BleepingComputer.com > Havin Some Problems With My Computer

Full Version: Havin Some Problems With My Computer

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

qpnguyen

Aug 6 2008, 12:31 PM

EXTRA LOG:

QUOTE

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1022.73 MiB / 557.49 MiB
Pagefile Memory (total/avail): 2447.47 MiB / 2044.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.94 MiB

C: is Fixed (NTFS) - 590.16 GiB total, 59.89 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 372.61 GiB total, 9.59 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC WD4000KD-00NAB0 - 372.61 GiB - 1 partition
\PARTITION0 - Installable File System - 372.61 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD6400AAKS-65A7B0 - 596.17 GiB - 2 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 590.16 GiB - C:

\\.\PHYSICALDRIVE3 - Sony CF Reader USB Device

\\.\PHYSICALDRIVE2 - Sony MS Reader USB Device

\\.\PHYSICALDRIVE5 - Sony SD/MMC Reader USB Device

\\.\PHYSICALDRIVE4 - Sony SM/xD Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe:*:Enabled:GOGOBOX????Daemon"
"C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe:*:Enabled:gogobox???????"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe"="C:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe:*:Enabled:TubeHunter Ultra"
"C:\\WINDOWS\\system32\\fscagent.exe"="C:\\WINDOWS\\system32\\fscagent.exe:*:Enabled:???? ???? ??"
"C:\\WINDOWS\\system32\\clubbox.exe"="C:\\WINDOWS\\system32\\clubbox.exe:*:Enabled:å¬·´¹ú½º æäàïàü¼û °ü¸®àú"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\GridService\\peer.exe"="C:\\Program Files\\GridService\\peer.exe:*:Enabled:muse peer"
"C:\\Program Files\\SuperTV\\supernettv.exe"="C:\\Program Files\\SuperTV\\supernettv.exe:*:Enabled:supernettv"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Quoc Nguyen\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SONYVIAO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Quoc Nguyen
LOGONSERVER=\\SONYVIAO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~2.0_0\bin;C:\PROGRA~1\Java\JRE16~2.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\QUOCNG~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\QUOCNG~1\LOCALS~1\Temp
USERDOMAIN=SONYVIAO
USERNAME=Quoc Nguyen
USERPROFILE=C:\Documents and Settings\Quoc Nguyen
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Quoc Nguyen (admin)
Cuong Nguyen (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7e41
ATI Catalyst Registration --> MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ConvertHelper 2.1 --> "C:\Program Files\ConvertHelper\unins000.exe"
Counter-Strike: Source --> C:\Program Files\Counter-Strike Source\Uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule --> "C:\Program Files\eMule\Uninstall.exe"
File Splitter and Joiner (FFSJ v3.3) --> "C:\WINDOWS\unins000.exe"
Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX --> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.0 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.97 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
middle_man --> "C:\PROGRA~1\AIM\UninstallMM.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Total Video Converter 3.12 080330 --> "C:\Program Files\Total Video Converter\unins000.exe"
VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver VAIO Motion SD Wide Contents --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51735133-A296-4EB0-BF16-AD93B55BD000}\setup.exe" -l0x9
VAIO Structure Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E715FA41-46EB-4D3F-B4D9-A45973E76026}\setup.exe" -l0x9
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft iPod Rip --> C:\Program Files\Xilisoft\iPod Rip\Uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type4310 / Warning
Event Submitted/Written: 08/06/2008 01:20:54 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type4309 / Warning
Event Submitted/Written: 08/06/2008 01:20:54 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type4308 / Warning
Event Submitted/Written: 08/06/2008 01:20:54 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type4307 / Warning
Event Submitted/Written: 08/06/2008 01:20:54 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type4306 / Warning
Event Submitted/Written: 08/06/2008 01:20:54 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type13661 / Error
Event Submitted/Written: 08/06/2008 01:19:47 PM / 08/06/2008 01:19:56 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type13660 / Error
Event Submitted/Written: 08/06/2008 01:19:26 PM / 08/06/2008 01:19:56 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type13644 / Error
Event Submitted/Written: 08/06/2008 01:19:44 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type13636 / Warning
Event Submitted/Written: 08/06/2008 11:31:46 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type13635 / Warning
Event Submitted/Written: 08/06/2008 06:06:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-08-06 13:28:44 ------------

```````````````

MAIN LOG:

QUOTE

Deckard's System Scanner v20071014.68
Run by Quoc Nguyen on 2008-08-06 13:25:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
97: 2008-08-06 17:25:35 UTC - RP112 - Deckard's System Scanner Restore Point
96: 2008-08-06 04:21:25 UTC - RP111 - Removed Rosetta Stone V3.
95: 2008-08-06 03:45:10 UTC - RP110 - Installed Rosetta Stone V3.
94: 2008-08-05 06:40:06 UTC - RP109 - System Checkpoint
93: 2008-08-03 05:09:50 UTC - RP108 - Removed Nokia Series 40 Theme Studio 2.2

-- First Restore Point --
1: 2008-06-13 20:30:10 UTC - RP16 - Installed OpenMG Secure Module

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 59.92 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-06 13:27:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Quoc Nguyen\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Quoc Nguyen\Local Settings\Temp\{B40378CA-9587-421B-93C9-65541C6CA755}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab Class) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 9073 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 krait03 (Razer krait USB Filter Driver) - c:\windows\system32\drivers\krait.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 16:57:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-05 23:45:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-05 23:45:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-08-03 22:14:23 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-08-03 22:14:19 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-08-03 22:14:19 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-03 22:14:18 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-03 22:14:17 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-03 22:14:16 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-08-03 00:53:19 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Nokia
2008-08-03 00:52:56 0 d-------- C:\Nokia
2008-07-31 02:07:45 794906 --a------ C:\WINDOWS\unins000.exe
2008-07-31 02:07:45 4200 --a------ C:\WINDOWS\unins000.dat
2008-07-31 02:07:45 0 d-------- C:\WINDOWS\system32\FFSJ
2008-07-30 20:24:23 0 d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-07-29 15:22:44 0 d-------- C:\Program Files\NewsLeecher
2008-07-29 14:41:21 0 d-------- C:\Documents and Settings\Quoc Nguyen\Downloads <DOWNLO~1>
2008-07-29 14:41:18 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\NewsLeecher
2008-07-28 23:27:40 131 --a------ C:\Iotmrd.sys
2008-07-28 23:27:39 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\ppStream
2008-07-28 23:27:35 0 d-------- C:\Program Files\SuperTV
2008-07-28 12:22:07 0 d-------- C:\Program Files\SpeedFan
2008-07-27 21:22:37 0 d-------- C:\Program Files\MegauploadToolbar
2008-07-27 21:22:37 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\MegauploadToolbar
2008-07-27 20:51:31 0 d-------- C:\Program Files\The Rosetta Stone
2008-07-25 23:37:43 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Atari
2008-07-25 23:32:04 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Leadertech
2008-07-20 16:43:33 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Google
2008-07-18 05:20:32 1540096 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2>
2008-07-15 17:16:51 0 d-------- C:\Program Files\Audacity
2008-07-13 18:07:24 0 d-------- C:\Program Files\Alcohol Soft
2008-07-13 17:41:40 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\DAEMON Tools Pro
2008-07-13 17:40:57 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-07-13 17:37:37 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-11 22:18:09 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\GetRightToGo
2008-07-09 09:39:29 4456448 --a------ C:\Documents and Settings\Quoc Nguyen\ntuser.dat
2008-07-09 09:39:06 0 d-------- C:\Program Files\IObit
2008-07-09 02:09:28 0 d-------- C:\Program Files\PCPitstop
2008-07-09 00:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Grid
2008-07-08 03:05:24 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\InstallShield
2008-07-07 14:22:11 13324 --a------ C:\WINDOWS\system32\drivers\krait.sys <Not Verified; Razer (Asia-Pacific) Pte Ltd; Diamondback USB Optical Mouse>
2008-07-06 21:31:17 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\vlc
2008-07-06 01:49:04 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\SuperNZB

-- Find3M Report ---------------------------------------------------------------

2008-08-06 11:52:01 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\uTorrent
2008-08-06 10:02:39 0 d-------- C:\Program Files\eMule
2008-08-05 23:45:23 0 d-------- C:\Program Files\Common Files
2008-08-05 00:38:44 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\DivX
2008-08-04 20:01:03 0 d-------- C:\Program Files\DivX
2008-08-03 17:34:16 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Move Networks
2008-08-03 07:26:32 0 d-------- C:\Program Files\uTorrent
2008-08-03 01:09:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:04:33 0 d-------- C:\Program Files\Java
2008-07-31 02:11:14 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\FFSJ
2008-07-29 22:56:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-29 22:56:40 0 d-------- C:\Program Files\Paltalk Messenger
2008-07-29 22:56:39 0 d-------- C:\Program Files\Messenger
2008-07-29 22:56:39 0 d-------- C:\Program Files\MagicISO
2008-07-29 22:56:39 0 d-------- C:\Program Files\Counter-Strike Source
2008-07-29 22:56:39 0 d-------- C:\Program Files\AIM
2008-07-26 23:41:41 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\dvdcss
2008-07-23 21:32:34 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Paltalk
2008-07-20 16:42:33 0 d-------- C:\Program Files\Google
2008-07-20 09:37:53 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Winamp
2008-07-18 21:45:30 0 d-------- C:\Program Files\Winamp
2008-07-13 18:26:28 0 d-------- C:\Program Files\Total Video Converter
2008-07-06 21:23:02 0 d-------- C:\Program Files\VideoLAN
2008-07-04 23:59:36 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\InterVideo
2008-07-03 20:13:42 0 d-------- C:\Program Files\MagicDisc
2008-07-02 19:49:53 0 d-------- C:\Program Files\Sony
2008-07-02 12:12:41 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Apple Computer
2008-06-30 20:57:13 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-30 20:00:21 0 d-------- C:\Program Files\ConvertHelper
2008-06-28 21:16:35 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Adobe
2008-06-24 02:12:10 0 d-------- C:\Program Files\Download Direct
2008-06-22 03:28:28 77824 --a------ C:\WINDOWS\system32\nod.dll <Not Verified; ; Now On-Demand Stream Connector>
2008-06-19 08:35:34 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla
2008-06-17 02:31:09 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\AdobeUM
2008-06-15 21:34:06 0 d-------- C:\Program Files\Xilisoft
2008-06-15 21:00:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-15 08:09:04 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Help
2008-06-15 02:26:44 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Nexon
2008-06-15 02:24:59 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-14 23:45:25 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-14 23:42:01 0 d-------- C:\Program Files\Logitech
2008-06-14 23:12:37 0 d-------- C:\Program Files\Apple Software Update
2008-06-14 20:40:01 0 d-------- C:\Program Files\GetData
2008-06-14 15:38:51 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-13 23:25:44 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Real
2008-06-13 23:17:53 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-13 23:17:42 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 23:16:46 0 d-------- C:\Program Files\Real
2008-06-13 23:13:37 0 d-------- C:\Program Files\RealPlayer v 11 0 0 372 Plus
2008-06-13 22:51:02 0 d-------- C:\Program Files\NextLink
2008-06-13 20:13:07 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Macromedia
2008-06-13 20:11:24 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Sony Corporation
2008-06-13 18:48:15 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Auslogics
2008-06-13 18:48:09 0 d-------- C:\Program Files\Auslogics
2008-06-13 18:40:31 0 d-------- C:\Program Files\iTunes
2008-06-13 18:40:25 0 d-------- C:\Program Files\iPod
2008-06-13 18:40:07 0 d-------- C:\Program Files\QuickTime
2008-06-13 18:39:10 0 d-------- C:\Program Files\Common Files\Apple
2008-06-13 18:33:01 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Sun
2008-06-13 17:36:55 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\ATI
2008-06-13 17:28:29 0 d-------- C:\Program Files\Veoh Networks
2008-06-13 17:24:58 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Aim
2008-06-13 17:24:46 0 d-------- C:\Program Files\AOD
2008-06-13 17:23:11 0 d-------- C:\Program Files\middle_man
2008-06-13 17:22:29 0 d-------- C:\Program Files\Viewpoint
2008-06-13 17:16:40 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-13 17:16:37 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-13 17:08:54 0 d-------- C:\Program Files\Quicken
2008-06-13 17:08:52 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Media Player Classic
2008-06-13 17:08:46 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\WinRAR
2008-06-13 17:06:57 0 d-------- C:\Program Files\ATI
2008-06-13 17:06:46 0 d-------- C:\Program Files\ATI Technologies
2008-06-13 17:06:11 1291 --a------ C:\WINDOWS\mozver.dat
2008-06-13 17:02:57 0 d-------- C:\Program Files\Microsoft Works
2008-06-13 16:57:43 0 d-------- C:\Program Files\MoodLogic
2008-06-13 16:53:41 0 d-------- C:\Program Files\Online Services
2008-06-13 16:42:19 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\InterMute
2008-06-13 16:35:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-13 16:30:47 0 d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Symantec
2008-06-13 16:29:23 0 d-------- C:\Program Files\InterMute
2008-06-13 16:28:17 0 d-------- C:\Program Files\InterVideo
2008-06-13 16:18:22 0 d-------- C:\Program Files\Sonic
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 10:49:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [04/13/2004 04:49 PM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/10/2004 01:10 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 09:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [11/02/2004 06:53 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [11/29/2004 06:00 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [10/13/2004 08:00 PM C:\WINDOWS\ALCMTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/08/2005 02:36 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/08/2005 02:32 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"RegistryMechanic"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [08/01/2007 02:17 PM]

C:\Documents and Settings\Quoc Nguyen\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [7/3/2008 8:13:33 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
"C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82014c3b-635a-11dd-89fe-00132019a567}]
AutoRun\command- K:\Setup.exe

-- Hosts -----------------------------------------------------------------------

127.255.255.255 serial.alcohol-soft.com

-- End of Deckard's System Scanner: finished at 2008-08-06 13:28:44 ------------

Shaba

Aug 19 2008, 12:58 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Please post back with HijackThis log and Kaspersky report.

Regards

qpnguyen

Aug 22 2008, 12:09 AM

HIJACKTHIS LOG:

QUOTE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:48 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 9140 bytes

KASPER SCAN:

QUOTE

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 04:49:37
Records in database: 1122783
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 100759
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:14:14

File name / Threat name / Threats count
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP85\A0021500.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1

The selected area was scanned.

farbar

Aug 22 2008, 10:57 PM

Hi,

Welcome to Bleeping Computer HijackThis forum. I am going to assist you with your problem.

Please give me some time to look it over and I will get back to you as soon as possible.

Please refrain from any system changes (updating Windows, installing applications, etc.) by yourself from now on until we are finished with the cleaning. I'll inform when we are done with the fixes and your are clean.

You might want to save this page on your favorites, so you can find it again when you return.

farbar

Aug 22 2008, 11:48 PM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent and eMule). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Removal Instructions

Please empty all the content of uTorrent and eMule downloaded files and don't use the applications as long as we are not finished with the fixes.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now.
Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

Viewpoint Media Player.

Also remove the folder in bold: C:\Program Files\Viewpoint
You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
Click "start" and then "Control Panel" icon.
Doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
Uninstall the following by clicking on the following entries and selecting "remove":

J2SE Runtime Environment 5.0
Java™ 6 Update 6

Additional instructions can be found here if needed.
Please download ATF Cleaner by Atribune & save it to your desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main "Select Files to Delete" choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
- If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
- Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can. Besides the paid antivirus programs there are also some free antivirus programs::
Install and update. Run a full/complete scan, let removed/quarantined what it finds and copy and paste the report to your reply.
Please copy and paste a fresh Hijackthis log to your reply.

qpnguyen

Aug 24 2008, 01:09 PM

HIjackthis log:

QUOTE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:51 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1012877476-3308353955-2259861281-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cuong Nguyen')
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 10150 bytes

i can't post the log for AVG antivirus, attachments wont let me upload it: " Upload failed. You are not permitted to upload this type of file"

farbar

Aug 24 2008, 02:20 PM

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Apply ATF cleaner once more for both Internet Explorer and Firefox.
Please download Malwarebytes' Anti-Malware from MajorGeeks
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In your next reply:

The log of MBAM.
A fresh Hijackthis log.

qpnguyen

Aug 25 2008, 07:50 PM

MAlwarebyte's log:

QUOTE

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

8:47:55 PM 8/25/2008
mbam-log-08-25-2008 (20-47-55).txt

Scan type: Quick Scan
Objects scanned: 41909
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a22b8fd2-4caa-4efb-82f7-680cd656d9b0} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{a22b8fd2-4caa-4efb-82f7-680cd656d9b0} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a25850a-737c-4405-93ca-bdc750496679} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b7181716-6892-4fde-beac-3a556314041e} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f83b7562-18a5-4562-8836-0173ebf533ca} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downupdater.exe (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.2 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DownUpdater.exe (Adware.CWS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\GNowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\WINDOWS\DownUpdater.exe (Adware.CWS) -> Quarantined and deleted successfully.
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully.

----------------

HIjackthis log:

QUOTE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:12 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-1012877476-3308353955-2259861281-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Cuong Nguyen')
O4 - S-1-5-21-1012877476-3308353955-2259861281-1007 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Cuong Nguyen')
O4 - S-1-5-21-1012877476-3308353955-2259861281-1007 User Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Cuong Nguyen')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 9947 bytes

farbar

Aug 26 2008, 01:34 PM

Please copy and paste the content of AVG log to your reply. You don't need to attach the log.
Apply ATF Cleaner once more.
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
Download Deckard's Association File Tool daft.exe and save it to your desktop.
- Double click on it and click Run.
- Click on the Scan button.
- If it finds faulty file associations, they will appear in red beside a checkbox
- Click Save Log and save daft.txt
- Copy and paste the content of daft.txt to your reply.
- Then place a checkmark (tick) in the boxes in question.
- Click the Fix button.
Please copy and paste a fresh Hijackthis log to your reply and tell me how the computer is running.

In your next reply:

The scan results of AVG 8.
The Kaspersky scan.
A fresh Hijackthis log.
Tell me how the computer is running.

qpnguyen

Aug 27 2008, 03:31 PM

AVg results:

QUOTE

"Scan ""Scan whole computer"" was finished."
"Infections found:";"12"
"Infected objects removed or healed:";"12"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"0"
"Information count:";"0"
"Scan started:";"Sunday, August 24, 2008, 1:22:09 PM"
"Scan finished:";"Sunday, August 24, 2008, 2:03:46 PM (41 minute(s) 37 second(s))"
"Total object scanned:";"450077"
"User who launched the scan:";"Quoc Nguyen"

"Infections"
"File";"Infection";"Result"
"F:\Applications\Apollo_No1_DVD_Ripper_7.2.6_www.softarchive.net.rar:\keygen.exe";"Virus found Win32/CryptExe";"Deleted"
"F:\Applications\Apollo_No1_DVD_Ripper_7.2.6_www.softarchive.net.rar";"Virus found Win32/CryptExe";"Deleted"
"C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP99\A0025318.exe";"Trojan horse Generic5.HEW";"Moved to Virus Vault"
"C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP82\A0020352.exe";"Trojan horse Generic10.ABPB";"Moved to Virus Vault"
"C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP77\A0016260.exe";"Trojan horse BackDoor.Generic9.SCU";"Moved to Virus Vault"
"C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP77\A0016133.exe";"Virus found Win32/CryptExe";"Moved to Virus Vault"
"C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP146\A0036983.exe";"Trojan horse Clicker.OXE";"Moved to Virus Vault"
"C:\Program Files\WinRAR\WinRAR.exe";"Trojan horse Clicker.OXE";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\WebcamMaxv4[1].2.1.4-patch.rar:\WebcamMaxv4.2.1.4-patch.exe";"Virus identified Win32/Delf.2.K";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\WebcamMaxv4[1].2.1.4-patch.rar";"Virus identified Win32/Delf.2.K";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\magiciso 5.5.259.rar:\patch.exe";"Trojan horse BackDoor.Generic9.SCU";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\My Documents\Applications\magiciso 5.5.259.rar";"Trojan horse BackDoor.Generic9.SCU";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.f2c8d936";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.e0ebdba8";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.dc501518";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.d0ddedf8";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.ae85bc51";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.9720f220";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.85ff269a";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.7b77be84";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.781ea4c2";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.5bc05ef6";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.5359093f";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.3f84b34d";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\hitbox.com.bbf2a6e8";"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\hitbox.com.2b95f8a3";"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.73228263";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.484dbb69";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.ebd2f9d9";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.daff51cb";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.a5d5c7aa";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.87e31e2e";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.73baf294";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.71faa69c";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.71b82370";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.69091047";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.62c3f44e";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.5e709ba4";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.46966b5f";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.2ba8dd8c";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.2a1738fe";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\statcounter.com.1ebb0bd";"Found Tracking cookie.Statcounter";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\clickbank.net.82079eb1";"Found Tracking cookie.Clickbank";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\adrenaline.cz.e8b8beb6";"Found Tracking cookie.Adrenaline";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.e759e8e0";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.d2aa96c8";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.ae6e14c4";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.39bc6776";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.23a940be";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt:\2o7.net.1a6a6c0d";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt";"Found Tracking cookie.2o7";"Healed"

-------------------------------

KAspersky:

QUOTE

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 27, 2008 19:20:32
Records in database: 1151835
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 99763
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:33:33

File name / Threat name / Threats count
C:\Program Files\WinRAR\WinRAR.exe Infected: Backdoor.Win32.Ceckno.cup 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP152\A0037828.exe Infected: Backdoor.Win32.Ceckno.cup 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP85\A0021500.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1

The selected area was scanned.

---------------------------

Daft:

QUOTE

DAFT Log saved on 2008-08-27 16:28:52
-----------------------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

--------------------

Hijackthis:

QUOTE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:57 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 8600 bytes

--------------

my computer stills run the same. programs are kinda slow, freeze and my fans are running ridiculously loud.

farbar

Aug 27 2008, 05:00 PM

A deeper look into your log shows the traces of one or more backdoor trojans.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though some of the trojans might have been removed, because of their backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still try to search and if found clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to go on with checking and removing the infection please move on to the following steps.

Removal Instructions

Please empty AVG 8 quarantine/Virus Vault folder.
If you can not find the following file make sure that you can view all hidden files make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows

Click on this link--> virustotal

Click the browse button and navigate to the file below in bold, then click Send File.

C:\Program Files\WinRAR\WinRAR.exe

Please copy and paste the results of the scan in your next post.
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
- Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
- Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan tab" and UNcheck "Heuristic analysis"
- Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
- Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
- When done, a message will be displayed at the bottom advising if any viruses were found.
- Click "Yes to all" if it asks if you want to cure/move the file.
- When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
- Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
- Double click SDFix.exe and it will extract the files to %systemdrive%
- (this is the drive that contains the Windows Directory, typically C:\SDFix).
- DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
- Copy and paste the contents of the results file Report.txt in your next reply.
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply:

The scan results of Virustotal.
The DrWeb log.
SDfix log.
Both the RSIT logs.

qpnguyen

Aug 31 2008, 01:03 AM

Virustotal:

QUOTE

MD5: 8dcbc42ece24447ae0aaf09ca2d069ec
First received: 08.27.2008 00:31:33 (CET)
Date: 08.28.2008 18:17:40 (CET) [>2D]
Results: 1/35
Permalink: analisis/f92323774dcfefd9e3078ce35afec10d

------------------------

Drweb:

QUOTE

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Quoc Nguyen\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Quoc Nguyen\Desktop;Archive contains infected objects;Moved.;
8F2ABEC4d01\SDFix\apps\Process.exe;C:\Documents and Settings\Quoc Nguyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\Cache\8F2ABEC4d;Tool.Prockill;;
8F2ABEC4d01;C:\Documents and Settings\Quoc Nguyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\Cache;Archive contains infected objects;Moved.;
data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data007;Adware.Yassist.21;;
data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Archive contains infected objects;;
data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data016;Adware.Yassist.origin;;
data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Archive contains infected objects;;
data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data045\data002;Adware.Cdn;;
data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data045\data002;Adware.Cdn;;
data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013\data045;Archive contains infected objects;;
data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Archive contains infected objects;;
data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe\data013;Adware.Cdn;;
data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108\A0033060.exe;Archive contains infected objects;;
A0033060.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP108;Archive contains infected objects;Moved.;
data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data007;Adware.Yassist.21;;
data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Archive contains infected objects;;
data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data016;Adware.Yassist.origin;;
data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Archive contains infected objects;;
data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data045\data002;Adware.Cdn;;
data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data045\data002;Adware.Cdn;;
data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013\data045;Archive contains infected objects;;
data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Archive contains infected objects;;
data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe\data013;Adware.Cdn;;
data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59\A0011459.exe;Archive contains infected objects;;
A0011459.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP59;Archive contains infected objects;Moved.;
data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data007;Adware.Yassist.21;;
data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Archive contains infected objects;;
data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data016;Adware.Yassist.origin;;
data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Archive contains infected objects;;
data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data045\data002;Adware.Cdn;;
data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data045\data002;Adware.Cdn;;
data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013\data045;Archive contains infected objects;;
data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Archive contains infected objects;;
data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe\data013;Adware.Cdn;;
data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015090.exe;Archive contains infected objects;;
A0015090.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65;Archive contains infected objects;Moved.;
data007\yhelper.dll;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data007;Adware.Yassist.21;;
data007;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Archive contains infected objects;;
data016\sremove.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data016;Adware.Yassist.origin;;
data016;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Archive contains infected objects;;
data002\data001;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data045\data002;Adware.Cdn;;
data002\data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data045\data002;Adware.Cdn;;
data002;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013\data045;Archive contains infected objects;;
data045;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Archive contains infected objects;;
data013\data049;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe\data013;Adware.Cdn;;
data013;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79\A0017677.exe;Archive contains infected objects;;
A0017677.exe;C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP79;Archive contains infected objects;Moved.;

-------------------------

SDfix:

QUOTE

SDFix: Version 1.220
Run by Quoc Nguyen on Sun 08/31/2008 at 01:41 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 01:49:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:f8,5c,7b,12,c8,a9,69,53,ce,b9,00,f5,ca,40,22,b7,f9,ff,ee,fd,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:1c,35,10,4b,61,0a,19,34,aa,34,b7,5a,7d,ff,01,5e,a8,43,10,d4,58,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:f8,5c,7b,12,c8,a9,69,53,ce,b9,00,f5,ca,40,22,b7,f9,ff,ee,fd,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:1c,35,10,4b,61,0a,19,34,aa,34,b7,5a,7d,ff,01,5e,a8,43,10,d4,58,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe:*:Enabled:GOGOBOX????Daemon"
"C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"="C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe:*:Enabled:gogobox???????"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:PaltalkScene"
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe"="C:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe:*:Enabled:TubeHunter Ultra"
"C:\\WINDOWS\\system32\\fscagent.exe"="C:\\WINDOWS\\system32\\fscagent.exe:*:Enabled:???? ???? ??"
"C:\\WINDOWS\\system32\\clubbox.exe"="C:\\WINDOWS\\system32\\clubbox.exe:*:Enabled:†ªú'1£«§ ‘„…‹…¬– ø,r…£"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\GridService\\peer.exe"="C:\\Program Files\\GridService\\peer.exe:*:Enabled:muse peer"
"C:\\Program Files\\SuperTV\\supernettv.exe"="C:\\Program Files\\SuperTV\\supernettv.exe:*:Enabled:supernettv"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

Files with Hidden Attributes :

Tue 29 Jul 2008 4,840,736 A..H. --- "C:\Documents and Settings\Quoc Nguyen\Desktop\KellyBrook_Cal_2008.zip"
Tue 29 Jul 2008 22,539,412 A..H. --- "C:\Documents and Settings\Quoc Nguyen\Desktop\PbGWG_2008.zip"
Fri 14 Sep 2007 1,323,008 A..H. --- "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015091.exe"
Tue 19 Jun 2007 50,688 A..H. --- "C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP65\A0015092.exe"
Sat 14 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 29 Jul 2008 79,226,396 A..H. --- "C:\Documents and Settings\Quoc Nguyen\Desktop\Sofia Webber\10336_Sofia_Webber.zip"

Finished!

--------------------------

Rsit logs:

INfo

QUOTE

info.txt logfile of random's system information tool 2008-08-31 01:59:27

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7e41
ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Counter-Strike: Source-->C:\Program Files\Counter-Strike Source\Uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
File Splitter and Joiner (FFSJ v3.3)-->"C:\WINDOWS\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.97-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Megaupload Toolbar-->C:\Program Files\MegauploadToolbar\uninstall.exe
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
middle_man-->"C:\PROGRA~1\AIM\UninstallMM.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenMG Limited Patch 4.1-05-13-31-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins001.exe" /Log
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Structure Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E715FA41-46EB-4D3F-B4D9-A45973E76026}\setup.exe" -l0x9
VeohProxy-->C:\Program Files\VeohProxy\uninstall.exe
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft iPod Rip-->C:\Program Files\Xilisoft\iPod Rip\Uninstall.exe

Hosts File

127.0.0.1 localhost

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

-----------------EOF-----------------

Log:

QUOTE

Logfile of random's system information tool (written by random/random)
Run by Quoc Nguyen at 2008-08-31 01:59:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 35 GB (6%) free of 604 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:24 AM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Quoc Nguyen\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Quoc Nguyen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 8233 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-13 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2008-08-04 1947080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-15 352256]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2008-08-04 1947080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-04-13 88363]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-10 344064]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-08-12 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-11-29 2748928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-08 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-08 126976]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2007-10-04 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe [2004-07-16 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
C:\PROGRA~1\PALTAL~1\paltalk.exe [2008-05-08 10452992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-05-27 547840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-08 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NextLink\GOGOBOX\gfscagent.exe"="C:\Program Files\NextLink\GOGOBOX\gfscagent.exe:*:Enabled:GOGOBOX????Daemon"
"C:\Program Files\NextLink\GOGOBOX\gogobox.exe"="C:\Program Files\NextLink\GOGOBOX\gogobox.exe:*:Enabled:gogobox???????"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Neoretix\TubeHunter Ultra\TubeHunter.exe"="C:\Program Files\Neoretix\TubeHunter Ultra\TubeHunter.exe:*:Enabled:TubeHunter Ultra"
"C:\WINDOWS\system32\fscagent.exe"="C:\WINDOWS\system32\fscagent.exe:*:Enabled:???? ???? ??"
"C:\WINDOWS\system32\clubbox.exe"="C:\WINDOWS\system32\clubbox.exe:*:Enabled:å¬·´¹ú½º æäàïàü¼û °ü¸®àú"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\GridService\peer.exe"="C:\Program Files\GridService\peer.exe:*:Enabled:muse peer"
"C:\Program Files\SuperTV\supernettv.exe"="C:\Program Files\SuperTV\supernettv.exe:*:Enabled:supernettv"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

List of files/folders created in the last three months

2008-08-31 01:59:14 ----D---- C:\rsit
2008-08-31 01:37:31 ----D---- C:\WINDOWS\ERUNT
2008-08-31 01:33:29 ----D---- C:\SDFix
2008-08-30 21:30:27 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-27 13:40:02 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-27 13:40:01 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\EmailNotifier
2008-08-27 13:39:59 ----D---- C:\Program Files\MegauploadToolbar
2008-08-27 13:39:59 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\MegauploadToolbar
2008-08-27 13:34:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-08-25 21:29:34 ----D---- C:\WINDOWS\SxsCaPendDel
2008-08-25 20:42:29 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Malwarebytes
2008-08-25 20:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 20:42:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 16:07:59 ----A---- C:\WINDOWS\system32\lvci11801048.dll
2008-08-24 16:06:58 ----D---- C:\Program Files\Logitech
2008-08-24 13:25:04 ----HD---- C:\$AVG8.VAULT$
2008-08-24 13:18:17 ----D---- C:\Program Files\AVG
2008-08-24 13:18:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-21 22:52:37 ----D---- C:\Program Files\Trend Micro
2008-08-19 13:08:18 ----D---- C:\Program Files\iPod
2008-08-18 12:04:02 ----D---- C:\Program Files\VeohProxy
2008-08-15 00:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 00:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 00:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 00:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 00:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 00:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 00:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-07 15:40:43 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\AccurateRip
2008-08-07 15:40:43 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-07 15:40:41 ----D---- C:\Program Files\Illustrate
2008-08-07 01:42:59 ----A---- C:\WINDOWS\avisplitter.INI
2008-08-06 17:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-06 13:25:35 ----D---- C:\WINDOWS\ERDNT
2008-08-06 13:25:27 ----D---- C:\Deckard
2008-08-05 23:45:23 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-08-05 23:45:11 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-08-03 22:14:23 ----A---- C:\WINDOWS\system32\unrar.dll
2008-08-03 22:14:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-08-03 22:14:19 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-08-03 22:14:18 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-08-03 22:14:18 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-03 22:14:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-08-03 22:14:16 ----D---- C:\Program Files\K-Lite Codec Pack
2008-08-03 00:53:19 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Nokia
2008-08-03 00:52:56 ----D---- C:\Nokia
2008-08-01 19:04:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-01 19:04:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-01 19:04:33 ----A---- C:\WINDOWS\system32\java.exe
2008-07-31 02:07:45 ----D---- C:\WINDOWS\system32\FFSJ
2008-07-31 02:07:45 ----A---- C:\WINDOWS\unins000.exe
2008-07-30 20:24:23 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-07-29 15:22:44 ----D---- C:\Program Files\NewsLeecher
2008-07-29 14:41:18 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\NewsLeecher
2008-07-28 23:29:40 ----A---- C:\WINDOWS\Powerplayer.ini
2008-07-28 23:27:41 ----A---- C:\WINDOWS\psnetwork.ini
2008-07-28 23:27:39 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\ppStream
2008-07-28 23:27:35 ----D---- C:\Program Files\SuperTV
2008-07-28 12:22:07 ----D---- C:\Program Files\SpeedFan
2008-07-27 20:51:31 ----D---- C:\Program Files\The Rosetta Stone
2008-07-25 23:37:43 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Atari
2008-07-25 23:32:04 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Leadertech
2008-07-20 16:43:33 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Google
2008-07-18 05:20:32 ----RA---- C:\WINDOWS\system32\clubbox.exe
2008-07-15 17:16:51 ----D---- C:\Program Files\Audacity
2008-07-13 18:07:24 ----D---- C:\Program Files\Alcohol Soft
2008-07-13 17:41:40 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\DAEMON Tools Pro
2008-07-13 17:40:57 ----D---- C:\Program Files\DAEMON Tools Pro
2008-07-11 22:18:09 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\GetRightToGo
2008-07-09 09:39:06 ----D---- C:\Program Files\IObit
2008-07-09 02:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-09 02:09:28 ----D---- C:\Program Files\PCPitstop
2008-07-09 00:49:50 ----D---- C:\Documents and Settings\All Users\Application Data\Grid
2008-07-08 03:05:24 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\InstallShield
2008-07-07 14:34:57 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-07-07 14:34:53 ----D---- C:\Program Files\Registry Mechanic
2008-07-06 21:31:17 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\vlc
2008-07-06 01:49:04 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\SuperNZB
2008-07-04 23:59:36 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\InterVideo
2008-07-04 19:17:37 ----D---- C:\Program Files\Total Video Converter
2008-07-03 20:13:33 ----D---- C:\Program Files\MagicDisc
2008-07-03 20:09:25 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-07-03 20:09:14 ----D---- C:\Program Files\MagicISO
2008-07-02 22:24:51 ----A---- C:\WINDOWS\#1 DVD Ripper.INI
2008-06-30 20:57:13 ----D---- C:\Program Files\SystemRequirementsLab
2008-06-24 01:27:23 ----D---- C:\Program Files\Download Direct
2008-06-23 21:38:19 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\DivX
2008-06-23 15:19:13 ----D---- C:\Program Files\DivX
2008-06-22 21:20:28 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Move Networks
2008-06-22 14:51:32 ----D---- C:\WINDOWS\system32\crc
2008-06-22 03:28:35 ----A---- C:\WINDOWS\system32\fscflist.ini.tmp
2008-06-22 03:28:28 ----A---- C:\WINDOWS\system32\nod.dll
2008-06-22 03:28:00 ----A---- C:\WINDOWS\system32\fscflist.ini
2008-06-22 03:28:00 ----A---- C:\WINDOWS\system32\fscagent.ini.tmp
2008-06-22 03:27:59 ----A---- C:\WINDOWS\system32\fscagent.ini
2008-06-21 02:08:32 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\dvdcss
2008-06-20 15:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-17 12:17:50 ----D---- C:\Program Files\Counter-Strike Source
2008-06-15 21:34:06 ----D---- C:\Program Files\Xilisoft
2008-06-15 21:00:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-15 21:00:37 ----D---- C:\Program Files\Common Files\Adobe
2008-06-15 08:09:04 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Help
2008-06-15 05:22:49 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\AdobeUM
2008-06-15 02:26:44 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Nexon
2008-06-15 02:24:59 ----D---- C:\Program Files\Common Files\INCA Shared
2008-06-14 23:49:05 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Paltalk
2008-06-14 23:49:01 ----D---- C:\WINDOWS\PaltalkScene
2008-06-14 23:49:01 ----D---- C:\Program Files\Paltalk Messenger
2008-06-14 23:48:38 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2008-06-14 23:45:08 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-06-14 23:44:57 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2008-06-14 23:44:57 ----A---- C:\WINDOWS\system32\LVUI2.dll
2008-06-14 23:44:57 ----A---- C:\WINDOWS\system32\lvcodec2.dll
2008-06-14 23:44:15 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2008-06-14 23:44:15 ----A---- C:\WINDOWS\system32\lvci1150.dll
2008-06-14 23:42:09 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-06-14 23:42:03 ----D---- C:\Program Files\Common Files\LogiShrd
2008-06-14 23:42:01 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-14 23:12:35 ----D---- C:\Program Files\Apple Software Update
2008-06-14 20:40:01 ----D---- C:\Program Files\GetData
2008-06-14 16:50:59 ----D---- C:\Logs
2008-06-14 15:38:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-14 15:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-06-14 15:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-06-14 15:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-06-14 15:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-14 15:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-06-14 14:11:55 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\FFSJ
2008-06-14 11:04:28 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 10:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-06-14 10:46:11 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-06-14 10:46:07 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-06-14 10:45:53 ----D---- C:\Program Files\Windows Media Connect 2
2008-06-14 10:45:45 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-06-14 10:45:20 ----D---- C:\0705733c325efe18c8fcbe233ad79f6e
2008-06-14 10:45:03 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-06-14 10:44:39 ----D---- C:\9d3f053b841646cb95fedc4b6370
2008-06-14 10:44:27 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-06-14 10:43:55 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-13 23:17:53 ----D---- C:\Program Files\Common Files\xing shared
2008-06-13 23:17:31 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-06-13 23:17:08 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-06-13 23:17:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-06-13 23:17:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-06-13 23:16:56 ----D---- C:\Program Files\Common Files\Real
2008-06-13 23:16:46 ----D---- C:\Program Files\Real
2008-06-13 23:15:29 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Real
2008-06-13 23:13:33 ----D---- C:\Program Files\RealPlayer v 11 0 0 372 Plus
2008-06-13 22:51:02 ----D---- C:\Program Files\NextLink
2008-06-13 20:13:07 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Macromedia
2008-06-13 20:11:24 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Sony Corporation
2008-06-13 20:11:02 ----SD---- C:\Documents and Settings\Quoc Nguyen\Application Data\Microsoft
2008-06-13 20:11:02 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Identities
2008-06-13 20:11:02 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Adobe
2008-06-13 20:11:02 ----ASH---- C:\Documents and Settings\Quoc Nguyen\Application Data\desktop.ini
2008-06-13 18:48:15 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Auslogics
2008-06-13 18:48:09 ----D---- C:\Program Files\Auslogics
2008-06-13 18:40:36 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Apple Computer
2008-06-13 18:40:23 ----D---- C:\Program Files\iTunes
2008-06-13 18:39:49 ----D---- C:\Program Files\QuickTime
2008-06-13 18:39:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-13 18:39:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-06-13 18:39:10 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-13 18:33:01 ----D---- C:\WINDOWS\Sun
2008-06-13 18:33:01 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Sun
2008-06-13 18:18:20 ----D---- C:\WINDOWS\system32\LogFiles
2008-06-13 18:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-06-13 18:01:50 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-06-13 18:01:46 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-06-13 18:01:46 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-06-13 18:01:44 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-06-13 18:01:43 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-06-13 18:01:43 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-06-13 18:01:39 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-06-13 18:01:38 ----A---- C:\WINDOWS\system32\uniime.dll
2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-06-13 18:01:34 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-06-13 18:01:33 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-06-13 18:01:33 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-06-13 18:01:31 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-06-13 18:01:30 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2008-06-13 18:01:30 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-06-13 18:01:30 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-06-13 18:01:28 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-06-13 17:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-06-13 17:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-06-13 17:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-06-13 17:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-06-13 17:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-06-13 17:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-06-13 17:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-06-13 17:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-06-13 17:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-06-13 17:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-06-13 17:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-06-13 17:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-06-13 17:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-06-13 17:50:37 ----D---- C:\WINDOWS\ie7updates
2008-06-13 17:50:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 17:50:18 ----D---- C:\WINDOWS\WBEM
2008-06-13 17:50:17 ----D---- C:\WINDOWS\system32\en-US
2008-06-13 17:49:22 ----HDC---- C:\WINDOWS\ie7
2008-06-13 17:49:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-06-13 17:48:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-06-13 17:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-06-13 17:48:37 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-06-13 17:47:57 ----A---- C:\WINDOWS\system32\MRT.exe
2008-06-13 17:47:54 ----D---- C:\WINDOWS\network diagnostic
2008-06-13 17:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-06-13 17:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-06-13 17:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-06-13 17:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-06-13 17:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-06-13 17:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-06-13 17:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-06-13 17:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-06-13 17:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-06-13 17:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-06-13 17:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-06-13 17:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-06-13 17:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-06-13 17:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-06-13 17:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-06-13 17:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-06-13 17:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-06-13 17:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-06-13 17:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-06-13 17:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-13 17:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-06-13 17:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-06-13 17:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-06-13 17:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-06-13 17:44:02 ----D---- C:\Program Files\uTorrent
2008-06-13 17:44:00 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\uTorrent
2008-06-13 17:43:58 ----D---- C:\Program Files\eMule
2008-06-13 17:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-06-13 17:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-06-13 17:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-06-13 17:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-06-13 17:43:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-06-13 17:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-06-13 17:43:13 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-06-13 17:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-06-13 17:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-06-13 17:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-06-13 17:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-06-13 17:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-06-13 17:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-06-13 17:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-06-13 17:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-06-13 17:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-13 17:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-06-13 17:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-06-13 17:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-13 17:41:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-06-13 17:41:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-06-13 17:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-06-13 17:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-06-13 17:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-06-13 17:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-06-13 17:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 17:41:13 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-06-13 17:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-06-13 17:41:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-06-13 17:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-06-13 17:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-06-13 17:40:53 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-06-13 17:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-06-13 17:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-06-13 17:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-06-13 17:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-06-13 17:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-13 17:40:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-06-13 17:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-06-13 17:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-06-13 17:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-06-13 17:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-06-13 17:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-06-13 17:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-06-13 17:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-06-13 17:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-06-13 17:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-06-13 17:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-06-13 17:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-06-13 17:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-06-13 17:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-06-13 17:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-06-13 17:36:55 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\ATI
2008-06-13 17:36:55 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-13 17:28:29 ----D---- C:\Program Files\Veoh Networks
2008-06-13 17:26:16 ----D---- C:\WINDOWS\Downloaded Installations
2008-06-13 17:24:58 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Aim
2008-06-13 17:24:49 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-13 17:23:51 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-06-13 17:23:08 ----D---- C:\Program Files\middle_man
2008-06-13 17:22:29 ----D---- C:\Program Files\AOD
2008-06-13 17:22:27 ----D---- C:\Program Files\AIM
2008-06-13 17:15:38 ----D---- C:\Program Files\VideoLAN
2008-06-13 17:13:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-06-13 17:12:46 ----D---- C:\WINDOWS\system32\PreInstall
2008-06-13 17:12:46 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-06-13 17:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-06-13 17:09:27 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-06-13 17:09:27 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-06-13 17:09:24 ----D---- C:\Program Files\Winamp
2008-06-13 17:09:24 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Winamp
2008-06-13 17:08:49 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Media Player Classic
2008-06-13 17:08:46 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\WinRAR
2008-06-13 17:08:36 ----D---- C:\Program Files\WinRAR
2008-06-13 17:07:52 ----D---- C:\WINDOWS\pss
2008-06-13 17:06:57 ----D---- C:\Program Files\ATI
2008-06-13 17:06:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-06-13 17:06:04 ----D---- C:\WINDOWS\system32\Adobe
2008-06-13 17:05:55 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-06-13 17:04:58 ----D---- C:\ATI
2008-06-13 16:54:29 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-06-13 16:42:19 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\InterMute
2008-06-13 16:35:48 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla
2008-06-13 16:30:47 ----D---- C:\Documents and Settings\Quoc Nguyen\Application Data\Symantec
2008-06-13 16:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-13 16:29:24 ----A---- C:\WINDOWS\system32\ssmute.ini
2008-06-13 16:29:23 ----D---- C:\Program Files\InterMute
2008-06-13 16:29:08 ----D---- C:\Program Files\MoodLogic
2008-06-13 16:27:10 ----D---- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-06-13 16:26:51 ----D---- C:\Program Files\Mozilla Firefox
2008-06-13 16:25:35 ----D---- C:\Program Files\Quicken
2008-06-13 16:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-13 16:25:01 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-06-13 16:24:58 ----D---- C:\Program Files\InterVideo
2008-06-13 16:23:56 ----A---- C:\WINDOWS\ODBC.INI
2008-06-13 16:23:52 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-06-13 16:22:13 ----D---- C:\Program Files\Microsoft Office
2008-06-13 16:21:36 ----D---- C:\Program Files\Microsoft Works
2008-06-13 16:18:22 ----D---- C:\Program Files\Sonic
2008-06-13 16:16:41 ----A---- C:\WINDOWS\system32\CDDBUI.dll
2008-06-13 16:16:41 ----A---- C:\WINDOWS\system32\CDDBControl.dll

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 catchme;catchme; \??\C:\DOCUME~1\QUOCNG~1\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-11-29 2319808]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 a94wxsyu;a94wxsyu; C:\WINDOWS\system32\drivers\a94wxsyu.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-04-13 1266380]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-08-12 113664]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-08 804572]
S3 krait03;Razer krait USB Filter Driver; C:\WINDOWS\System32\Drivers\krait.sys [2005-12-07 13324]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-05 658432]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-01-14 1839104]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-01-14 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-01-14 745472]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-01-14 188416]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

farbar

Aug 31 2008, 08:21 AM

Note 1: It seems you have run DrWeb after downloading SDfix. SDFix should have been downloaded, extracted and run after applying DrWeb. Please follow the steps as they are written.

Note 2: Please copy/paste the logs instead of using quotes.

Please remove DrWeb from your desktop. Running it again might interfere with the proper working or proper uninstallation of Combofix.
Turn off Windows automatic updates as it might lead to unexpected results at this stage:
- Go to start -> Control Panel -> double-click System to open it.
- Go to the Automatic Updates tab.
- Select the "Turn off Automatic Updates" box.
- Click Apply and then OK.
- Important: Reboot.
Go to start - Run type eventvwr press enter.
Open the logbooks and look for recent logged errors specifically under Application and System. To do that:
- Click the Application in the left pane, double click the recent events in the right pane one by one to see which one is related to the explorer. Copy and paste the related logs to your reply.
- Click the System in the left pane, double click the recent events in the right pane one by one to see which one is related to the explorer. Copy and paste the related logs to your reply.
- If there are other recent errors please copy/paste them too.
Please tell me if you recognize these files/folder on your desktop (they are hidden):

"C:\Documents and Settings\Quoc Nguyen\Desktop\KellyBrook_Cal_2008.zip"
"C:\Documents and Settings\Quoc Nguyen\Desktop\PbGWG_2008.zip"
"C:\Documents and Settings\Quoc Nguyen\Desktop\Sofia Webber\10336_Sofia_Webber.zip"
Tell me if you are aware of running fscagent.exe form Nowcom Co., Ltd. Acompany in South Corea. This process has firewall permission to download and upload packets. This is what I have found on the this:

"The process FSCAgent Service program belongs to the software FSCAgent by Nowcom Co., Ltd."

"Description: File fscagent.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 155648 bytes (69% of all occurrence), 110592 bytes, 106496 bytes, 159744 bytes.
The program is not visible. fscagent.exe is an unknown file in the Windows folder. File fscagent.exe is not a Windows system file. Program listens for or sends data on open ports to LAN or Internet. fscagent.exe is able to record inputs. Therefore the technical security rating is 70% dangerous."

Source: http://www.file.net/process/fscagent.exe.html
I see from the logs Megaupload Toolbar is installed on your computer:

This program is known to be related to spyware. You may read more Megaupload Toolbar here http://www.castlecops.com/tk30914-Megaupload_Toolbar.html

To uninstall Megaupload Toolbar:

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon.
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Megaupload Toolbar

Also remove the folder in bold: C:\Program Files\Megaupload Toolbar
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully.

You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Instruction to install Recovery Console :

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Drag the setup package onto ComboFix.exe and drop it.
- Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
- At the next prompt, click 'Yes' to run the full ComboFix scan.
- When the tool is finished, it will produce a report for you.
Please copy and paste the content of C:\ComboFix.txt for further review.
Please copy and paste a fresh Hijackthis log to your reply and tell about how it went.

In your next reply:

Tell me about those files and service.
The Combofix log.
A fresh Hijackthis log.

qpnguyen

Sep 6 2008, 07:32 PM

3.

many errors from Applications say the same description:

QUOTE

Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x0529ceb0.

i couldn't find any errors from System that is related to explorer.exe

the earliest error i got was when i tried to log into my window's xp user profile. i gotten a message that said my user setting could not be load.

btw, it takes my computer quiet a while to show the right mouse click menu

-----------

4. yes i recognized those files

-----

5. i am not aware of the program fscagent.exe. but i think i might know wat it is because there is a game had installed once that keyloggs people so they wont hack it. so that might be the keylogger. but im not sure

qpnguyen

Sep 6 2008, 07:49 PM

COMBOfix.txt:

ComboFix 08-09-05.02 - Quoc Nguyen 2008-09-06 20:42:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.615 [GMT -4:00]
Running from: C:\Documents and Settings\Quoc Nguyen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Quoc Nguyen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-06 19:03 . 2008-09-06 19:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-06 19:00 . 2008-09-06 19:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-06 18:54 . 2008-09-06 18:54 <DIR> d-------- C:\WINDOWS\EHome
2008-09-04 21:56 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-04 21:55 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-31 01:59 . 2008-08-31 01:59 <DIR> d-------- C:\rsit
2008-08-31 01:37 . 2008-08-31 01:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-31 01:33 . 2008-08-31 01:51 <DIR> d-------- C:\SDFix
2008-08-30 21:33 . 2008-08-30 21:33 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\DoctorWeb
2008-08-29 13:30 . 2008-08-29 13:30 <DIR> d-------- C:\Documents and Settings\Cuong Nguyen\Application Data\EmailNotifier
2008-08-27 13:40 . 2008-08-27 13:40 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\EmailNotifier
2008-08-27 13:40 . 2008-08-27 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-27 13:34 . 2008-09-06 18:49 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-27 13:34 . 2008-08-30 10:49 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 13:34 . 2008-08-27 13:34 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-27 13:34 . 2008-08-27 13:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-25 21:29 . 2008-08-26 02:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-25 20:42 . 2008-08-25 20:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 20:42 . 2008-08-25 20:42 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\Malwarebytes
2008-08-25 20:42 . 2008-08-25 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-25 20:42 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-25 20:42 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-24 16:09 . 2008-08-24 16:09 <DIR> d-------- C:\Documents and Settings\Cuong Nguyen\Application Data\Leadertech
2008-08-24 16:07 . 2008-07-26 11:25 627,864 --a------ C:\WINDOWS\system32\drivers\lvrs.sys
2008-08-24 16:07 . 2008-07-26 11:23 195,096 --a------ C:\WINDOWS\system32\lvci11801048.dll
2008-08-24 16:06 . 2008-08-24 16:06 <DIR> d-------- C:\Program Files\Logitech
2008-08-24 13:25 . 2008-09-04 22:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-24 13:18 . 2008-08-24 13:18 <DIR> d-------- C:\Program Files\AVG
2008-08-24 13:18 . 2008-08-27 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-21 22:52 . 2008-08-21 22:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-19 13:08 . 2008-08-19 13:08 <DIR> d-------- C:\Program Files\iPod
2008-08-18 12:04 . 2008-08-18 12:04 <DIR> d-------- C:\Program Files\VeohProxy
2008-08-14 15:00 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 15:00 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 15:40 . 2008-08-07 15:40 <DIR> d-------- C:\Program Files\Illustrate
2008-08-07 15:40 . 2008-08-07 15:40 <DIR> d-------- C:\Documents and Settings\Quoc Nguyen\Application Data\AccurateRip
2008-08-07 15:40 . 2008-08-07 15:40 5,052,280 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-07 01:42 . 2008-08-07 01:44 38 --a------ C:\WINDOWS\avisplitter.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 00:06 --------- d-----w C:\Program Files\SpeedFan
2008-09-05 21:42 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\uTorrent
2008-09-05 13:41 --------- d-----w C:\Program Files\eMule
2008-08-27 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-08-26 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 01:32 --------- d-----w C:\Program Files\Sony
2008-08-26 00:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 20:09 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-08-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-24 17:06 --------- d-----w C:\Program Files\Java
2008-08-24 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-23 04:55 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\dvdcss
2008-08-19 22:28 --------- d-----w C:\Program Files\Apple Software Update
2008-08-19 17:08 --------- d-----w C:\Program Files\iTunes
2008-08-17 23:33 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Move Networks
2008-08-14 21:26 --------- d-----w C:\Program Files\Winamp
2008-08-10 10:31 --------- d-----w C:\Program Files\uTorrent
2008-08-07 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-08-06 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-06 03:45 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-05 04:38 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\DivX
2008-08-05 00:01 --------- d-----w C:\Program Files\DivX
2008-08-04 02:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-03 04:53 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Nokia
2008-08-02 02:11 131 ----a-w C:\Iotmrd.sys
2008-07-31 06:11 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\FFSJ
2008-07-31 06:07 794,906 ----a-w C:\WINDOWS\unins000.exe
2008-07-30 02:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-30 02:56 --------- d-----w C:\Program Files\Paltalk Messenger
2008-07-30 02:56 --------- d-----w C:\Program Files\MagicISO
2008-07-30 02:56 --------- d-----w C:\Program Files\Counter-Strike Source
2008-07-30 02:56 --------- d-----w C:\Program Files\AIM
2008-07-29 19:33 --------- d-----w C:\Program Files\NewsLeecher
2008-07-29 19:32 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\NewsLeecher
2008-07-29 03:27 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\ppStream
2008-07-27 02:06 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Atari
2008-07-26 15:26 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll
2008-07-26 15:26 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll
2008-07-26 15:26 41,752 ----a-w C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-07-26 15:23 416,280 ----a-w C:\WINDOWS\system32\lvcodec2.dll
2008-07-26 15:22 2,570,520 ----a-w C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-07-26 15:22 13,848 ----a-w C:\WINDOWS\system32\drivers\lv302af.sys
2008-07-26 14:46 25,974 ----a-w C:\WINDOWS\system32\Repository.reg
2008-07-26 12:25 25,624 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2008-07-26 11:44 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg
2008-07-26 11:44 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg
2008-07-26 11:44 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg
2008-07-26 11:44 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg
2008-07-26 03:32 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Leadertech
2008-07-24 01:32 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Paltalk
2008-07-20 20:42 --------- d-----w C:\Program Files\Google
2008-07-20 13:37 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\Winamp
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 09:20 1,540,096 ----a-r C:\WINDOWS\system32\clubbox.exe
2008-07-15 21:16 --------- d-----w C:\Program Files\Audacity
2008-07-13 22:26 --------- d-----w C:\Program Files\Total Video Converter
2008-07-13 22:07 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-13 22:02 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-13 22:02 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-07-13 21:48 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\DAEMON Tools Pro
2008-07-12 02:19 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\GetRightToGo
2008-07-09 13:39 --------- d-----w C:\Program Files\IObit
2008-07-09 06:09 --------- d-----w C:\Program Files\PCPitstop
2008-07-09 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grid
2008-07-08 07:05 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\InstallShield
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 01:31 --------- d-----w C:\Documents and Settings\Quoc Nguyen\Application Data\vlc
2008-07-07 01:23 --------- d-----w C:\Program Files\VideoLAN
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 07:28 77,824 ----a-w C:\WINDOWS\system32\nod.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 126976]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 C:\WINDOWS\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=C:\Documents and Settings\Quoc Nguyen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=C:\WINDOWS\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Quoc Nguyen^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Quoc Nguyen\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
--a------ 2007-10-04 18:38 307200 C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
--a------ 2004-07-16 15:17 53248 C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 17:15 2407184 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 2828184 C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a------ 2003-04-20 01:08 28672 C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NextLink\\GOGOBOX\\gfscagent.exe"=
"C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 76040]
R3 LVRS;Logitech RightSound Filter Driver;C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 krait03;Razer krait USB Filter Driver;C:\WINDOWS\system32\Drivers\krait.sys [2005-12-07 13324]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 20:44:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-06 20:46:50
ComboFix-quarantined-files.txt 2008-09-07 00:46:42

Pre-Run: 22,145,372,160 bytes free
Post-Run: 22,226,591,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

257 --- E O F --- 2008-09-07 00:03:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:37 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

--
End of file - 7689 bytes

qpnguyen

Sep 6 2008, 07:50 PM

the recovery went smooth. but when the program first ran. i had an error sayin something abt i didn't have permission

farbar

Sep 7 2008, 07:22 AM

QUOTE(qpnguyen @ Sep 7 2008, 02:50 AM)

the recovery went smooth. but when the program first ran. i had an error sayin something abt i didn't have permission

Could have been helpful if you have noted down or made a screenshot of the error.

We have run many top scanners. The problem with explorer and slowness doesn't seem to be malware related. So we give it a try now to see if it makes a difference. Please after doing the steps describe the current condition of your computer.

For your information both fscagent.exe and clubbox.exe belong to Clubbox a file transfer manger.

To do this step you need to write down, print or save the instruction to a text file as you don't have access to this web page when you go into the safe mode.
- Download CWShredder from here to its own folder.
  Open CWShredder.exe and click the Check For Update button.
  After downloading any necessary update, please close the program.
- Now reboot into Safe Mode.
  This can be done tapping the F8 key as soon as you start your computer
  You will be brought to a menu where you can choose to boot into safe mode.
  Make sure you choose the option without networking support.
- Now run CWShredder again, by doubling clicking on the program you downloaded earlier.
  Click "Fix" and then "Next", let it fix everything it asks about.
  After the tool has finished, reboot your computer into normal windows.
We have to clean the changes made to the view of console files on your profile.
- Go to start > run and type eventvwr then press Enter.
- The Event Viewer window pops up. Under File menu click Options....
- Click Delete Files then Apply and confirm deleting.
- Click OK and close the Event Viewer.
Download AutoRuns from http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
- Click Options menu > Check Hide Microsoft Entries.
- Press F5 or click the Refresh Icon. It hides the Microsoft entries.
- Click on the Explorer Tab.
- Uncheck all items in this list.
- Exit Autoruns.
- Reboot and see how Windows Explorer is doing.
When your computer is slow or freezes please open Task Manager (Ctrl+Alt+Del). Note under Application tab if an application is not responding. Note under Processes tab which process has a high CPU usage.
Please post a fresh Hijackthis log.

Please post in your next reply:

Give me feedback about those steps and describe the current condition of you computer.
A fresh Hijackthis log.

qpnguyen

Sep 8 2008, 10:05 PM

after Cwshredder was done running it said, "Coolwebsearch was not found on this system"

after doing all of this my computer fans are still running loud. and the only application that uses a lot of my cpu ia firefox but im using 2.0. which before didn't make my fan spin so fast.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:43 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 7770 bytes

farbar

Sep 9 2008, 02:59 PM

Note that the error messages and notifications might be key to the solution of the problem and must be attended to. The more feedback you can provide the easier to understand what is going on.

It seems the test with Autoruns didn't worked. We need te reverse the changes.
- Click Options menu > Check Hide Microsoft Entries.
- Press F5 or click the Refresh Icon. It hides the Microsoft entries.
- Click on the Explorer Tab.
- Check All items in this List.
- Exit Autoruns.
Double-click ATF-Cleaner.exe to run the program.
- Under Main "Select Files to Delete" choose: Select All.
- Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
  If you would like to keep your saved passwords, please click No at the prompt.
- Close the too.
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- In the Main Menu, click the Preferences... button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
  - Close browsers before scanning.
  - Scan for tracking cookies.
  - Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
  - Click Preferences, then click the Statistics/Logs tab.
  - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  - Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
When the Firefox is running and the computer is slow:
- Open Task Manager. Under Processes note the amount of CPU usage.
- In Firefox go to Tools menu and select Add-ons.
- Select the extensions one by one and press Disable until you have disabled all the Add-ons.
- Close Firefox and then open it again.
- Open Task manager and note down the CPU usage. Please post the results
Please copy/paste a fresh Hijackthis log.

qpnguyen

Sep 14 2008, 11:02 AM

SUPERANITSPYWARE:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2008 at 10:07 AM

Application Version : 4.21.1004

Core Rules Database Version : 3566
Trace Rules Database Version: 1554

Scan type : Complete Scan
Total Scan Time : 00:58:01

Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 4981
Registry threats detected : 0
File items scanned : 95924
File threats detected : 90

Adware.Tracking Cookie
.statcounter.com [ C:\Documents and Settings\Cuong Nguyen\Application Data\Mozilla\Firefox\Profiles\x1jcaeoe.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Cuong Nguyen\Application Data\Mozilla\Firefox\Profiles\x1jcaeoe.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Cuong Nguyen\Application Data\Mozilla\Firefox\Profiles\x1jcaeoe.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cuong Nguyen\Application Data\Mozilla\Firefox\Profiles\x1jcaeoe.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Cuong Nguyen\Application Data\Mozilla\Firefox\Profiles\x1jcaeoe.default\cookies.txt ]
.ehg-veohnetworksinc.hitbox.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.adrenaline.cz [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.warezscene.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.warezscene.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.warezscene.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.warezscene.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.warezscene.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.warezgen.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.warezgen.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.warezgen.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.warezgen.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.mediafire.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.cleanadulthost.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.cleanadulthost.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.cleanadulthost.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.pornbb.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.pornbb.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.pornbb.org [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
goclicks.co.uk [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.altastat.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.webmasterplan.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.webmasterplan.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.usenext.de [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
www.usenext.de [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.incisivemedia.112.2o7.net [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.clickz.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
.clickz.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Quoc Nguyen\Application Data\Mozilla\Firefox\Profiles\cq6wvrr8.default\cookies.txt ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:07 PM, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7980 bytes

farbar

Sep 15 2008, 12:32 PM

SAS didn't find anything but a bunch of cookies. Are you sure you run ATF cleaner before running SAS?

Anyway your log looks clean and your problem doesn't seem malware related anymore.

Uninstall MBAM from Add/Remove programs and download the latest version from MajorGeeks. Update and run a quick scan. The previous version had a bug which is corrected now and you need to run the new version to correct a security related registry entry.
Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Remove also SDfix and this folder: C:\SDfix

In order to reduce the possible infection in the future, you may follow the following steps:

First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

To set a new restore point:
- Go to Start > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
- Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
To remove the old restore points:
- Go to Start > Run then type: Cleanmgr in the box and click "OK".
- You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
- Click OK and Yes.
Sometimes the Privacy, Security and other settings are altered by the malware. Check and if needed reset them to default:
- Open Internet explorer > Tools menu > Internet options.
- Under privacy tab press default.
- Under security tab press default.
- Under General tab press Delete... then Delete All Check Also delete files and settings stored by Add-ons click Yes.
Use a firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
Click for more information on:Understanding and Using Firewalls

There are several good free programs available like:
Sunbelt-Kerio
Comodo Firewall Pro
Online Armor Free edition
Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has recently released Service Pack 3 which has more features and is more secure than Service Pack 2. You may update your Windows via Windows update.

You can update by going to start > All Programs > Windows update > click on Custom button.
Install Javacools© SpywareBlaster -
SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. You can find more information and a download link here.

If Firefox causing slowness you might first disable the Add-ons and see if you see any difference. If not you can uninstall Firefox, remove all the related folder (use Windows search to find the folders), apply ATF Cleaner and then reinstall Firefox. If still you have problems:

For general Windows XP issues you may start a topic here: Windows XP Home and Professional
For web browsers issues you may start a topic here: Web Browsing/Email and Other Internet Applications

qpnguyen

Sep 15 2008, 09:57 PM

okay, thanks for the help

farbar

Sep 15 2008, 10:25 PM

You are welcome.

This thread will now be closed.
If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.