From safe mode with network ->

 

---

 

No problem

We´ll take it step by step then -

ComboFix 08-11-30.01 - mary 2008-12-01 10:00:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.735 [GMT 0:00]
Running from: c:\documents and settings\mary\Desktop\FIX\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-11-01 to 2008-12-01  )))))))))))))))))))))))))))))))
.

2008-11-30 19:33 . 2008-11-30 19:33 <DIR> d-------- C:\652d13d446a73f282c0ee8baa7a5
2008-11-30 18:12 . 2008-11-30 18:12 <DIR> d-------- c:\program files\CCleaner
2008-11-28 18:30 . 2008-11-30 19:00 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-28 17:08 . 2008-11-28 17:08 <DIR> d-------- c:\documents and settings\mary\Application Data\Malwarebytes
2008-11-28 16:56 . 2008-11-30 18:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 16:56 . 2008-11-28 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 16:56 . 2008-11-28 16:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-28 16:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 16:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 14:14 . 2008-11-27 14:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-11-27 13:39 . 2008-11-27 13:39 244 --ah----- C:\sqmnoopt01.sqm
2008-11-27 13:39 . 2008-11-27 13:39 232 --ah----- C:\sqmdata01.sqm
2008-11-22 20:08 . 2000-01-19 10:21 114,176 --a------ c:\windows\system32\SSCE4132.DLL
2008-11-22 20:08 . 2001-02-27 17:07 90,112 --------- c:\windows\system32\PMovieServer.dll
2008-11-22 20:08 . 2000-01-19 11:30 53,248 --a------ c:\windows\system32\PretzelSpellCheck.dll
2008-11-22 20:07 . 2001-02-27 17:08 745,472 --------- c:\windows\system32\PMAppBuilder.dll
2008-11-22 20:07 . 2001-02-27 16:53 81,920 --------- c:\windows\system32\CONNMGR.OCX
2008-11-22 20:07 . 2001-02-27 17:07 45,056 --------- c:\windows\system32\ImportClient.dll
2008-11-13 08:55 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 08:54 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 15:49 . 2008-11-10 15:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-10 15:43 . 2008-11-10 15:59 <DIR> d-------- c:\program files\NOS
2008-11-10 15:43 . 2008-11-10 15:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-02 21:35 . 2008-11-03 17:30 <DIR> d-------- c:\program files\Common Files\Symantec Shared

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 21:06 --------- d-----w c:\documents and settings\mary\Application Data\OpenOffice.org2
2008-11-30 20:26 --------- d-----w c:\program files\McAfee
2008-11-30 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-29 23:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 18:35 --------- d-----w c:\program files\VVision Conference
2008-11-27 18:34 --------- d-----w c:\program files\Oberon Media
2008-11-27 14:22 --------- d-----w c:\program files\iWin.com
2008-11-26 15:38 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-11-22 20:08 --------- d-----w c:\program files\Broderbund
2008-11-22 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 23:13 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-20 22:22 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2008-11-18 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2008-11-15 20:35 --------- d-----w c:\documents and settings\mary\Application Data\Flood Light Games
2008-11-15 20:35 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-10 15:48 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 08:56 --------- d-----w c:\program files\Dl_cats
2008-11-04 18:25 --------- d-----w c:\documents and settings\mary\Application Data\Zylom
2008-11-03 23:12 --------- d-----w c:\program files\Zylom Games
2008-10-30 08:07 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-10-28 16:30 --------- d-----w c:\documents and settings\mary\Application Data\HPAppData
2008-10-28 08:26 --------- d-----w c:\documents and settings\mary\Application Data\Yahoo!
2008-10-28 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 07:49 --------- d-----w c:\program files\Apple Software Update
2008-10-21 07:47 --------- d-----w c:\program files\iTunes
2008-10-21 07:47 --------- d-----w c:\program files\iPod
2008-10-21 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-21 07:43 --------- d-----w c:\program files\QuickTime
2008-10-21 07:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-21 07:33 --------- d-----w c:\program files\Safari
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-02 09:09 --------- d-----w c:\program files\Picasa2
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-05-15 15:14 169 ---ha-w c:\documents and settings\NetworkService\hpothb07.dat
2008-05-15 15:13 159 ---ha-w c:\documents and settings\mary\hpothb07.dat
2007-11-17 16:57 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-05-06 23:57 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-05-11 20:46 104 --sh--r c:\windows\system32\2E59AE64E3.sys
2008-05-11 20:46 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-22 18:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-11-30_19.26.36.93   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-09-23 07:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 01:47:38 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 07:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 01:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 07:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 01:47:36 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 07:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 01:47:52 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 07:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 01:47:40 348,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 07:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 01:47:40 4,444,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 07:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 01:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 07:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 01:47:40 242,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 07:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 01:47:40 70,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 07:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 01:47:36 5,814,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 07:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 01:47:40 101,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 07:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 01:47:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 07:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 01:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 07:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 01:47:42 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 07:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 01:47:40 3,036,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 07:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 01:47:40 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 07:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 01:47:28 933,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 07:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-24 01:47:40 3,076,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 07:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 01:47:40 630,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 07:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-24 01:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 01:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 07:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 01:47:40 2,068,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2008-11-29 17:57:28 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-30 19:31:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-29 17:57:28 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-30 19:31:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-22 11:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2007-10-24 01:47:38 282,112 ----a-w c:\windows\system32\mscoree.dll
+ 2007-10-24 01:47:56 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-24 01:47:56 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 01:47:56 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2008-08-20 22:03 1780248 --a------ c:\program files\iWin\tbiWin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"PromptCast"="c:\program files\PromptCast\PromptCast.exe" [2004-05-04 221184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-05-16 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2006-05-12 189952]
Forget Me Not.lnk - c:\progra~1\BRODER~1\AG CreataCard\agremind.exe [2007-05-29 331776]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-16 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 06:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 20:34 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2003-06-30 19:56 188416 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-30 07:24 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VVission Conference\\Conference[1].exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VVision Conference\\Conference[1].exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 4C3B9BD87BA3FC28;4C3B9BD87BA3FC28;\??\c:\documents and settings\mary\Desktop\4C3B9BD87BA3FC28\4C3B9BD87BA3FC28 []
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-29 203280]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-13 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\mary\Application Data\Mozilla\Firefox\Profiles\vgfxkool.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.tiscali.co.uk/
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 10:03:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\4C3B9BD87BA3FC28]
"ImagePath"="\??\c:\documents and settings\mary\Desktop\4C3B9BD87BA3FC28\4C3B9BD87BA3FC28"
.ComboFix 08-11-30.01 - mary 2008-12-01 10:00:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.735 [GMT 0:00]
Running from: c:\documents and settings\mary\Desktop\FIX\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-11-01 to 2008-12-01  )))))))))))))))))))))))))))))))
.

2008-11-30 19:33 . 2008-11-30 19:33 <DIR> d-------- C:\652d13d446a73f282c0ee8baa7a5
2008-11-30 18:12 . 2008-11-30 18:12 <DIR> d-------- c:\program files\CCleaner
2008-11-28 18:30 . 2008-11-30 19:00 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-28 17:08 . 2008-11-28 17:08 <DIR> d-------- c:\documents and settings\mary\Application Data\Malwarebytes
2008-11-28 16:56 . 2008-11-30 18:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 16:56 . 2008-11-28 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 16:56 . 2008-11-28 16:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-28 16:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 16:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 14:14 . 2008-11-27 14:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-11-27 13:39 . 2008-11-27 13:39 244 --ah----- C:\sqmnoopt01.sqm
2008-11-27 13:39 . 2008-11-27 13:39 232 --ah----- C:\sqmdata01.sqm
2008-11-22 20:08 . 2000-01-19 10:21 114,176 --a------ c:\windows\system32\SSCE4132.DLL
2008-11-22 20:08 . 2001-02-27 17:07 90,112 --------- c:\windows\system32\PMovieServer.dll
2008-11-22 20:08 . 2000-01-19 11:30 53,248 --a------ c:\windows\system32\PretzelSpellCheck.dll
2008-11-22 20:07 . 2001-02-27 17:08 745,472 --------- c:\windows\system32\PMAppBuilder.dll
2008-11-22 20:07 . 2001-02-27 16:53 81,920 --------- c:\windows\system32\CONNMGR.OCX
2008-11-22 20:07 . 2001-02-27 17:07 45,056 --------- c:\windows\system32\ImportClient.dll
2008-11-13 08:55 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 08:54 . 2008-09-04 17:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 15:49 . 2008-11-10 15:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-10 15:43 . 2008-11-10 15:59 <DIR> d-------- c:\program files\NOS
2008-11-10 15:43 . 2008-11-10 15:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-02 21:35 . 2008-11-03 17:30 <DIR> d-------- c:\program files\Common Files\Symantec Shared

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 21:06 --------- d-----w c:\documents and settings\mary\Application Data\OpenOffice.org2
2008-11-30 20:26 --------- d-----w c:\program files\McAfee
2008-11-30 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-29 23:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 18:35 --------- d-----w c:\program files\VVision Conference
2008-11-27 18:34 --------- d-----w c:\program files\Oberon Media
2008-11-27 14:22 --------- d-----w c:\program files\iWin.com
2008-11-26 15:38 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-11-22 20:08 --------- d-----w c:\program files\Broderbund
2008-11-22 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 23:13 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-20 22:22 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2008-11-18 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2008-11-15 20:35 --------- d-----w c:\documents and settings\mary\Application Data\Flood Light Games
2008-11-15 20:35 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-10 15:48 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 08:56 --------- d-----w c:\program files\Dl_cats
2008-11-04 18:25 --------- d-----w c:\documents and settings\mary\Application Data\Zylom
2008-11-03 23:12 --------- d-----w c:\program files\Zylom Games
2008-10-30 08:07 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-10-28 16:30 --------- d-----w c:\documents and settings\mary\Application Data\HPAppData
2008-10-28 08:26 --------- d-----w c:\documents and settings\mary\Application Data\Yahoo!
2008-10-28 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 07:49 --------- d-----w c:\program files\Apple Software Update
2008-10-21 07:47 --------- d-----w c:\program files\iTunes
2008-10-21 07:47 --------- d-----w c:\program files\iPod
2008-10-21 07:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-21 07:43 --------- d-----w c:\program files\QuickTime
2008-10-21 07:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-21 07:33 --------- d-----w c:\program files\Safari
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-02 09:09 --------- d-----w c:\program files\Picasa2
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 17:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-05-15 15:14 169 ---ha-w c:\documents and settings\NetworkService\hpothb07.dat
2008-05-15 15:13 159 ---ha-w c:\documents and settings\mary\hpothb07.dat
2007-11-17 16:57 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-05-06 23:57 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-05-11 20:46 104 --sh--r c:\windows\system32\2E59AE64E3.sys
2008-05-11 20:46 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-22 18:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-11-30_19.26.36.93   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-09-23 07:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 01:47:38 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 07:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 01:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 07:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 01:47:36 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 07:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 01:47:52 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 07:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 01:47:40 348,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 07:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 01:47:40 4,444,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 07:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 01:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 07:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 01:47:40 242,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 07:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 01:47:40 70,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 07:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 01:47:36 5,814,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 07:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 01:47:40 101,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 07:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 01:47:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 07:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 01:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 07:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 01:47:42 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 07:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 01:47:40 3,036,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 07:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 01:47:40 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 07:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 01:47:28 933,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 07:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-24 01:47:40 3,076,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 07:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 01:47:40 630,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 07:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-24 01:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 01:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 07:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 01:47:40 2,068,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2008-11-29 17:57:28 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-30 19:31:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-29 17:57:28 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-30 19:31:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-22 11:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2007-10-24 01:47:38 282,112 ----a-w c:\windows\system32\mscoree.dll
+ 2007-10-24 01:47:56 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-24 01:47:56 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 01:47:56 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2008-08-20 22:03 1780248 --a------ c:\program files\iWin\tbiWin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"PromptCast"="c:\program files\PromptCast\PromptCast.exe" [2004-05-04 221184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-05-16 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2006-05-12 189952]
Forget Me Not.lnk - c:\progra~1\BRODER~1\AG CreataCard\agremind.exe [2007-05-29 331776]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-16 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 06:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 20:34 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2003-06-30 19:56 188416 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-30 07:24 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz