248/153344 bytes executable <-- ROOTKIT !!!

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
**
log Hijack
Logfile of HijackThis v1.99.1
Scan saved at 05:37:17, on 22/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smart PDF Converter\sspd***entd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Tracks Eraser\te.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\ePad995\ePad995.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Free Download Manager\FUM\fum.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ed2e7de7-07db-4941-a06d-f780b93ba730} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter\sspd***entd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter\sspd***entd.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Free Upload Manager] C:\PROGRA~1\FREEDO~1\FUM\fum.exe -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerfMon] C:\Program Files\PerfMon3x\PerfMon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to White List - C:\PROGRA~1\ADVANC~2\POPUPJ~1\addtolist.js
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Delete from White List - C:\PROGRA~1\ADVANC~2\POPUPJ~1\delfromlist.js
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save To MHT - res://C:\Program Files\EZ Save MHT\EZSaveMHT.dll/CtxMenu
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.comsecure.co.il/OnlineScanner.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe" -service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

You used outdated HJT version this time, so next time, make sure, you use HJT 2.0.2, which you used in your original post.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

__________________
My Home Page

here the logs
BTW it took some on&off restart till the connection returned ater the finished scan

ComboFix 09-07-21.03 - dv 07/22/2009 7:07.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.1015.218 [GMT 3:00]
Running from: c:\documents and settings\dv\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-22 04:17 . 2009-07-06 04:33 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
2009-07-22 04:15 . 2009-07-22 04:15 -------- d-----w- c:\documents and settings\dv\Local Settings\Application Data\temp
2009-07-22 01:05 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\NAVEX15.SYS
2009-07-22 01:05 . 2009-07-06 04:33 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\NAVENG32.DLL
2009-07-22 01:05 . 2009-07-06 04:33 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\NAVEX32A.DLL
2009-07-22 01:05 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\NAVENG.SYS
2009-07-22 01:05 . 2009-07-06 04:33 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\EECTRL.SYS
2009-07-22 01:05 . 2009-07-06 04:33 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\ERASER.SYS
2009-07-22 01:05 . 2009-07-06 04:33 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\ECMSVR32.DLL
2009-07-22 01:05 . 2009-07-06 04:33 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009072 1.037\CCERASER.DLL
2009-07-21 04:56 . 2009-07-21 07:49 117760 ----a-w- c:\documents and settings\dv\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-18 06:46 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSXpx86.sys
2009-07-18 06:46 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSvix86.sys
2009-07-18 06:46 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\Scxpx86.dll
2009-07-18 06:46 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSxpx86.dll
2009-07-18 06:46 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSviA64.sys
2009-07-17 06:59 . 2009-07-21 02:18 -------- d-----w- c:\documents and settings\dv\Application Data\VersionTracker Pro
2009-07-15 03:29 . 2009-07-15 03:29 -------- d-----w- c:\documents and settings\dv\Local Settings\Application Data\Internet Saving Optimizer
2009-07-15 03:13 . 2009-07-15 03:13 -------- d-----w- c:\documents and settings\dv\Local Settings\Application Data\Media Access Startup
2009-07-15 03:12 . 2009-07-15 03:12 -------- d-----w- c:\documents and settings\dv\Local Settings\Application Data\DoubleD
2009-07-15 02:49 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSXpx86.sys
2009-07-15 02:49 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSvix86.sys
2009-07-15 02:49 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\Scxpx86.dll
2009-07-15 02:49 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSxpx86.dll
2009-07-15 02:49 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712. 001\IDSviA64.sys
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID SviA64.sys
2009-07-08 04:21 . 2009-07-08 04:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-08 04:16 . 2009-07-08 04:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-07 08:37 . 2009-07-07 08:37 7409 ----a-w- c:\windows\extend.dat
2009-07-07 07:47 . 2009-07-07 07:47 -------- d---a-w- c:\program files\Norton Support
2009-07-06 04:34 . 2009-07-06 04:33 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn. dll
2009-07-06 04:34 . 2009-07-06 04:33 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-06 04:33 . 2009-07-06 04:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-06 04:33 . 2009-07-06 04:33 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-06 04:33 . 2009-07-06 04:33 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-06 04:33 . 2009-07-06 04:33 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-06 04:33 . 2009-07-06 04:33 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-06 04:33 . 2009-07-06 04:33 -------- d-----w- c:\windows\system32\drivers\NIS
2009-07-06 04:33 . 2009-07-06 04:33 -------- d-----w- c:\program files\Norton Internet Security
2009-07-06 04:33 . 2009-07-06 04:33 -------- d-----w- c:\program files\Windows Sidebar
2009-07-06 04:32 . 2009-07-06 04:32 -------- d-----w- c:\program files\NortonInstaller
2009-07-06 03:33 . 2009-07-06 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-06 03:31 . 2009-07-06 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-22 04:21 . 2007-08-05 19:16 -------- d-----w- c:\documents and settings\dv\Application Data\Free Download Manager
2009-07-22 04:15 . 2007-10-24 09:37 2748 ----a-w- c:\documents and settings\dv\dv_notes.dat
2009-07-21 04:54 . 2007-09-10 04:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-21 04:54 . 2007-09-06 04:27 -------- d-----w- c:\documents and settings\dv\Application Data\SUPERAntiSpyware.com
2009-07-21 04:51 . 2007-08-28 05:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 04:31 . 2008-08-26 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-21 04:08 . 2007-08-06 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-07-20 04:08 . 2007-09-05 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 06:21 . 2008-04-15 03:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 08:35 . 2008-05-13 07:06 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 08:13 . 2009-03-11 05:02 -------- d-----w- c:\program files\FLV Player
2009-07-14 04:02 . 2009-04-20 04:45 1 ----a-w- c:\documents and settings\dv\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2009-07-13 10:36 . 2008-07-21 03:28 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 10:36 . 2008-05-13 07:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 05:01 . 2007-09-14 04:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 06:30 . 2009-06-18 06:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-09 06:30 . 2009-06-18 06:06 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-09 06:30 . 2009-06-18 06:06 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-09 05:37 . 2008-10-20 05:58 -------- d-----w- c:\documents and settings\dv\Application Data\Infothek Scan
2009-07-09 05:34 . 2007-12-28 06:50 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-07-08 04:17 . 2007-08-07 03:21 -------- d-----w- c:\program files\Google
2009-07-07 07:50 . 2007-08-03 10:20 -------- d-----w- c:\program files\Symantec
2009-07-07 02:50 . 2007-08-03 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-06 04:47 . 2007-08-03 10:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-06 04:33 . 2009-07-06 04:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-06 04:33 . 2009-07-06 04:33 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-06 04:25 . 2007-08-03 10:21 -------- d-----w- c:\program files\Norton SystemWorks
2009-07-06 03:38 . 2008-04-14 17:58 -------- d-----w- c:\program files\ESET
2009-07-05 15:00 . 2008-07-24 05:54 -------- d-----w- c:\program files\Norton Security Scan
2009-07-02 06:07 . 2009-06-18 06:06 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-02 06:07 . 2009-06-18 06:06 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-02 06:07 . 2009-06-18 06:06 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-02 06:07 . 2009-06-18 06:06 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-02 06:07 . 2009-05-28 06:06 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-02 06:06 . 2009-05-28 06:06 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-02 06:06 . 2009-05-28 06:06 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-02 06:06 . 2009-06-18 06:06 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-02 06:06 . 2009-06-18 06:06 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-02 06:06 . 2009-06-18 06:06 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-02 06:06 . 2009-06-18 06:06 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-02 06:06 . 2009-06-18 06:06 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-02 06:06 . 2009-06-18 06:06 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-07-02 06:06 . 2009-06-18 06:06 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-26 02:59 . 2007-09-05 02:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-21 03:47 . 2009-06-21 03:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-21 03:47 . 2008-02-23 08:21 -------- d-----w- c:\program files\Uniblue
2009-06-21 02:33 . 2009-06-21 02:33 -------- dc----w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-19 08:03 . 2008-10-13 06:34 -------- d-----w- c:\program files\Common Files\wsm
2009-06-19 08:03 . 2008-10-13 06:34 -------- d-----w- c:\program files\Kate's Video Joiner
2009-06-18 04:19 . 2009-01-13 06:36 -------- d-----w- c:\documents and settings\dv\Application Data\U3
2009-06-16 14:55 . 2004-08-04 01:07 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 07:56 . 2009-06-16 07:56 -------- d-----w- c:\documents and settings\dv\Application Data\AVS4YOU
2009-06-16 07:56 . 2009-06-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-16 07:55 . 2009-06-16 07:54 -------- d-----w- c:\program files\AVS4YOU
2009-06-16 07:55 . 2009-06-16 07:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-11 06:35 . 2007-08-01 23:02 145696 ----a-w- c:\documents and settings\dv\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 04:30 . 2009-06-11 04:30 -------- d-----w- c:\program files\PerformanceTest
2009-06-11 04:30 . 2009-06-11 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2009-06-09 04:06 . 2009-06-09 04:06 -------- d-----w- c:\program files\AbiSuite2
2009-06-08 08:08 . 2009-06-08 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-08 08:07 . 2009-06-08 08:07 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-03 19:27 . 2004-08-04 01:07 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 07:56 . 2009-06-01 07:56 -------- d-----w- c:\documents and settings\dv\Application Data\Mobipocket
2009-06-01 07:55 . 2009-06-01 07:55 50008 ----a-r- c:\documents and settings\dv\Application Data\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe
2009-06-01 07:55 . 2009-06-01 07:55 -------- d-----w- c:\program files\Mobipocket.com
2009-06-01 06:22 . 2008-12-03 07:10 -------- d-----w- c:\program files\PDF Editor 2
2009-05-28 06:06 . 2009-05-28 06:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-28 06:06 . 2009-04-02 06:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-27 07:50 . 2009-05-27 07:50 108341 ----a-w- c:\documents and settings\dv\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\digita...aleditions.exe
2009-05-25 07:20 . 2009-02-25 05:52 -------- d-----w- c:\program files\SimpleOCR
2009-05-25 02:45 . 2009-06-21 03:47 2568242 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-05-19 04:22 . 2009-05-19 04:22 66360 ----a-w- c:\documents and settings\dv\g2ax_customer_downloadhelper_win32_x86 .exe
2009-05-12 03:53 . 2007-08-06 16:36 238 ----a-w- c:\windows\wpd99.drv
2009-05-12 03:53 . 2007-08-06 16:36 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-05-12 03:53 . 2007-08-06 16:36 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-05-07 15:44 . 2004-08-04 01:07 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 01:07 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 06:06 . 2009-04-23 06:06 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-23 06:06 . 2009-04-02 06:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-06-03 04:29 . 2008-06-03 04:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-16 06:35 . 2007-08-26 04:24 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 . 2007-08-26 04:24 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 . 2007-10-15 09:16 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 . 2007-10-15 09:16 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 . 2007-08-26 04:24 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2004-08-04 01:07 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-04 01:07 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 01:07 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\cache\user32.dll

[-] 2004-08-04 01:07 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-04 01:07 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll
[-] 2004-08-04 01:07 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2007-04-18 12:31 658944 B7156CD97E739F3014BC4D61758F868A c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 13:12 658944 1901AD51DA8BE9F8B38D5D526E5D1788 c:\windows\ie7\wininet.dll
[-] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\SoftwareDistribution\Download\0eda838ef 8ec599d822155030a70ecac\SP2GDR\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\SoftwareDistribution\Download\0eda838ef 8ec599d822155030a70ecac\SP2QFE\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\cache\wininet.dll

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\146ae5e7b 51a37f45e0e5cf03d0d5e3c\Sp2gdr\Tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\146ae5e7b 51a37f45e0e5cf03d0d5e3c\Sp2qfe\Tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 01:07 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-04 01:07 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-04 01:07 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2004-08-04 01:07 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 01:07 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\cache\ndis.sys
[-] 2004-08-04 01:07 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 01:07 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 01:07 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2004-08-04 01:07 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 16:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 13:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:22 2015744 DC097A896A03B8277457D228FD12D4E6 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 16:49 2015744 B238AB60093BABFE76AEC8F34B4D399D c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 16:49 2015744 B238AB60093BABFE76AEC8F34B4D399D c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 16:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 14:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:58 2136064 DD31AB4B91C2605601A3C108AF57A0C9 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 17:22 2136064 16B5EBE97F243441264A8F8694C2F2AA c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-06 17:22 2136064 16B5EBE97F243441264A8F8694C2F2AA c:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 01:07 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\cache\explorer.exe

[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 01:07 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-04 01:07 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-04 01:07 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe
[-] 2004-08-04 01:07 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-04 01:07 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 01:07 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-04 01:07 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2004-08-04 01:07 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-04 01:07 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2004-08-04 01:07 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\cache\userinit.exe

[-] 2004-08-04 01:07 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-04 01:07 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll
[-] 2004-08-04 01:07 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-04 01:07 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-04 01:07 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll
[-] 2004-08-04 01:07 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-04 01:07 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-04 01:07 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll
[-] 2004-08-04 01:07 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\cache\imm32.dll

[-] 2004-08-04 01:07 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll
[-] 2004-08-04 01:07 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\appmgmts.dll
[-] 2004-08-04 01:07 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\cache\appmgmts.dll

[-] 2004-08-04 01:07 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2004-08-04 01:07 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-04 01:07 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-04 01:07 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\comres.dll

[-] 2004-08-04 01:07 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-04 01:07 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll

[-] 2004-08-04 01:07 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 01:07 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2004-08-04 01:07 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 01:07 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\dllcache\mfc40u.dll

[-] 2009-02-09 10:01 401408 24B5D53B9ACCC1E2EDCF0A878D6659D4 c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-04 01:07 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-04 01:07 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 03:42 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\i386\asms\60\msft\windows\ common\controls\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-04 01:07 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 01:07 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 01:07 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\winxp\I386\ASMS\60\MSFT\WINDOWS\COMMON\ CONTROLS\COMCTL32.DLL
[-] 2004-08-04 01:07 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\winxp\I386\ASMS\6000\MSFT\WINDOWS\COMMO N\CONTROLS\COMCTL32.DLL

[-] 2004-08-04 01:07 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-04 01:07 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-04 01:07 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\sfc.dll

[-] 2004-08-04 01:07 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll
[-] 2004-08-04 01:07 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\dllcache\srsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_02.39.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-05 15:50 . 2004-08-04 01:07 66048 c:\windows\winxp\I386\WINNT32.MSI
+ 2009-07-22 04:17 . 2009-07-22 04:17 40960 c:\windows\TEMP\rtdrvmon.exe
+ 2009-07-21 14:18 . 2009-07-21 14:18 16384 c:\windows\TEMP\Perflib_Perfdata_724.dat
+ 2009-07-22 04:17 . 2009-07-22 04:17 16384 c:\windows\TEMP\Perflib_Perfdata_59c.dat
+ 2009-07-22 04:19 . 2009-07-22 04:19 16384 c:\windows\TEMP\Perflib_Perfdata_1e0.dat
+ 2004-08-04 01:07 . 2006-10-18 18:47 99840 c:\windows\system32\wmpshell.dll
+ 2007-08-01 23:02 . 2007-07-27 06:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-08-01 23:02 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-07-10 05:02 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-07-06 04:33 . 2009-07-06 04:33 39984 c:\windows\system32\drivers\NIS\1005000.087\symndi sv.sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 37296 c:\windows\system32\drivers\NIS\1005000.087\symndi s.sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 34736 c:\windows\system32\drivers\NIS\1005000.087\symids .sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 89776 c:\windows\system32\drivers\NIS\1005000.087\symfw. sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 43696 c:\windows\system32\drivers\NIS\1005000.087\srtspx .sys
+ 2004-08-04 01:07 . 2006-10-18 18:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2007-08-01 22:40 . 2006-10-18 18:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2007-08-01 22:40 . 2006-10-18 18:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-08-04 01:07 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2007-07-06 18:30 . 2007-07-06 18:30 18432 c:\windows\Installer\976c1b.msp
+ 2007-07-06 18:22 . 2007-07-06 18:22 20480 c:\windows\Installer\976c1a.msp
+ 2007-07-06 18:36 . 2007-07-06 18:36 70144 c:\windows\Installer\976c16.msp
+ 2007-10-25 06:06 . 2007-10-25 06:06 84992 c:\windows\Installer\976bf9.msi
+ 2009-07-08 04:16 . 2009-07-08 04:16 22528 c:\windows\Installer\6d8acf.msi
+ 2009-06-15 08:09 . 2009-06-15 08:09 24064 c:\windows\Installer\141ad5a.msi
+ 2007-12-26 08:20 . 2007-12-26 08:20 68096 c:\windows\Installer\10c5013.msi
+ 2009-07-21 04:54 . 2009-07-21 04:54 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-07-21 04:54 . 2009-07-21 04:54 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-07-08 04:17 . 2009-07-08 04:17 25214 c:\windows\Installer\{B535B621-5559-11DE-A7A1-005056806466}\UNINST_Uninstall_G_BCEEAF790189405A8 B93BFE1E41FCD64.exe
+ 2009-07-08 04:17 . 2009-07-08 04:17 10134 c:\windows\Installer\{B535B621-5559-11DE-A7A1-005056806466}\ARPPRODUCTICON.exe
+ 2004-08-04 01:07 . 2006-10-18 18:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-04 01:07 . 2006-10-18 18:47 7168 c:\windows\system32\asferror.dll
+ 2007-08-05 15:50 . 2004-08-04 01:07 185856 c:\windows\winxp\VALUEADD\MSFT\MGMT\WBEMODBC\WBEMO DBC.MSI
+ 2007-08-05 15:50 . 2004-08-04 01:07 219648 c:\windows\winxp\SUPPORT\TOOLS\SUPTOOLS.MSI
+ 2006-10-18 18:47 . 2006-10-18 18:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-18 18:47 . 2006-10-18 18:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-18 18:47 . 2006-10-18 18:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-18 18:47 . 2008-06-24 15:12 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-04 01:07 . 2006-10-18 18:47 314880 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 01:07 . 2006-10-18 18:47 242688 c:\windows\system32\wmpasf.dll
+ 2004-08-04 01:07 . 2006-10-18 18:47 227328 c:\windows\system32\wmerror.dll
+ 2009-07-06 04:33 . 2009-07-06 04:33 217392 c:\windows\system32\drivers\NIS\1005000.087\symtdi .sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 310320 c:\windows\system32\drivers\NIS\1005000.087\SymEFA .sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 307760 c:\windows\system32\drivers\NIS\1005000.087\srtsp. sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 482352 c:\windows\system32\drivers\NIS\1005000.087\cchpx8 6.sys
+ 2009-07-06 04:33 . 2009-07-06 04:33 258608 c:\windows\system32\drivers\NIS\1005000.087\BHDrvx 86.sys
+ 2004-08-04 01:07 . 2006-10-18 18:47 314880 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 01:07 . 2006-10-18 18:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-04 01:07 . 2006-10-18 18:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2004-08-04 01:07 . 2007-06-26 19:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-04 01:07 . 2009-06-16 14:55 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2007-08-01 22:40 . 2006-10-18 18:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2007-10-25 06:08 . 2007-10-25 06:08 480256 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (Pre-Release Version)\vs_setup.msi
+ 2007-09-18 07:49 . 2007-09-18 07:49 588288 c:\windows\Installer\f78a7e.msi
+ 2008-11-13 08:01 . 2008-11-13 08:01 972800 c:\windows\Installer\f1893e.msi
+ 2008-11-13 08:00 . 2008-11-13 08:00 432640 c:\windows\Installer\f18929.msi
+ 2006-10-12 08:56 . 2006-10-12 08:56 728064 c:\windows\Installer\a683a2.msp
+ 2008-08-05 02:18 . 2008-08-05 02:18 289792 c:\windows\Installer\9e721.msi
+ 2007-10-25 06:09 . 2007-10-25 06:09 480256 c:\windows\Installer\976c28.msi
+ 2007-07-06 18:39 . 2007-07-06 18:39 269312 c:\windows\Installer\976c1f.msp
+ 2007-10-25 06:07 . 2007-10-25 06:07 346624 c:\windows\Installer\976c15.msi
+ 2007-07-06 17:22 . 2007-07-06 17:22 546816 c:\windows\Installer\976c00.msp
+ 2007-07-06 17:24 . 2007-07-06 17:24 647168 c:\windows\Installer\976bff.msp
+ 2007-07-06 17:20 . 2007-07-06 17:20 492544 c:\windows\Installer\976bfe.msp
+ 2007-07-06 17:30 . 2007-07-06 17:30 988160 c:\windows\Installer\976bfc.msp
+ 2007-09-02 02:52 . 2007-09-02 02:52 703488 c:\windows\Installer\8c1b5.msi
+ 2008-10-20 05:58 . 2008-10-20 05:58 336896 c:\windows\Installer\88e973.msi
+ 2008-12-11 04:23 . 2008-12-11 04:23 562176 c:\windows\Installer\85592.msi
+ 2009-07-06 03:45 . 2009-07-06 03:45 190976 c:\windows\Installer\760d2.msi
+ 2007-10-22 05:30 . 2007-10-22 05:30 304640 c:\windows\Installer\6f0c7a.msi
+ 2008-06-25 04:15 . 2008-06-25 04:15 193536 c:\windows\Installer\6dceab.msi
+ 2009-07-08 04:17 . 2009-07-08 04:17 315392 c:\windows\Installer\6d8ad7.msi
+ 2009-04-02 06:04 . 2009-04-02 06:04 236032 c:\windows\Installer\6a9fa5.msi
+ 2008-11-04 05:26 . 2008-11-04 05:26 301568 c:\windows\Installer\69c601.msi
+ 2009-06-21 03:47 . 2009-06-21 03:47 265216 c:\windows\Installer\4e57ef.msi
+ 2008-09-12 03:14 . 2008-09-12 03:14 337408 c:\windows\Installer\374012.msi
+ 2007-08-07 03:20 . 2007-08-07 03:20 282624 c:\windows\Installer\2b4af4.msi
+ 2007-08-01 22:47 . 2007-08-01 22:47 264704 c:\windows\Installer\29602.msi
+ 2007-10-05 08:55 . 2007-10-05 08:55 886272 c:\windows\Installer\2409c7.msi
+ 2008-05-15 05:45 . 2008-05-15 05:45 743424 c:\windows\Installer\212cd.msi
+ 2007-12-27 09:33 . 2007-12-27 09:33 431104 c:\windows\Installer\1579213.msi
+ 2009-06-01 07:55 . 2009-06-01 07:55 376320 c:\windows\Installer\11a44ff.msi
+ 2007-09-12 13:37 . 2007-09-12 13:37 344064 c:\windows\Installer\11422ad.msp
+ 2007-12-26 08:24 . 2007-12-26 08:24 252416 c:\windows\Installer\10c5133.msi
+ 2007-12-26 08:22 . 2007-12-26 08:22 312320 c:\windows\Installer\10c5111.msi
+ 2007-12-26 08:22 . 2007-12-26 08:22 491008 c:\windows\Installer\10c5109.msi
+ 2007-12-26 08:22 . 2007-12-26 08:22 898560 c:\windows\Installer\10c5101.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 426496 c:\windows\Installer\10c50be.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 452608 c:\windows\Installer\10c50b6.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 600576 c:\windows\Installer\10c50a9.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 532480 c:\windows\Installer\10c50a1.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 646656 c:\windows\Installer\10c5098.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 121344 c:\windows\Installer\10c5082.msi
+ 2007-12-26 08:21 . 2007-12-26 08:21 514560 c:\windows\Installer\10c505b.msi
+ 2007-12-26 08:20 . 2007-12-26 08:20 425472 c:\windows\Installer\10c504b.msi
+ 2004-08-04 01:07 . 2007-06-26 19:10 317440 c:\windows\inf\unregmp2.exe
+ 2007-10-22 05:30 . 2007-10-22 05:30 364572 c:\windows\Downloaded Installations\Tweakui Powertoy for Windows XP.msi
+ 2007-08-05 15:48 . 2004-08-04 01:07 7100416 c:\windows\winxp\DOTNETFX\NDPSP.MSP
+ 2004-08-04 01:07 . 2006-10-18 18:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-10-18 18:47 . 2006-10-18 18:47 1661440 c:\windows\system32\wmpencen.dll
+ 2004-08-04 01:07 . 2004-08-04 01:07 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-04 01:07 . 2006-10-18 18:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2007-08-01 22:40 . 2006-11-01 15:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2004-08-04 01:07 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2008-07-24 05:54 . 2008-07-24 05:54 4050944 c:\windows\system32\Adobe\Shockwave 11\gt.msi
+ 2007-05-25 10:08 . 2007-05-25 10:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M928366\M928366Uninstall.msp
+ 2008-05-12 08:16 . 2008-05-12 08:16 8984576 c:\windows\Installer\fc8a3e.msi
+ 2008-01-03 09:12 . 2008-01-03 09:12 3443712 c:\windows\Installer\fbd785.msi
+ 2008-11-19 07:01 . 2008-11-19 07:01 3732480 c:\windows\Installer\f63224.msp
+ 2008-10-25 07:15 . 2008-10-25 07:15 6227456 c:\windows\Installer\f18934.msp
+ 2008-08-26 06:55 . 2008-08-26 06:55 1396224 c:\windows\Installer\e7d186.msi
+ 2007-08-01 23:35 . 2007-08-01 23:35 2944000 c:\windows\Installer\aee2c.msi
+ 2007-07-06 18:24 . 2007-07-06 18:24 5247488 c:\windows\Installer\976c1e.msp
+ 2007-07-06 18:19 . 2007-07-06 18:19 2069504 c:\windows\Installer\976c1d.msp
+ 2007-07-06 18:12 . 2007-07-06 18:12 6659072 c:\windows\Installer\976c1c.msp
+ 2007-07-06 18:33 . 2007-07-06 18:33 3947008 c:\windows\Installer\976c19.msp
+ 2007-07-06 18:15 . 2007-07-06 18:15 1303552 c:\windows\Installer\976c18.msp
+ 2007-07-06 18:27 . 2007-07-06 18:27 4283904 c:\windows\Installer\976c17.msp
+ 2007-07-06 17:17 . 2007-07-06 17:17 6053888 c:\windows\Installer\976c02.msp
+ 2007-07-06 17:33 . 2007-07-06 17:33 2593280 c:\windows\Installer\976c01.msp
+ 2007-07-06 17:28 . 2007-07-06 17:28 6332928 c:\windows\Installer\976bfd.msp
+ 2007-07-06 17:15 . 2007-07-06 17:15 2973184 c:\windows\Installer\976bfb.msp
+ 2007-07-06 17:26 . 2007-07-06 17:26 3395584 c:\windows\Installer\976bfa.msp
+ 2009-07-21 04:54 . 2009-07-21 04:54 1516544 c:\windows\Installer\952e13.msi
+ 2008-11-24 06:32 . 2008-11-24 06:32 5264896 c:\windows\Installer\87ba0c.msi
+ 2009-05-14 09:34 . 2009-05-14 09:34 3730944 c:\windows\Installer\7f286.msp
+ 2007-08-22 03:58 . 2007-08-22 03:58 1155072 c:\windows\Installer\7da9d2.msi
+ 2009-04-20 04:43 . 2009-04-20 04:43 9780224 c:\windows\Installer\7c5d3b.msi
+ 2008-08-01 04:11 . 2008-08-01 04:11 1383424 c:\windows\Installer\7238a3.msi
+ 2009-04-02 06:04 . 2009-04-02 06:04 1802240 c:\windows\Installer\6a9fad.msi
+ 2008-02-20 05:23 . 2008-02-20 05:23 1751552 c:\windows\Installer\5fab2b.msi
+ 2008-05-23 05:59 . 2008-05-23 05:59 2486272 c:\windows\Installer\3c21f0.msi
+ 2008-05-16 03:32 . 2008-05-16 03:32 2727936 c:\windows\Installer\37fb4.msi
+ 2008-04-24 07:22 . 2008-04-24 07:22 4275712 c:\windows\Installer\13e9d97.msp
+ 2009-06-08 08:08 . 2009-06-08 08:08 1875456 c:\windows\Installer\12da9f6.msi
+ 2006-10-12 08:50 . 2006-10-12 08:50 1091584 c:\windows\Installer\12a2f4.msp
+ 2007-05-22 07:46 . 2007-05-22 07:46 6108672 c:\windows\Installer\12a2e8.msp
+ 2005-08-16 15:06 . 2005-08-16 15:06 5729792 c:\windows\Installer\12a2dc.msp
+ 2006-11-20 14:37 . 2006-11-20 14:37 6553088 c:\windows\Installer\12a2c5.msp
+ 2007-04-18 10:21 . 2007-04-18 10:21 3445760 c:\windows\Installer\12a2ba.msp
+ 2008-08-07 07:59 . 2008-08-07 07:59 1864192 c:\windows\Installer\120537b.msi
+ 2008-01-14 13:55 . 2008-01-14 13:55 4087808 c:\windows\Installer\117534d.msp
+ 2007-07-16 04:31 . 2007-07-16 04:31 5971456 c:\windows\Installer\1142200.msp
+ 2008-02-20 05:22 . 2008-02-20 05:22 4328960 c:\windows\Downloaded Installations\{B3A3F97E-D18E-4FCB-8582-CDDEEEFDD41F}\E-GOV.IL Sign&Verify Software - AGForm toolbar.msi
+ 2008-05-15 05:45 . 2008-05-15 05:45 1300992 c:\windows\Downloaded Installations\{5C033E2C-41AB-4A69-9704-720346479AC7}\Office Keyboard Driver.msi
+ 2008-05-18 05:32 . 2004-01-29 14:25 2321408 c:\windows\Cache\Adobe Reader 6.0\HEBMIN\Adobe Reader 6.0 ME.msi
+ 2008-07-24 04:15 . 2004-11-04 10:48 2287616 c:\windows\Cache\Adobe Reader 6.0.1\HEBBIG\Adobe Reader 6.0.2 ME.msi
+ 2004-08-04 01:07 . 2008-11-11 15:34 10838016 c:\windows\system32\wmp.dll
+ 2007-08-02 12:14 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2004-08-04 01:07 . 2008-11-11 15:34 10838016 c:\windows\system32\dllcache\wmp.dll
+ 2007-10-14 05:28 . 2007-01-19 11:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2008-07-30 05:50 . 2008-07-30 05:50 12506112 c:\windows\Installer\168d88d.msp
+ 2008-06-04 10:29 . 2008-06-04 10:29 16905728 c:\windows\Installer\168d881.msp
+ 2008-02-29 20:09 . 2008-02-29 20:09 16907776 c:\windows\Installer\13bb5f0.msp
+ 2007-05-01 07:29 . 2007-05-01 07:29 10994688 c:\windows\Installer\12a2d1.msp
+ 2008-01-05 09:27 . 2008-01-05 09:27 19210240 c:\windows\Installer\11829c7.msp
+ 2007-09-12 13:37 . 2007-09-12 13:37 12836864 c:\windows\Installer\11422ae.msp
+ 2008-01-06 09:11 . 2008-01-06 09:11 15256576 c:\windows\Installer\100dffa.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Tracks Eraser"="c:\program files\Tracks Eraser\te.exe" [2007-02-21 544768]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-06-27 68856]
"Free Upload Manager"="c:\progra~1\FREEDO~1\FUM\fum.exe" [2007-07-29 253952]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-02 3399727]
"SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PerfMon"="c:\program files\PerfMon3x\PerfMon.exe" [2008-09-12 749568]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-21 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-02 204800]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-03 1838592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"DSLSTATEXE"="c:\program files\GlobespanVirata\Adsl\dslstat.exe" [2005-09-14 356352]
"DSLAGENTEXE"="c:\program files\GlobespanVirata\Adsl\dslagent.exe" [2005-09-14 16384]
"SmartSoft PDF Printer (demo) Agent"="c:\program files\Smart PDF Converter\sspd***entd.exe" [2007-10-22 94208]
"SmartSoft PDF Printer (demo) virtual printer agent"="c:\program files\Smart PDF Converter\sspd***entd.exe" [2007-10-22 94208]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-19 16858112]

c:\documents and settings\dv\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-4-22 112400]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ePad995.lnk - c:\epad995\ePad995.exe [2007-8-20 163840]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"AME_CSA"=rundll32 amecsa.cpl,RUN_DLL
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= c:\program files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"c:\\Program Files\\Tidy Favorites\\TidyFavorites.exe"= c:\program files\Tidy Favorites\TidyFavorites.exe:*:Enabled:TidyFavorite s

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"= c:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows
"c:\\WINDOWS\\system32\\LEXPPS.EXE"= c:\windows\system32\LEXPPS.EXE:*isabled:LEXPPS.E XE
"c:\\Program Files\\Free Download Manager\\fdm.exe"= c:\program files\Free Download Manager\fdm.exe:*isabled:fdm

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02/04/2009 09:05 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [29/08/2008 11:23 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000 .087\SymEFA.sys [06/07/2009 07:33 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087 \BHDrvx86.sys [06/07/2009 07:33 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.0 87\cchpx86.sys [06/07/2009 07:33 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715. 003\IDSXpx86.sys [18/07/2009 09:46 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe [27/10/2008 19:03 759072]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 22:06 1029456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [06/07/2009 07:33 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/07/2009 07:51 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/07/2009 07:16 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;c:\windows\system32\Drivers\USB650C.sys --> c:\windows\system32\Drivers\USB650C.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:06]

2009-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-03 04:20]

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 04:16]

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 04:16]

2009-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-07-05 c:\windows\Tasks\Norton Security Scan for dv.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 02:18]

2009-07-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-08-03 06:04]

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{C9BA57A7-3CC3-45CE-8897-438DB35F0A1A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
Toolbar-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
WebBrowser-{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.il/
mStart Page = hxxp://www.google.co.il/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to White List - c:\progra~1\ADVANC~2\POPUPJ~1\addtolist.js
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Delete from White List - c:\progra~1\ADVANC~2\POPUPJ~1\delfromlist.js
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save To MHT - c:\program files\EZ Save MHT\EZSaveMHT.dll/CtxMenu
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://www.comsecure.co.il/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\dv\Application Data\Mozilla\Firefox\Profiles\default.th1\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.il/|cal - ?????
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-22 07:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{8E0DAC4D-3BDA-F803-EA1E-F467BAC0E37A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1085031214-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E2B7670A-823F-325D-C116-5B1A3709AF12}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eadjmfflcc"=hex:67,61,65,69,68,6f,69,69,62,68,67, 69,67,6c,00,7e
"dacjlfoe"=hex:64,62,6d,6c,70,68,66,64,64,6c,6a,67 ,6b,6a,6a,66,61,64,69,69,6c,
61,6e,6a,6d,66,6f,70,6d,63,63,63,66,68,61,6e,6e,6b ,69,6d,00,3d
"iallgifgfpnefbjfek"=hex:6a,61,6d,65,69,64,70,6b,6 9,69,65,70,67,67,66,6e,6d,65,
6b,66,00,b0
"hafhipclagnkdmpi"=hex:6b,61,6d,65,70,6c,67,69,6f, 61,6a,6b,6e,63,69,6a,6d,70,
6c,67,70,67,00,7f

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10a.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9d .ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"GlobalState"=hex:96,3d,21,22,ea,45,4c,00,1a,b6,b0 ,73,d8,39,87,c7,63,a5,04,65
"RevocationList"=hex:f5,ff,0a,51,11,3a,db,3f,9e,ba ,c6,89,64,b1,5c,6a,a0,a8,68,
23
"{93BB7285-B702-483E-8593-223828B24A2B}"=hex:6f,38,6b,c7,e0,99,05,5b,69,13,4 a,
5e,1b,54,0b,d7,f0,61,f7,9e
"{D3005F68-54F8-4921-B562-7F47990F5809}"=hex:8f,ba,0e,99,98,c7,52,63,6a,72,6 8,
13,c3,ca,e5,b3,2f,6a,da,3d
"{9C4AAE85-C621-4F92-9097-EB3CE31608CE}"=hex:61,86,8d,9a,58,ef,67,0b,4e,2a,3 1,
c0,3f,f1,8a,ab,ea,f1,6e,16
"{18A0AA80-34A7-46E8-AC9A-CC473EBEFA0C}"=hex:9c,19,26,c7,19,64,1e,50,0a,cb,1 f,
9e,92,ab,8f,64,e9,31,b4,8c
"{2E8A8DF5-564D-46A7-AEA4-BB28D61BFCC7}"=hex:d4,61,7e,82,75,e0,65,14,c5,b8,4 b,
41,54,d2,33,7c,4e,76,96,7b
"{22EB7C77-4FB4-4A8E-B7D9-110E18894BC1}"=hex:9a,cb,a4,e7,16,43,31,0b,ee,a0,c 4,
13,9b,94,ce,4f,08,68,c1,7f

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10 a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10 a.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10 a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10 a.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\ {D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interf ace\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interf ace\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interf ace\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLi b\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLi b\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLi b\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLi b\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Completion time: 2009-07-22 7:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 04:24
ComboFix2.txt 2009-06-29 02:41

Pre-Run: 21,366,104,064 bytes free
Post-Run: 21,517,963,264 bytes free

781 --- E O F --- 2009-07-21 02:18
**
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:47:37, on 22/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Smart PDF Converter\sspd***entd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Tracks Eraser\te.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Free Download Manager\FUM\fum.exe
C:\Program Files\PerfMon3x\PerfMon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\ePad995\ePad995.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ed2e7de7-07db-4941-a06d-f780b93ba730} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) Agent] "C:\Program Files\Smart PDF Converter\sspd***entd.exe"
O4 - HKLM\..\Run: [SmartSoft PDF Printer (demo) virtual printer agent] "C:\Program Files\Smart PDF Converter\sspd***entd.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Free Upload Manager] C:\PROGRA~1\FREEDO~1\FUM\fum.exe -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PerfMon] C:\Program Files\PerfMon3x\PerfMon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ePad995.lnk = C:\ePad995\ePad995.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to White List - C:\PROGRA~1\ADVANC~2\POPUPJ~1\addtolist.js
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Delete from White List - C:\PROGRA~1\ADVANC~2\POPUPJ~1\delfromlist.js
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save To MHT - res://C:\Program Files\EZ Save MHT\EZSaveMHT.dll/CtxMenu
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186009636734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188532142203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.comsecure.co.il/OnlineScanner.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12291 bytes

I forgot to answer your previous question:
NOD is much better, than Norton, but you don't even have to pay for anything...

- Avast! free antivirus: Download FREE antivirus software - avast! Home Edition
- Avira free antivirus: Download Free Antivirus Products

- free PC Tools Antivirus: PC Tools AntiVirus - Free Anti Virus Download and Removal
- free PC Tools Firewall Plus: PC Tools Firewall Plus - Free Firewall Download

- free Comodo Internet Security (firewall + AV): Firewall and AntiVirus Free Software Download from Comodo
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus, or Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

DO NOT make any changes in the above department until we're done with all cleaning.

================================================== ================

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Post fresh HijackThis log as well.

__________________
My Home Page