bds/small.iuj another one

same problem, help me please (

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
explorer.exe


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:41 on 16/03/2010 by ej (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a--- 1075200 bytes [15:05 12/03/2010] [15:05 12/03/2010] 2DEACA71A7FD77205F59D48D76B2F565

-=End Of File=-

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file and save it to your Desktop, and do NOT run it, either.

===========

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  FCopy::
  C:\documents and settings\ej\desktop\explorer.exe | C:\windows\explorer.exe
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-03-16.05 - ej 03/18/2010 0:12.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.253 [GMT 8:00]
Running from: c:\documents and settings\ej\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ej\Desktop\CFScript.txt.txt
.

((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-16 12:53 . 2010-03-17 05:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-16 12:22 . 2010-03-16 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-16 12:22 . 2010-03-16 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-16 12:22 . 2010-03-16 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-13 13:06 . 2010-03-13 13:06 -------- d-sh--w- c:\documents and settings\ej\IETldCache
2010-03-13 13:01 . 2010-03-13 13:02 -------- dc-h--w- c:\windows\ie8
2010-03-13 03:51 . 2010-03-14 10:36 33312 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-13 03:51 . 2010-03-14 10:36 1085472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-13 03:28 . 2010-03-14 10:04 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-13 03:27 . 2010-03-13 03:27 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Downloaded Installations
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\ej\Application Data\Malwarebytes
2010-03-12 15:17 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 15:17 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 15:05 . 2010-03-12 15:05 1075200 ----a-w- c:\windows\explorer.exe
2010-03-11 15:25 . 2010-03-11 15:25 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Yahoo!
2010-03-07 13:45 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-07 13:45 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-07 13:42 . 2010-03-07 13:42 -------- d-----w- c:\program files\Microsoft Works
2010-03-07 13:41 . 2010-03-07 13:41 -------- d-----w- c:\program files\MSBuild
2010-03-07 13:40 . 2010-03-07 13:40 -------- d-----w- c:\program files\Microsoft.NET
2010-03-07 13:37 . 2010-03-07 13:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-07 13:37 . 2010-03-07 13:41 -------- d-----w- c:\windows\SHELLNEW
2010-03-07 13:36 . 2010-03-07 13:36 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Microsoft Help
2010-03-07 13:35 . 2010-03-14 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 13:34 . 2010-03-07 13:34 -------- d-----r- C:\MSOCache
2010-02-28 09:19 . 2010-02-28 09:19 -------- d-----w- c:\documents and settings\ej\Application Data\Publish Providers
2010-02-28 09:17 . 2010-02-28 09:17 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Sony
2010-02-28 09:14 . 2002-12-17 08:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2010-02-28 09:14 . 2002-10-20 06:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2010-02-28 09:13 . 2010-02-28 09:13 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-28 09:13 . 2010-02-28 09:17 -------- d-----w- c:\documents and settings\ej\Application Data\Sony
2010-02-28 09:10 . 2010-02-28 09:10 -------- d-----w- c:\program files\Vstplugins
2010-02-28 09:10 . 2010-02-28 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-02-28 08:59 . 2010-02-28 09:03 23510720 ----a-w- c:\documents and settings\ej\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2010-02-28 08:59 . 2010-02-28 08:59 -------- d-----w- c:\documents and settings\ej\Application Data\Sony Setup
2010-02-28 08:57 . 2010-02-28 08:57 -------- d-----w- c:\program files\Sony Setup
2010-02-22 01:10 . 2010-02-22 01:10 446464 ----a-w- c:\windows\filemon.exe
2010-02-16 09:12 . 2010-02-16 09:13 -------- d-----w- c:\program files\Winamp Detect
2010-02-16 09:06 . 2009-09-04 09:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-16 09:06 . 2006-09-28 08:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 16:12 . 2009-12-27 07:38 -------- d-----w- c:\documents and settings\ej\Application Data\uTorrent
2010-03-17 05:53 . 2009-12-27 09:20 -------- d-----w- c:\program files\PowerISO
2010-03-14 10:36 . 2010-03-13 03:51 4196 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-14 10:36 . 2010-03-13 03:51 14840 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-14 10:00 . 2009-12-28 06:29 99536 ----a-w- c:\documents and settings\ej\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 09:16 . 2009-12-27 05:24 -------- d-----w- c:\documents and settings\ej\Application Data\Skype
2010-03-14 08:17 . 2009-12-31 15:02 -------- d-----w- c:\documents and settings\ej\Application Data\skypePM
2010-03-09 09:45 . 2009-12-27 09:55 79488 ----a-w- c:\documents and settings\ej\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 11:36 . 2009-12-31 07:28 -------- d-----w- c:\documents and settings\ej\Application Data\vlc
2010-02-28 10:24 . 2009-12-27 07:36 -------- d-----w- c:\documents and settings\ej\Application Data\FrostWire
2010-02-28 09:09 . 2010-01-08 17:54 -------- d-----w- c:\program files\Sony
2010-02-21 09:42 . 2009-12-27 05:45 -------- d-----w- c:\documents and settings\ej\Application Data\Winamp
2010-02-20 12:36 . 2009-12-27 07:39 -------- d-----w- c:\program files\uTorrent
2010-02-16 09:13 . 2009-12-27 05:45 -------- d-----w- c:\program files\Winamp
2010-02-15 10:03 . 2009-10-22 13:57 217088 ----a-w- c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
2010-02-14 09:58 . 2010-02-14 09:58 -------- d-----w- c:\program files\Software Informer
2010-02-14 09:58 . 2010-02-14 09:58 -------- d-----w- c:\documents and settings\ej\Application Data\Software Informer
2010-02-12 14:01 . 2010-02-12 14:01 -------- d-----w- c:\program files\Alwil Software
2010-02-12 14:01 . 2010-02-12 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\program files\AVG
2010-02-08 14:37 . 2010-02-08 14:33 141025 ----a-w- c:\windows\hpoins27.dat
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Common Files\HP
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-08 14:36 . 2010-02-08 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-02-08 14:35 . 2010-02-08 14:35 -------- d-----w- c:\program files\HP
2010-02-04 10:29 . 2010-02-02 14:28 65536 ----a-w- c:\windows\IFinst27.exe
2010-02-04 10:08 . 2010-02-04 10:05 -------- d-----w- c:\documents and settings\ej\Application Data\Ventrilo
2010-02-02 14:31 . 2010-02-02 14:31 -------- d-----w- c:\program files\Gravity
2010-01-30 02:15 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\ej\Application Data\Orbit
2010-01-30 01:50 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\ej\Application Data\GrabPro
2010-01-29 10:09 . 2010-01-12 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 10:25 . 2009-12-30 02:28 -------- d-----w- c:\program files\Garena
2010-01-24 08:27 . 2010-01-23 15:38 -------- d-----w- c:\program files\MagicDisc
2010-01-23 15:46 . 2010-01-23 15:46 -------- d-----w- c:\documents and settings\ej\Application Data\DivX
2010-01-23 15:30 . 2010-01-23 15:26 -------- d-----w- c:\documents and settings\ej\Application Data\DAEMON Tools Lite
2010-01-23 15:27 . 2010-01-23 15:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 15:26 . 2010-01-23 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-22 15:10 . 2010-01-22 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-22 15:10 . 2009-12-27 12:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-04 09:49 . 2010-01-04 09:49 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-04 09:49 . 2010-01-04 09:49 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-04 09:49 . 2010-01-04 09:49 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-04 09:49 . 2010-01-04 09:49 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-03 11:20 . 2010-01-04 09:49 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
2009-12-31 15:02 . 2009-12-31 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 14:12 . 2009-12-27 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-28 04:05 . 2009-12-28 04:05 533 ----a-w- c:\windows\eReg.dat
2009-12-28 03:17 . 2009-12-28 03:17 0 ----a-w- c:\documents and settings\ej\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-12-28 02:57 . 2009-12-27 05:42 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-27 12:49 . 2009-12-27 12:49 0 ----a-w- c:\windows\nsreg.dat
2009-12-27 12:41 . 2009-12-27 12:41 2293 ----a-w- c:\windows\mozver.dat
2009-12-27 12:38 . 2009-12-27 12:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-27 07:32 . 2009-12-27 07:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-12-27 07:31 . 2009-12-27 07:31 152576 ----a-w- c:\documents and settings\ej\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . C3B84871DECE94E335B96FAFD756316C . 2187904 . . [5.1.2600.2765] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-03-12 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-14 7095344]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-20 319280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-03-14 492840]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 148888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Gamez\\Grand Chase\\Main.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 9:57 PM 70952]
R4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 gupdate1ca86b8ba95e2d0;Google Update Service (gupdate1ca86b8ba95e2d0);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 1:51 PM 133104]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010 --> c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010 [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/23/2010 11:27 PM 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - AvgLdx86

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 05:49]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 05:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14200&l=dis
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\ej\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 00:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\’
t*’
0 ’
 ’
X*’
p*’
 ]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1684)
c:\windows\system32\ieframe.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Unlocker\UnlockerCOM.dll
c:\program files\PowerISO\PWRISOSH.DLL
c:\windows\system32\CopyToSendTo.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-03-18 00:18:33
ComboFix-quarantined-files.txt 2010-03-17 16:18
ComboFix2.txt 2010-03-17 16:11
ComboFix3.txt 2010-03-13 12:13

Pre-Run: 25,999,863,808 bytes free
Post-Run: 25,993,687,040 bytes free

- - End Of File - - DEEBB4948C8EB3892BC206E317A2C208

after that?..

Command switches used :: c:\documents and settings\ej\Desktop\CFScript.txt.txt

Did not work. You named the CFScript.txt with one too many .txt.

Please make sure it is named to CFScript.txt and try again. That is all it should say as the file name.

Let me know if you need a hint.

how to do command switches used?..

ComboFix 10-03-17.06 - ej 03/18/2010 9:21.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.302 [GMT 8:00]
Running from: c:\documents and settings\ej\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ej\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-17 16:21 . 2009-03-30 01:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-17 16:21 . 2009-02-13 03:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-17 16:21 . 2009-02-13 03:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-17 16:21 . 2010-03-17 16:21 -------- d-----w- c:\program files\Avira
2010-03-17 16:21 . 2010-03-17 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-16 12:53 . 2010-03-17 05:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-16 12:22 . 2010-03-16 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-16 12:22 . 2010-03-16 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-16 12:22 . 2010-03-16 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-13 13:06 . 2010-03-13 13:06 -------- d-sh--w- c:\documents and settings\ej\IETldCache
2010-03-13 13:01 . 2010-03-13 13:02 -------- dc-h--w- c:\windows\ie8
2010-03-13 03:51 . 2010-03-14 10:36 33312 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-13 03:51 . 2010-03-14 10:36 1085472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-13 03:28 . 2010-03-14 10:04 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-13 03:27 . 2010-03-13 03:27 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Downloaded Installations
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\ej\Application Data\Malwarebytes
2010-03-12 15:17 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 15:17 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 15:05 . 2010-03-12 15:05 1075200 ----a-w- c:\windows\explorer.exe
2010-03-11 15:25 . 2010-03-11 15:25 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Yahoo!
2010-03-07 13:45 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-07 13:45 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-07 13:42 . 2010-03-07 13:42 -------- d-----w- c:\program files\Microsoft Works
2010-03-07 13:41 . 2010-03-07 13:41 -------- d-----w- c:\program files\MSBuild
2010-03-07 13:40 . 2010-03-07 13:40 -------- d-----w- c:\program files\Microsoft.NET
2010-03-07 13:37 . 2010-03-07 13:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-07 13:37 . 2010-03-07 13:41 -------- d-----w- c:\windows\SHELLNEW
2010-03-07 13:36 . 2010-03-07 13:36 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Microsoft Help
2010-03-07 13:35 . 2010-03-14 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 13:34 . 2010-03-07 13:34 -------- d-----r- C:\MSOCache
2010-02-28 09:19 . 2010-02-28 09:19 -------- d-----w- c:\documents and settings\ej\Application Data\Publish Providers
2010-02-28 09:17 . 2010-02-28 09:17 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Sony
2010-02-28 09:14 . 2002-12-17 08:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2010-02-28 09:14 . 2002-10-20 06:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2010-02-28 09:13 . 2010-02-28 09:13 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-28 09:13 . 2010-02-28 09:17 -------- d-----w- c:\documents and settings\ej\Application Data\Sony
2010-02-28 09:10 . 2010-02-28 09:10 -------- d-----w- c:\program files\Vstplugins
2010-02-28 09:10 . 2010-02-28 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-02-28 08:59 . 2010-02-28 09:03 23510720 ----a-w- c:\documents and settings\ej\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2010-02-28 08:59 . 2010-02-28 08:59 -------- d-----w- c:\documents and settings\ej\Application Data\Sony Setup
2010-02-28 08:57 . 2010-02-28 08:57 -------- d-----w- c:\program files\Sony Setup
2010-02-22 01:10 . 2010-02-22 01:10 446464 ----a-w- c:\windows\filemon.exe
2010-02-16 09:12 . 2010-02-16 09:13 -------- d-----w- c:\program files\Winamp Detect
2010-02-16 09:06 . 2009-09-04 09:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-16 09:06 . 2006-09-28 08:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 01:18 . 2009-12-27 07:38 -------- d-----w- c:\documents and settings\ej\Application Data\uTorrent
2010-03-18 01:08 . 2009-12-27 05:42 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-17 05:53 . 2009-12-27 09:20 -------- d-----w- c:\program files\PowerISO
2010-03-14 10:36 . 2010-03-13 03:51 4196 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-14 10:36 . 2010-03-13 03:51 14840 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-14 10:00 . 2009-12-28 06:29 99536 ----a-w- c:\documents and settings\ej\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 09:16 . 2009-12-27 05:24 -------- d-----w- c:\documents and settings\ej\Application Data\Skype
2010-03-14 08:17 . 2009-12-31 15:02 -------- d-----w- c:\documents and settings\ej\Application Data\skypePM
2010-03-09 09:45 . 2009-12-27 09:55 79488 ----a-w- c:\documents and settings\ej\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 11:36 . 2009-12-31 07:28 -------- d-----w- c:\documents and settings\ej\Application Data\vlc
2010-02-28 10:24 . 2009-12-27 07:36 -------- d-----w- c:\documents and settings\ej\Application Data\FrostWire
2010-02-28 09:09 . 2010-01-08 17:54 -------- d-----w- c:\program files\Sony
2010-02-21 09:42 . 2009-12-27 05:45 -------- d-----w- c:\documents and settings\ej\Application Data\Winamp
2010-02-20 12:36 . 2009-12-27 07:39 -------- d-----w- c:\program files\uTorrent
2010-02-16 09:13 . 2009-12-27 05:45 -------- d-----w- c:\program files\Winamp
2010-02-15 10:03 . 2009-10-22 13:57 217088 ----a-w- c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
2010-02-14 09:58 . 2010-02-14 09:58 -------- d-----w- c:\program files\Software Informer
2010-02-14 09:58 . 2010-02-14 09:58 -------- d-----w- c:\documents and settings\ej\Application Data\Software Informer
2010-02-12 14:01 . 2010-02-12 14:01 -------- d-----w- c:\program files\Alwil Software
2010-02-12 14:01 . 2010-02-12 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\program files\AVG
2010-02-08 14:37 . 2010-02-08 14:33 141025 ----a-w- c:\windows\hpoins27.dat
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Common Files\HP
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-08 14:36 . 2010-02-08 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-02-08 14:35 . 2010-02-08 14:35 -------- d-----w- c:\program files\HP
2010-02-04 10:29 . 2010-02-02 14:28 65536 ----a-w- c:\windows\IFinst27.exe
2010-02-04 10:08 . 2010-02-04 10:05 -------- d-----w- c:\documents and settings\ej\Application Data\Ventrilo
2010-02-02 14:31 . 2010-02-02 14:31 -------- d-----w- c:\program files\Gravity
2010-01-30 02:15 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\ej\Application Data\Orbit
2010-01-30 01:50 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\ej\Application Data\GrabPro
2010-01-29 10:09 . 2010-01-12 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 10:25 . 2009-12-30 02:28 -------- d-----w- c:\program files\Garena
2010-01-24 08:27 . 2010-01-23 15:38 -------- d-----w- c:\program files\MagicDisc
2010-01-23 15:46 . 2010-01-23 15:46 -------- d-----w- c:\documents and settings\ej\Application Data\DivX
2010-01-23 15:30 . 2010-01-23 15:26 -------- d-----w- c:\documents and settings\ej\Application Data\DAEMON Tools Lite
2010-01-23 15:27 . 2010-01-23 15:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 15:26 . 2010-01-23 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-22 15:10 . 2010-01-22 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-22 15:10 . 2009-12-27 12:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-04 09:49 . 2010-01-04 09:49 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-04 09:49 . 2010-01-04 09:49 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-04 09:49 . 2010-01-04 09:49 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-04 09:49 . 2010-01-04 09:49 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-03 11:20 . 2010-01-04 09:49 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
2009-12-31 15:02 . 2009-12-31 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 14:12 . 2009-12-27 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-28 04:05 . 2009-12-28 04:05 533 ----a-w- c:\windows\eReg.dat
2009-12-28 03:17 . 2009-12-28 03:17 0 ----a-w- c:\documents and settings\ej\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-12-27 12:49 . 2009-12-27 12:49 0 ----a-w- c:\windows\nsreg.dat
2009-12-27 12:41 . 2009-12-27 12:41 2293 ----a-w- c:\windows\mozver.dat
2009-12-27 12:38 . 2009-12-27 12:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-27 07:32 . 2009-12-27 07:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-12-27 07:31 . 2009-12-27 07:31 152576 ----a-w- c:\documents and settings\ej\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . C3B84871DECE94E335B96FAFD756316C . 2187904 . . [5.1.2600.2765] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-03-12 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2010-03-17_16.08.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 02:19 . 2007-11-07 02:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-03-18 00:59 . 2010-03-18 00:59 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2010-03-17 16:21 . 2009-05-11 01:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-14 7095344]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-20 319280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-03-14 492840]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 148888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Gamez\\Grand Chase\\Main.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/18/2010 12:21 AM 108289]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 9:57 PM 70952]
S2 gupdate1ca86b8ba95e2d0;Google Update Service (gupdate1ca86b8ba95e2d0);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 1:51 PM 133104]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010 --> c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010 [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/23/2010 11:27 PM 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 05:49]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 05:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14200&l=dis
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\ej\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 09:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\’
t*’
0 ’
 ’
X*’
p*’
 ]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-03-18 09:29:30
ComboFix-quarantined-files.txt 2010-03-18 01:29
ComboFix2.txt 2010-03-17 16:18
ComboFix3.txt 2010-03-17 16:11
ComboFix4.txt 2010-03-13 12:13

Pre-Run: 25,817,845,760 bytes free
Post-Run: 25,791,950,848 bytes free

- - End Of File - - 9E587DFDEA636F67E1A004ADD51526B9

it works?? or not??... omg...

Right click CFScript.txt.txt and select Rename.

Highlight all of the text, and press backspace. Then, only type in cfscript.txt

Then, try again, please.

i will write only cfscript no need to write.txt ryt?

Try it and see if you get something that looks like this:

ook

wait now i iwill try it

ComboFix 10-03-17.06 - ej 03/18/2010 12:53:57.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.305 [GMT 8:00]
Running from: c:\documents and settings\ej\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ej\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-17 16:21 . 2009-03-30 01:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-17 16:21 . 2009-02-13 03:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-17 16:21 . 2009-02-13 03:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-17 16:21 . 2010-03-17 16:21 -------- d-----w- c:\program files\Avira
2010-03-17 16:21 . 2010-03-17 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-16 12:53 . 2010-03-17 05:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-16 12:22 . 2010-03-16 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-16 12:22 . 2010-03-16 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-16 12:22 . 2010-03-16 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-13 13:06 . 2010-03-13 13:06 -------- d-sh--w- c:\documents and settings\ej\IETldCache
2010-03-13 13:01 . 2010-03-13 13:02 -------- dc-h--w- c:\windows\ie8
2010-03-13 03:51 . 2010-03-14 10:36 33312 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-13 03:51 . 2010-03-14 10:36 1085472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-13 03:28 . 2010-03-14 10:04 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-13 03:27 . 2010-03-13 03:27 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Downloaded Installations
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\ej\Application Data\Malwarebytes
2010-03-12 15:17 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-12 15:17 . 2010-03-12 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 15:17 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 15:05 . 2010-03-12 15:05 1075200 ----a-w- c:\windows\explorer.exe
2010-03-11 15:25 . 2010-03-11 15:25 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Yahoo!
2010-03-07 13:45 . 2006-10-26 11:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-07 13:45 . 2006-10-26 11:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-07 13:42 . 2010-03-07 13:42 -------- d-----w- c:\program files\Microsoft Works
2010-03-07 13:41 . 2010-03-07 13:41 -------- d-----w- c:\program files\MSBuild
2010-03-07 13:40 . 2010-03-07 13:40 -------- d-----w- c:\program files\Microsoft.NET
2010-03-07 13:37 . 2010-03-07 13:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-07 13:37 . 2010-03-07 13:41 -------- d-----w- c:\windows\SHELLNEW
2010-03-07 13:36 . 2010-03-07 13:36 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Microsoft Help
2010-03-07 13:35 . 2010-03-14 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-07 13:34 . 2010-03-07 13:34 -------- d-----r- C:\MSOCache
2010-02-28 09:19 . 2010-02-28 09:19 -------- d-----w- c:\documents and settings\ej\Application Data\Publish Providers
2010-02-28 09:17 . 2010-02-28 09:17 -------- d-----w- c:\documents and settings\ej\Local Settings\Application Data\Sony
2010-02-28 09:14 . 2002-12-17 08:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2010-02-28 09:14 . 2002-10-20 06:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2010-02-28 09:13 . 2010-02-28 09:13 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-28 09:13 . 2010-02-28 09:17 -------- d-----w- c:\documents and settings\ej\Application Data\Sony
2010-02-28 09:10 . 2010-02-28 09:10 -------- d-----w- c:\program files\Vstplugins
2010-02-28 09:10 . 2010-02-28 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-02-28 08:59 . 2010-02-28 09:03 23510720 ----a-w- c:\documents and settings\ej\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe
2010-02-28 08:59 . 2010-02-28 08:59 -------- d-----w- c:\documents and settings\ej\Application Data\Sony Setup
2010-02-28 08:57 . 2010-02-28 08:57 -------- d-----w- c:\program files\Sony Setup
2010-02-22 01:10 . 2010-02-22 01:10 446464 ----a-w- c:\windows\filemon.exe
2010-02-16 09:12 . 2010-02-16 09:13 -------- d-----w- c:\program files\Winamp Detect
2010-02-16 09:06 . 2009-09-04 09:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-16 09:06 . 2006-09-28 08:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 01:18 . 2009-12-27 07:38 -------- d-----w- c:\documents and settings\ej\Application Data\uTorrent
2010-03-18 01:08 . 2009-12-27 05:42 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-17 05:53 . 2009-12-27 09:20 -------- d-----w- c:\program files\PowerISO
2010-03-14 10:36 . 2010-03-13 03:51 4196 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-14 10:36 . 2010-03-13 03:51 14840 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-14 10:00 . 2009-12-28 06:29 99536 ----a-w- c:\documents and settings\ej\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 09:16 . 2009-12-27 05:24 -------- d-----w- c:\documents and settings\ej\Application Data\Skype
2010-03-14 08:17 . 2009-12-31 15:02 -------- d-----w- c:\documents and settings\ej\Application Data\skypePM
2010-03-09 09:45 . 2009-12-27 09:55 79488 ----a-w- c:\documents and settings\ej\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 11:36 . 2009-12-31 07:28 -------- d-----w- c:\documents and settings\ej\Application Data\vlc
2010-02-28 10:24 . 2009-12-27 07:36 -------- d-----w- c:\documents and settings\ej\Application Data\FrostWire
2010-02-28 09:09 . 2010-01-08 17:54 -------- d-----w- c:\program files\Sony
2010-02-21 09:42 . 2009-12-27 05:45 -------- d-----w- c:\documents and settings\ej\Application Data\Winamp
2010-02-20 12:36 . 2009-12-27 07:39 -------- d-----w- c:\program files\uTorrent
2010-02-16 09:13 . 2009-12-27 05:45 -------- d-----w- c:\program files\Winamp
2010-02-15 10:03 . 2009-10-22 13:57 217088 ----a-w- c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
2010-02-14 09:58 . 2010-02-14 09:58 -------- d-----w- c:\program files\Software Informer
2010-02-14 09:58 . 2010-02-14 09:58 -------- d-----w- c:\documents and settings\ej\Application Data\Software Informer
2010-02-12 14:01 . 2010-02-12 14:01 -------- d-----w- c:\program files\Alwil Software
2010-02-12 14:01 . 2010-02-12 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\program files\AVG
2010-02-08 14:37 . 2010-02-08 14:33 141025 ----a-w- c:\windows\hpoins27.dat
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Common Files\HP
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-08 14:37 . 2010-02-08 14:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-08 14:36 . 2010-02-08 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-02-08 14:35 . 2010-02-08 14:35 -------- d-----w- c:\program files\HP
2010-02-04 10:29 . 2010-02-02 14:28 65536 ----a-w- c:\windows\IFinst27.exe
2010-02-04 10:08 . 2010-02-04 10:05 -------- d-----w- c:\documents and settings\ej\Application Data\Ventrilo
2010-02-02 14:31 . 2010-02-02 14:31 -------- d-----w- c:\program files\Gravity
2010-01-30 02:15 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\ej\Application Data\Orbit
2010-01-30 01:50 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\ej\Application Data\GrabPro
2010-01-29 10:09 . 2010-01-12 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-26 10:25 . 2009-12-30 02:28 -------- d-----w- c:\program files\Garena
2010-01-24 08:27 . 2010-01-23 15:38 -------- d-----w- c:\program files\MagicDisc
2010-01-23 15:46 . 2010-01-23 15:46 -------- d-----w- c:\documents and settings\ej\Application Data\DivX
2010-01-23 15:30 . 2010-01-23 15:26 -------- d-----w- c:\documents and settings\ej\Application Data\DAEMON Tools Lite
2010-01-23 15:27 . 2010-01-23 15:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-23 15:26 . 2010-01-23 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-22 15:10 . 2010-01-22 15:10 -------- d-----w- c:\program files\Bonjour
2010-01-22 15:10 . 2009-12-27 12:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-04 09:49 . 2010-01-04 09:49 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-04 09:49 . 2010-01-04 09:49 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-04 09:49 . 2010-01-04 09:49 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-04 09:49 . 2010-01-04 09:49 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-03 11:20 . 2010-01-04 09:49 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
2009-12-31 15:02 . 2009-12-31 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 14:12 . 2009-12-27 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-28 04:05 . 2009-12-28 04:05 533 ----a-w- c:\windows\eReg.dat
2009-12-28 03:17 . 2009-12-28 03:17 0 ----a-w- c:\documents and settings\ej\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-12-27 12:49 . 2009-12-27 12:49 0 ----a-w- c:\windows\nsreg.dat
2009-12-27 12:41 . 2009-12-27 12:41 2293 ----a-w- c:\windows\mozver.dat
2009-12-27 12:38 . 2009-12-27 12:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-27 07:32 . 2009-12-27 07:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-12-27 07:31 . 2009-12-27 07:31 152576 ----a-w- c:\documents and settings\ej\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . C3B84871DECE94E335B96FAFD756316C . 2187904 . . [5.1.2600.2765] . . c:\windows\system32\ntoskrnl.exe

[-] 2010-03-12 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2010-03-17_16.08.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 18:19 . 2007-11-06 18:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 02:19 . 2007-11-07 02:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-28 22:07 . 2008-07-28 22:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-03-18 00:59 . 2010-03-18 00:59 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2010-03-17 16:21 . 2009-05-11 01:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 00:05 . 2008-07-29 00:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-28 19:54 . 2008-07-28 19:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 00:05 . 2008-07-29 00:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 08:05 . 2008-07-29 08:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-14 7095344]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-20 319280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-03-14 492840]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 148888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Gamez\\Grand Chase\\Main.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/18/2010 12:21 AM 108289]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 9:57 PM 70952]
S2 gupdate1ca86b8ba95e2d0;Google Update Service (gupdate1ca86b8ba95e2d0);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2009 1:51 PM 133104]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010 --> c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010 [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/23/2010 11:27 PM 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 05:49]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 05:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14200&l=dis
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\ej\Application Data\Mozilla\Firefox\Profiles\ozcaff2w.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\ej\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 12:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\c:\docume~1\ej\LOCALS~1\Temp\1832687.01-01-2010"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\’
t*’
0 ’
 ’
X*’
p*’
 ]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-03-18 13:01:44
ComboFix-quarantined-files.txt 2010-03-18 05:01
ComboFix2.txt 2010-03-18 01:29
ComboFix3.txt 2010-03-17 16:18
ComboFix4.txt 2010-03-17 16:11
ComboFix5.txt 2010-03-18 04:52

Pre-Run: 25,286,443,008 bytes free
Post-Run: 25,279,492,096 bytes free

- - End Of File - - 1E3AF868B57159CA2E60198E0671B0D1