hi i got it to work and here is the log:
ComboFix 08-11-01.06 - kevin miller 2008-11-02 21:33:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1268 [GMT 0:00]
Running from: C:\Documents and Settings\kevin miller\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kevin miller\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\Internet Logs\xDB17.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDB22.tmp
C:\WINDOWS\Internet Logs\xDB23.tmp
C:\WINDOWS\Internet Logs\xDB24.tmp
C:\WINDOWS\Internet Logs\xDB25.tmp
C:\WINDOWS\Internet Logs\xDB26.tmp
C:\WINDOWS\Internet Logs\xDB27.tmp
C:\WINDOWS\Internet Logs\xDB28.tmp
C:\WINDOWS\Internet Logs\xDB29.tmp
C:\WINDOWS\Internet Logs\xDB2A.tmp
C:\WINDOWS\Internet Logs\xDB2B.tmp
C:\WINDOWS\Internet Logs\xDB2C.tmp
C:\WINDOWS\Internet Logs\xDB2D.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB8.tmp
C:\WINDOWS\Internet Logs\xDB9.tmp
C:\WINDOWS\Internet Logs\xDBA.tmp
C:\WINDOWS\Internet Logs\xDBB.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp
.
The following files were disabled during the run:C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\Internet Logs\xDB17.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDB22.tmp
C:\WINDOWS\Internet Logs\xDB23.tmp
C:\WINDOWS\Internet Logs\xDB24.tmp
C:\WINDOWS\Internet Logs\xDB25.tmp
C:\WINDOWS\Internet Logs\xDB26.tmp
C:\WINDOWS\Internet Logs\xDB27.tmp
C:\WINDOWS\Internet Logs\xDB28.tmp
C:\WINDOWS\Internet Logs\xDB29.tmp
C:\WINDOWS\Internet Logs\xDB2A.tmp
C:\WINDOWS\Internet Logs\xDB2B.tmp
C:\WINDOWS\Internet Logs\xDB2C.tmp
C:\WINDOWS\Internet Logs\xDB2D.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB8.tmp
C:\WINDOWS\Internet Logs\xDB9.tmp
C:\WINDOWS\Internet Logs\xDBA.tmp
C:\WINDOWS\Internet Logs\xDBB.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SPYPRV
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.
2008-11-02 11:31 . 2008-11-02 20:23 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-10-31 05:23 . 2008-10-31 05:23 0 --ah----- C:\Documents and Settings\kevin miller\Application Data\.D1A1CB5220543E20.sys
2008-10-31 05:21 . 2008-10-31 05:21 0 --ah----- C:\Documents and Settings\kevin miller\Application Data\.D1A1CB5220543E1F.sys
2008-10-31 03:32 . 2008-11-02 22:11 0 --a------ C:\WINDOWS\sbacknt.bin
2008-10-30 15:40 . 2008-04-14 00:12 169,984 --a------ C:\WINDOWS\system32\msconfig.exe
2008-10-30 08:02 . 2008-10-30 08:02 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-10-29 17:41 . 2008-10-29 17:41 <DIR> d-------- C:\Program Files\Panda Security
2008-10-29 17:41 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-29 12:48 . 2008-10-29 12:49 <DIR> d-------- C:\rsit
2008-10-28 08:46 . 2006-12-02 15:32 167,936 --a------ C:\WINDOWS\system32\Engine3D021206.dll
2008-10-27 22:55 . 2008-10-27 22:55 <DIR> d-------- C:\cubase
2008-10-27 08:05 . 2008-10-27 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-27 08:04 . 2008-10-27 08:04 <DIR> d-------- C:\Program Files\QuickTime
2008-10-26 13:36 . 2008-10-26 13:36 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-26 13:06 . 2008-10-26 13:06 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Summitsoft
2008-10-26 08:31 . 2008-10-26 08:31 601 --a------ C:\WINDOWS\NetOps10.doc
2008-10-26 08:27 . 2008-10-26 08:27 12 --a------ C:\WINDOWS\NetOps04.doc
2008-10-24 19:52 . 2008-10-24 19:52 <DIR> d-------- C:\Program Files\Uninstall
2008-10-24 07:48 . 2008-10-24 07:48 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-10-23 22:34 . 2008-10-23 22:34 <DIR> d-------- C:\Program Files\AESTESIS
2008-10-23 18:49 . 2008-10-23 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-23 18:49 . 2008-10-23 18:49 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\NuVJ
2008-10-23 16:17 . 2008-10-23 16:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-23 16:17 . 2008-10-23 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-22 10:00 . 2008-10-22 10:00 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-22 10:00 . 2008-10-22 10:00 2,162 --a------ C:\WINDOWS\system32\tmmute.ini
2008-10-21 03:07 . 2008-10-21 03:07 <DIR> d-------- C:\WINDOWS\Sun
2008-10-20 09:54 . 2008-11-01 10:40 <DIR> d-------- C:\Downloads
2008-10-20 07:02 . 2008-10-20 07:02 <DIR> d-------- C:\Program Files\Neuromixer
2008-10-20 07:02 . 2008-10-20 07:02 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Cycling '74
2008-10-17 18:56 . 2008-10-19 11:33 <DIR> d-------- C:\Program Files\REAPER
2008-10-17 18:56 . 2008-10-19 11:30 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\REAPER
2008-10-17 17:50 . 2008-10-26 13:36 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-16 17:50 . 2008-10-16 17:50 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-10-16 16:59 . 2008-10-23 18:50 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-10-16 16:59 . 2008-10-16 16:59 <DIR> d-------- C:\Program Files\Media Player Classic
2008-10-16 16:59 . 2002-12-20 11:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx
2008-10-16 16:59 . 2004-10-27 12:01 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2008-10-16 16:59 . 2004-01-12 16:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax
2008-10-15 15:16 . 2008-08-14 09:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:16 . 2008-08-14 09:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 15:16 . 2008-09-15 12:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 15:16 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 19:40 . 2008-10-14 19:40 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\DAEMON Tools Pro
2008-10-14 18:31 . 2008-10-14 18:31 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-14 15:27 . 2008-10-14 15:27 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-10-13 16:56 . 2008-10-13 17:02 <DIR> d-------- C:\Program Files\BitComet
2008-10-13 12:20 . 2008-10-13 12:20 <DIR> d-------- C:\Program Files\Note
2008-10-12 13:38 . 2005-11-03 16:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-10-12 10:51 . 2008-10-12 13:48 <DIR> d-------- C:\nuendo
2008-10-07 19:32 . 2008-10-09 08:24 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Gearbox Software
2008-10-07 18:59 . 2008-10-07 18:59 <DIR> d-------- C:\Program Files\Ubisoft
2008-10-07 18:44 . 2008-10-07 18:44 <DIR> d-------- C:\Program Files\OpenAL
2008-10-07 18:44 . 2008-10-07 18:44 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-10-07 18:44 . 2008-10-07 18:44 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-10-07 10:19 . 2008-10-07 10:19 48 --a------ C:\WINDOWS\ProductKeyExplorer.INI
2008-10-07 08:15 . 2008-10-07 08:18 <DIR> d-------- C:\Program Files\SWiSHstudio
2008-10-07 08:03 . 2008-10-07 08:03 <DIR> d-------- C:\Program Files\KoolMoves
2008-10-07 07:46 . 2008-06-10 20:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-07 07:46 . 2008-06-02 14:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-07 07:46 . 2008-06-02 14:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-07 07:46 . 2008-06-02 14:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-07 07:45 . 2008-10-23 20:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-07 07:45 . 2008-10-07 07:45 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\PC Tools
2008-10-07 07:34 . 2008-10-07 07:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-10-06 19:25 . 2008-10-06 19:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BlackBean
2008-10-06 19:07 . 2008-10-06 19:07 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\BlackBean
2008-10-06 17:34 . 2008-10-06 17:34 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\SuperEasy Software
2008-10-05 20:55 . 2008-10-05 20:55 673,546 --a------ C:\WINDOWS\unins001.exe
2008-10-05 20:55 . 2003-09-22 16:10 61,440 --a------ C:\WINDOWS\system32\marblaxp.dll
2008-10-05 20:55 . 2003-09-22 16:10 53,248 --a------ C:\WINDOWS\system32\drivers\maplevmd000.exe
2008-10-05 20:55 . 2003-09-22 16:09 49,152 --a------ C:\WINDOWS\system32\mapleapi.dll
2008-10-05 20:55 . 2003-09-22 16:10 31,624 --a------ C:\WINDOWS\system32\mapledxp.dll
2008-10-05 20:55 . 2004-04-05 09:44 24,720 --a------ C:\WINDOWS\system32\drivers\mapledxp.sys
2008-10-05 20:55 . 2008-10-05 20:55 7,460 --a------ C:\WINDOWS\unins001.dat
2008-10-05 16:56 . 2008-10-05 16:59 <DIR> d-------- C:\Program Files\MixMeister Fusion + Video
2008-10-05 14:15 . 2008-10-05 14:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-05 14:13 . 2008-10-05 14:39 1,570 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-05 12:00 . 2008-10-05 12:00 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Leadertech
2008-10-05 11:45 . 2008-10-14 20:13 <DIR> d-------- C:\Program Files\Wondershare
2008-10-05 11:45 . 2007-08-30 15:55 1,435,272 --a------ C:\WINDOWS\system32\Flash8.ocx
2008-10-05 11:44 . 2008-10-05 11:44 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-10-05 11:23 . 2008-10-05 11:23 <DIR> d-------- C:\Program Files\Nufsoft
2008-10-05 10:09 . 2008-10-05 10:09 <DIR> dr-hs---- C:\sys
2008-10-04 12:00 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-10-02 19:42 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-10-02 19:42 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-10-02 19:42 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-10-02 19:41 . 2008-10-12 13:38 <DIR> d-------- C:\Program Files\Syncrosoft
2008-10-02 19:41 . 2005-11-08 10:20 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 20:28 634,368 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-11-02 20:28 2,767,872 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-11-02 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-02 20:01 --------- d-----w C:\Program Files\Arturia
2008-11-02 09:13 --------- d-----w C:\Program Files\VstPlugins
2008-11-01 10:47 --------- d-----w C:\Program Files\Unlocker
2008-10-31 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-31 03:32 152,904 ----a-w C:\WINDOWS\system32\vghd.scr
2008-10-31 03:32 --------- d-----w C:\Program Files\vghd
2008-10-30 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-29 22:32 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\EBookSys
2008-10-29 21:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-29 20:30 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\NetMedia Providers
2008-10-29 18:45 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\AVGTOOLBAR
2008-10-29 16:13 98,440 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-28 21:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 21:22 90,632 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-28 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-28 08:03 --------- d-----w C:\Program Files\Sony
2008-10-28 08:02 --------- d-----w C:\Program Files\Sony Setup
2008-10-27 08:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-27 08:18 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Vso
2008-10-27 08:06 --------- d-----w C:\Program Files\iTunes
2008-10-27 08:05 --------- d-----w C:\Program Files\iPod
2008-10-27 08:04 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-26 17:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-26 17:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 17:47 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\SUPERAntiSpyware.com
2008-10-26 13:27 --------- d-----w C:\Program Files\Java
2008-10-25 16:27 147,456 ----a-w C:\WINDOWS\AVUNTOOL.EXE
2008-10-25 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 16:38 --------- d-----w C:\Program Files\Sugar Bytes
2008-10-23 22:39 24,640 ----a-w C:\Program Files\Common Files\security
2008-10-23 18:54 --------- d-----w C:\Program Files\Bonjour
2008-10-23 13:29 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\PACE Anti-Piracy
2008-10-23 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-10-23 13:28 --------- d-----w C:\Program Files\iZotope
2008-10-22 16:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:00 --------- d-----w C:\Program Files\Trend Micro
2008-10-17 12:47 --------- d-----w C:\Program Files\Cakewalk
2008-10-17 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-10-16 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 16:53 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-10-15 21:09 --------- d-----w C:\Program Files\Spectrasonics
2008-10-14 15:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-13 11:30 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Apple Computer
2008-10-12 10:43 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Steinberg
2008-10-12 10:33 --------- d-----w C:\Program Files\Steinberg
2008-10-10 19:09 --------- d-----w C:\Program Files\MixMeister Fusion
2008-10-10 08:12 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-10-09 13:25 1,221,008 ----a-w C:\WINDOWS\system32\zpeng25.dll
2008-10-04 15:51 --------- d-----w C:\Program Files\Picasa2
2008-10-04 09:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-01 21:10 --------- d-----w C:\Program Files\MSBuild
2008-10-01 19:41 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Nero
2008-10-01 19:38 --------- d-----w C:\Program Files\Common Files\Nero
2008-10-01 19:35 --------- d-----w C:\Program Files\Nero
2008-10-01 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-01 19:04 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-01 16:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-10-01 16:42 --------- d-----w C:\Program Files\Webroot
2008-10-01 16:42 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Webroot
2008-10-01 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-01 16:41 164 ----a-w C:\install.dat
2008-09-30 15:18 --------- d-----w C:\Program Files\Lexicon
2008-09-30 11:41 --------- d-----w C:\Program Files\KeyToSound
2008-09-30 05:57 --------- d-----w C:\Program Files\Image-Line
2008-09-29 15:10 --------- d-----w C:\Program Files\Windows Resource Kits
2008-09-29 14:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-09-29 14:57 --------- d-----w C:\Program Files\MSECACHE
2008-09-29 09:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 07:06 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-27 07:06 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-09-27 07:06 --------- d-----w C:\Program Files\AVG
2008-09-26 00:37 456,433 ----a-w C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
2008-09-26 00:37 --------- d-----w C:\Program Files\Natura Sound Therapy
2008-09-25 12:17 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\GrandVJ
2008-09-24 16:32 --------- d-----w C:\Program Files\ArKaos GrandVJ 1.0 FC1
2008-09-22 16:36 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Koblo
2008-09-22 16:34 --------- d-----w C:\Program Files\Koblo
2008-09-21 22:31 --------- d-----w C:\Program Files\Flash Menu Factory
2008-09-21 14:37 --------- d-----w C:\Program Files\123 Flash Menu
2008-09-20 03:45 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Sony
2008-09-20 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-09-20 03:05 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Sony Setup
2008-09-18 10:51 --------- d-----w C:\Program Files\CDXTRACT4
2008-09-18 06:43 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Publish Providers
2008-09-15 18:52 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-09-15 18:42 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\FabFilter
2008-09-15 15:59 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-09-15 14:10 --------- d-----w C:\Program Files\InterLok
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 10:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-09-15 09:32 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\VSRevoGroup
2008-09-14 09:13 --------- d-----w C:\Program Files\MP3Gain
2008-09-14 09:12 --------- d-----w C:\Program Files\Awave Studio
2008-09-14 04:47 2,755 ----a-w C:\Documents and Settings\kevin miller\Application Data\SAS7_000.DAT
2008-09-13 23:36 --------- d-----w C:\Program Files\onOne Software
.
((((((((((((((((((((((((((((( snapshot@2008-11-02_15.06.01.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-02 22:08:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b9c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-28 1235736]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"PCdefense "="C:\Program Files\Laplink\PCdefense\PCDefense.exe" [2006-08-31 1585152]
"TGX2_VFD"="C:\WINDOWS\system32\TGVFDMsgservice.exe" [2004-11-06 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-10-19 2782352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\kevin miller\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - C:\Program Files\vghd\vghd.exe [2008-08-15 357712]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FreelineSchedule.lnk - C:\Freeline\FreelineSchedule.exe [2005-08-13 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=AntiLogger.dll, acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"midi7"= mapledxp.dll
"midi4"= KORGUMDD.DRV
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FreelineSchedule.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FreelineSchedule.lnk
backup=C:\WINDOWS\pss\FreelineSchedule.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RaConfig2500.lnk]
backup=C:\WINDOWS\pss\RaConfig2500.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^ Registration.lnk]
backup=C:\WINDOWS\pss\ Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
backup=C:\WINDOWS\pss\Registration Brothers In Arms.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^Shareaza Turbo Accelerator.lnk]
backup=C:\WINDOWS\pss\Shareaza Turbo Accelerator.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaPPcl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopMaestro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\'Ashampoo AntiSpyWare 2 Guard']
--a------ 2008-09-08 10:09 2349912 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 21:43 640376 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 01:25 37232 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 06:58 611712 C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 05:46 378224 C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo AntiSpyWare 2 Guard]
--a------ 2008-09-08 10:09 2349912 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-25 18:52 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CD-Ejector]
--a------ 2005-06-11 23:49 147456 C:\Documents and Settings\kevin miller\My Documents\CD-Ejector\CD-Ejector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-13 17:10 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2005-03-08 04:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 00:12 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 00:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 08:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--a------ 2004-08-05 18:28 1335386 C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 07:34 167936 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 20:42 212992 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 15:41 2828184 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-03 02:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-22 12:36 14854144 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
--a------ 2008-03-05 18:12 526848 C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
-ra------ 2003-08-28 04:20 94208 C:\WINDOWS\SM1bg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-08-09 15:04 5418864 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-26 13:36 136600 C:\Program Files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-10-08 09:50 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 23:07 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wwSecSvc"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AshampooDefragService"=2 (0x2)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"AgereModemAudio"=2 (0x2)
"Adobe Version Cue CS4"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"AASW2_Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"KernelFaultCheck"=
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"MSConfig"=C:\Documents and Settings\kevin miller\My Documents\msconfig.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-27 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 98440]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-28 90632]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2005-05-31 11970]
R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 24720]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-09-08 749400]
R2 adfs;adfs;C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-28 874776]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 DfuUsb;DfuUsb;C:\WINDOWS\system32\DRIVERS\DFUUsb.sys [2007-11-08 10880]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2005-05-31 130112]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2005-05-31 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-05-31 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-05-31 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-05-31 27984]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2004-07-12 12544]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 TGX263;TriGem X2 Device Driver;C:\WINDOWS\system32\Drivers\TGX263.sys [2004-11-04 16384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-13 29744]
S3 LLRKD;LLRKD;C:\WINDOWS\system32\drivers\LLRKD.sys [2006-08-31 16579]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-25 6656]
S3 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-22 15504]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\279.tmp [ ]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2005-11-03 16896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5653300-69b7-11dd-a189-00142a5d2135}]
\Shell\AutoRun\command - H:\Launch.exe
*Newly Created Service* - SPYPRV
.
Contents of the 'Scheduled Tasks' folder
2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-02 C:\WINDOWS\Tasks\Laplink PCdefense.job
- C:\Program Files\Laplink\PCdefense\XoftSpy.exe [2006-06-19 06:35]
2008-11-02 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-10-24 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2008-10-24 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]
2008-10-24 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\","D:\","E:\","F:\" []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-02 22:12:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\279.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\detoured.dll
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-11-02 22:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-02 22:25:57
ComboFix2.txt 2008-11-02 15:24:57
ComboFix3.txt 2008-10-29 10:18:37
Pre-Run: 101,477,744,640 bytes free
Post-Run: 101,454,602,240 bytes free
701 --- E O F --- 2008-10-29 08:55:09