Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Still Infected With A Virus(s)


  • Please log in to reply
8 replies to this topic

#1 Gideon25

Gideon25

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 20 November 2007 - 05:05 PM

Ok well a little while ago I began to have weird problems with my theme of windows reverting back to the "Windows Classic" look instead of the XP theme. The windows would just change randomly and the screen would refresh and look strange. Also, frequent crashes of:

"Generic Process for W32 Services" with the

szAppname:svchost.exe szModname:msvcrt.dll

After the crash, my soundcard options in control panel would no longer show my sound card. I would reboot and the probems would just seem to happen randomly, THEN I noticed after a reboot that Norton antivirus was no longer in my tray. Also, the services for norton won't run. I checked and apperently some of my norton antivirus files have been deleted. I tried my Spybot S&D but it had also been deleted. When I try to install Spybot S&D the exe file for it is immediately ERASED! Same with Avast free virus scanner. So I try to reboot in SAFEMODE. But my mouse won't work! I could still use my keyboard though so I used windows explorer and installed Spybot S&D, renamed the exe file for it, Ran it and got rid of some spyware. I installed Avast free edition, renamed the main exe for it and let Avast do a Preboot offline scan (it does this automatically) after it updated the definitions. It found and deleted several viruses.I rebooted and ran the online thing here:

http://www.eset.com/onlinescan/scanner.php?i_agree=14

I tried to use SuperAntiSpywareProfessional in normal mode (I can't use it in safemode due to no mouse) but I get a BSOD with "srosa.sys" causing the problem :/ Another virus?

Niblue SpyEraser just showed like 11 infections but won't clean them unless I buy. It shows TrojanDropper.agent.ak and Rat.Psybermind.112. Other software I have used have also shown various other viruses like W32.Bagle and a few others I can't remember but Avast no longer sees anything, wtf? Ad-Aware is not helping either :thumbsup:

Avast no longer finds any viruses and spybot S&D (with the main exe renamed) no longer finds anything. However, I am still having the same problems:

Random windows changing theme/colors, no mouse in safemode, Crash of Generic Hose Process for w32 Services", Unable to normally install Spybot S&D or Avast in normal mode due to the virus erasing the main exe immediately. Please help! ESPECIALLY with the mouse not woring in safemode. I googles and MS says it may have something to do with the mouse entry for safemode getting corrupted in the registry, bit I don't know how to fix it:( It IS a USB mouse (the only mouse I have) BUT I have never had any problems with it before (its a NEW logitech G9 mouse) and I have tried various other USB ports and my powered usb belkin hub but no dice. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:26 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Absolute StartUp\ASMon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\1\2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Absolute StartUp Monitor] C:\Program Files\Absolute StartUp\ASMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Port Mapper.lnk = ?
O4 - Global Startup: SetPointII.lnk = C:\Program Files\Logitech\SetPoint II\SetPointII.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\1\2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\1\2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://H:\setup\RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194768985890
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\PifEng.dll" (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10089 bytes

BC AdBot (Login to Remove)

 


m

#2 Gideon25

Gideon25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 20 November 2007 - 05:53 PM

Please HELP! My folder options just got reset (on there own) to hide hidden files and not show system files.. grrrr!

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:54 PM

Posted 27 November 2007 - 11:55 AM

  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#4 Gideon25

Gideon25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 01 December 2007 - 03:14 AM

Sorry! I have been away for a few days. I was able to get rid of several viruses before the combofix and got another mouse to use during safemode. However I am still getting occassional svchost.exe crashes like I mentioned in my first post and sound is gone and Windows theme goes loopy. I just want to make sure I am getting all the viruses/malware. I did the comboFix and hijackthis in NORMAL mode. Getting to the back of my pc is a pain to connect the ps2 mouse for safemode. Is that ok? Or do I also need to run combofix in safemode as well?

Combofix Log:

ComboFix 07-12-01.2 - Cole 2007-12-01 1:42:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1545 [GMT -6:00]
Running from: C:\Documents and Settings\Cole\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 16754 bytes in 2 streams.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-24 17:18 . 2007-11-24 17:18 103 --a------ C:\WINDOWS\pro.INI
2007-11-24 16:50 . 2007-11-26 00:34 <DIR> d-------- C:\ProcessExplorer
2007-11-24 15:29 . 2007-11-24 17:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-24 15:29 . 2007-11-24 15:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-24 04:20 . 2007-11-24 14:59 <DIR> d-------- C:\Program Files\Error Repair Professional
2007-11-24 04:18 . 2007-11-24 04:18 <DIR> d-------- C:\Program Files\ElcomSoft
2007-11-24 04:18 . 2007-11-24 04:19 789 --a------ C:\WINDOWS\ARPR.INI
2007-11-24 02:58 . 2007-11-24 02:59 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-24 02:57 . 2007-11-24 02:57 <DIR> d--h----- C:\Documents and Settings\Cole\InstallAnywhere
2007-11-24 02:42 . 2007-11-24 02:42 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2007-11-24 02:42 . 2007-11-24 02:42 3,365 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-11-24 02:39 . 2007-11-24 02:39 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2007-11-24 02:39 . 2007-11-24 02:39 8,457 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2007-11-24 02:37 . 2007-11-24 02:37 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\AccurateRip
2007-11-22 22:53 . 2007-11-26 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-22 20:08 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\mIRC
2007-11-22 20:08 . 2007-11-26 00:34 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\mIRC
2007-11-22 03:53 . 2007-11-22 03:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Bitdefender
2007-11-22 02:15 . 2007-11-22 02:15 <DIR> d-------- C:\temp\2PU0ON1A
2007-11-22 02:15 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-11-22 02:11 . 2007-11-26 02:37 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-22 02:11 . 2000-09-07 15:06 1,441,792 --a------ C:\WINDOWS\system32\nspw7.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,429,504 --a------ C:\WINDOWS\system32\nspa6.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,404,928 --a------ C:\WINDOWS\system32\nspm6.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,335,296 --a------ C:\WINDOWS\system32\nspm5.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,318,912 --a------ C:\WINDOWS\system32\nspp6.dll
2007-11-22 02:11 . 2000-09-07 15:05 1,306,624 --a------ C:\WINDOWS\system32\nsppx.dll
2007-11-22 02:11 . 2000-09-07 15:04 114,688 --a------ C:\WINDOWS\system32\nsp.dll
2007-11-22 00:39 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-22 00:39 . 2007-11-22 00:39 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\PC Tools
2007-11-22 00:39 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-22 00:39 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-22 00:39 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-22 00:39 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-22 00:38 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-21 23:49 . 2007-11-21 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2007-11-21 23:49 . 2007-11-21 23:56 16,384 --a------ C:\WINDOWS\system32\ubuntu.exe
2007-11-21 20:29 . 2007-11-21 20:29 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Avanquest
2007-11-21 20:29 . 2007-11-21 20:29 <DIR> d--h----- C:\_Backup
2007-11-21 20:28 . 2007-11-21 20:28 <DIR> d-------- C:\Program Files\Avanquest
2007-11-21 20:17 . 2007-11-21 20:17 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-11-21 19:18 . 2007-11-21 21:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-21 19:18 . 2007-11-21 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-21 18:43 . 2007-12-01 01:46 121 --a------ C:\WINDOWS\bdagent.INI
2007-11-21 18:37 . 2007-11-21 18:37 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Bitdefender
2007-11-21 18:36 . 2007-11-21 19:18 <DIR> d-------- C:\Program Files\BitDefender
2007-11-21 18:29 . 2007-12-01 01:44 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-11-21 18:29 . 2007-12-01 01:44 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-11-21 18:25 . 2007-12-01 01:44 64,900 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 18:25 . 2007-12-01 01:44 54,692 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 18:25 . 2007-12-01 01:44 54,692 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 17:43 . 2007-11-21 17:43 <DIR> d-------- C:\Program Files\Java
2007-11-21 17:43 . 2007-11-21 17:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 17:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-21 17:25 . 2006-12-15 03:09 127,078 --a------ C:\WINDOWS\system32\REN13B.tmp
2007-11-21 17:25 . 2006-12-15 01:31 53,346 --a------ C:\WINDOWS\system32\REN13A.tmp
2007-11-21 17:25 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\REN13C.tmp
2007-11-21 17:25 . 2006-12-15 01:30 49,248 --a------ C:\WINDOWS\system32\REN139.tmp
2007-11-21 15:03 . 2007-11-26 00:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-21 13:51 . 2007-11-21 13:51 37 --a------ C:\WINDOWS\r007
2007-11-21 13:07 . 2007-11-21 13:07 <DIR> d-------- C:\Program Files\Panda Software
2007-11-20 23:40 . 2007-11-11 05:39 223 --ah----- C:\boot.ini.SAB
2007-11-20 23:27 . 2007-11-26 00:34 <DIR> d--hs---- C:\WINDOWS\system32\Sys
2007-11-20 19:52 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-20 19:21 . 2007-11-20 19:21 353,055 --a------ C:\HostsXpert.zip
2007-11-20 19:19 . 2007-11-20 19:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-20 19:19 . 2007-11-20 19:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-20 19:08 . 2007-11-20 19:09 3,014 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-20 18:07 . 2007-11-20 18:07 2,335,270 --a------ C:\WINDOWS\system32\4f1256.mht
2007-11-20 18:07 . 2007-02-28 03:08 2,136,064 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-20 18:07 . 2004-08-03 16:56 708,096 -ra------ C:\WINDOWS\system32\e2a258.tmp
2007-11-20 18:07 . 2004-08-03 15:14 182,912 -ra------ C:\WINDOWS\system32\fc325A.tmp
2007-11-20 18:07 . 2007-11-20 18:07 54,624 --a------ C:\WINDOWS\system32\2ad257.sys
2007-11-20 17:56 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\Multi-ZIP-licity 2.0
2007-11-20 17:56 . 2007-11-20 18:03 676 --a------ C:\WINDOWS\multiziplicity20.ini
2007-11-20 17:45 . 2007-09-21 10:07 317,952 --a------ C:\WINDOWS\Rar.exe
2007-11-20 16:48 . 2007-11-20 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IK Multimedia
2007-11-20 15:03 . 2007-11-20 20:00 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Uniblue
2007-11-20 15:03 . 2007-11-20 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-20 04:20 . 2007-11-20 04:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-20 03:58 . 2007-11-21 17:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 03:42 . 2007-11-20 03:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-20 03:36 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\123
2007-11-20 01:12 . 2007-11-20 23:33 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-20 01:12 . 2007-09-06 05:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-20 01:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-20 01:12 . 2007-09-06 05:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-20 00:16 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-20 00:07 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-20 00:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 00:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 00:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 00:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-20 00:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 23:48 . 2007-11-19 23:48 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-19 23:48 . 2007-11-19 23:48 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-19 23:26 . 2007-11-19 23:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 22:49 . 2007-11-21 18:25 413,696 --a------ C:\WINDOWS\system32\wrap_oal.new
2007-11-19 22:49 . 2007-11-21 18:25 86,016 --a------ C:\WINDOWS\system32\OpenAL32.new
2007-11-19 20:33 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\EMI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 07:21 --------- d-----w C:\Program Files\FlashFXP
2007-11-30 02:21 --------- d-----w C:\Documents and Settings\Cole\Application Data\Newsbin
2007-11-29 15:43 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-11-29 02:23 --------- d-----w C:\Program Files\WinTV
2007-11-28 11:35 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-26 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 08:38 --------- d-----w C:\Program Files\Steinberg
2007-11-26 06:34 --------- d-----w C:\Program Files\XML Notepad 2007
2007-11-26 06:34 --------- d-----w C:\Program Files\XML Notepad 2006
2007-11-26 06:34 --------- d-----w C:\Program Files\WMR11
2007-11-26 06:34 --------- d-----w C:\Program Files\WinMX
2007-11-26 06:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-26 06:34 --------- d-----w C:\Program Files\viewsonic
2007-11-26 06:34 --------- d-----w C:\Program Files\UPHClean
2007-11-26 06:34 --------- d-----w C:\Program Files\Trainer Maker Kit
2007-11-26 06:34 --------- d-----w C:\Program Files\Trainer Creation Kit
2007-11-26 06:34 --------- d-----w C:\Program Files\Sudoku 9981
2007-11-26 06:34 --------- d-----w C:\Program Files\Slingo Quest
2007-11-26 06:34 --------- d-----w C:\Program Files\Slingo
2007-11-26 06:34 --------- d-----w C:\Program Files\Rising Software
2007-11-26 06:34 --------- d-----w C:\Program Files\RADVideo
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickTime
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickSFV
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickPar
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickNFO
2007-11-26 06:34 --------- d-----w C:\Program Files\Playtonium Jigsaw Enchanted Forest
2007-11-26 06:34 --------- d-----w C:\Program Files\Oasis
2007-11-26 06:34 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2007-11-26 06:34 --------- d-----w C:\Program Files\MRConverter
2007-11-26 06:34 --------- d-----w C:\Program Files\Motherboard Monitor 5
2007-11-26 06:34 --------- d-----w C:\Program Files\MKVtoolnix
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft Money 2006
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-26 06:34 --------- d-----w C:\Program Files\Managed DirectX (0900)
2007-11-26 06:34 --------- d-----w C:\Program Files\LimeWire
2007-11-26 06:34 --------- d-----w C:\Program Files\KeyChanger Windows Edition
2007-11-26 06:34 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-26 06:34 --------- d-----w C:\Program Files\Jigsaw365
2007-11-26 06:34 --------- d-----w C:\Program Files\Giganews Accelerator
2007-11-26 06:34 --------- d-----w C:\Program Files\FileZilla
2007-11-26 06:34 --------- d-----w C:\Program Files\Family Tree SuperTools
2007-11-26 06:34 --------- d-----w C:\Program Files\Family Feud
2007-11-26 06:34 --------- d-----w C:\Program Files\Easy Computing
2007-11-26 06:34 --------- d-----w C:\Program Files\EarMaster School 5
2007-11-26 06:34 --------- d-----w C:\Program Files\Dungeon Scroll Gold Edition
2007-11-26 06:34 --------- d-----w C:\Program Files\Direct MP3 Joiner
2007-11-26 06:34 --------- d-----w C:\Program Files\Diner Dash
2007-11-26 06:34 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-11-26 06:34 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-11-26 06:34 --------- d-----w C:\Program Files\CureROM
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-11-26 06:34 --------- d-----w C:\Program Files\Cheat Engine53
2007-11-26 06:34 --------- d-----w C:\Program Files\BPFTP Server
2007-11-26 06:34 --------- d-----w C:\Program Files\BitComet
2007-11-26 06:34 --------- d-----w C:\Program Files\Bistro Stars
2007-11-26 06:34 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-26 06:34 --------- d-----w C:\Program Files\ArtMoney
2007-11-26 06:34 --------- d-----w C:\Program Files\AoA Audio Extractor
2007-11-26 06:34 --------- d-----w C:\Program Files\allTunes
2007-11-26 06:34 --------- d-----w C:\Program Files\Absolute MP3 Splitter
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\uqm
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Media Player Classic
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\GameHouse
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\DAEMON Tools Pro
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Canon
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Bioshock
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Ahead
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\AdobeUM
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\ACD Systems
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-24 23:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-22 08:16 --------- d-----w C:\Documents and Settings\Cole\Application Data\Steinberg
2007-11-22 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-22 02:17 --------- d--h--w C:\Program Files\Creative Installation Information
2007-11-22 02:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-11-22 00:28 --------- d-----w C:\Program Files\Creative
2007-11-21 02:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-21 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-20 07:39 --------- d-----w C:\Program Files\Full Speed
2007-11-18 06:31 23,504 ----a-w C:\Documents and Settings\Cole\Application Data\GDIPFONTCACHEV1.DAT
2007-11-16 12:48 102 ----a-w C:\WINDOWS\Fonts\arialhz.ttf
2007-11-11 11:42 --------- d-----w C:\Program Files\Ray Adams
2007-11-06 03:53 --------- d-----w C:\Program Files\Common Files\element5 Shared
2007-11-06 00:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-06 00:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 09:13 --------- d-----w C:\Documents and Settings\Cole\Application Data\Line 6
2007-11-05 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Line 6
2007-11-03 03:53 --------- d-----w C:\Program Files\Raxco
2007-10-31 05:45 278,984 ----a-r C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-29 19:32 685,816 ----a-r C:\WINDOWS\system32\drivers\sptd.sys
2007-10-29 18:04 --------- d-----w C:\Program Files\Logitech
2007-10-29 18:04 --------- d-----w C:\Program Files\Common Files\Logishrd
2007-10-29 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-11-28 05:35 86016]

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apc Powerchute"="C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe" [2005-12-12 14:03]
"XFI Volume Panel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 01:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 16:39 C:\WINDOWS\KHALMNPR.Exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-28 05:35]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-08-28 11:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 17:13:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\Amanda\EuShlExt.dll [2005-11-14 15:15 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional XL.lnk]
backup=C:\WINDOWS\pss\PlexTools Professional XL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cole^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2007-10-09 15:46 61440 --a------ C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2006-11-09 10:19 204800 --------- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe /r

R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
R1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
R3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;C:\WINDOWS\system32\drivers\HCWUSB2AV.sys
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys
S3 2ad257;2ad257;\??\C:\WINDOWS\system32\2ad257.sys
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys
S3 L6TPortB;Service - Line 6 TonePort UX2;C:\WINDOWS\system32\Drivers\L6TPortB.sys
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 RDID1029;Roland Digital Piano;C:\WINDOWS\system32\Drivers\rdwm1029.sys
S4 Fix-It Task Manager;Fix-It Task Manager;C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe -Service
S4 ZCVJRXH;ZCVJRXH;C:\DOCUME~1\Cole\LOCALS~1\Temp\ZCVJRXH.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{YCDFF4C4-C8BC-3DDE-FCA7-D3844714F2F8}]
C:\WINDOWS\system32:uvsr32.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 01:59:29 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-20 22:23:19 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 01:46:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-01 1:46:42 - machine was rebooted
.
--- E O F ---


New Hijackthis LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:33 AM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [Apc Powerchute] C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
O4 - HKCU\..\Run: [XFI Volume Panel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://H:\setup\RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194768985890
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6757 bytes

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:54 PM

Posted 02 December 2007 - 08:46 AM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Suspect::[3]
C:\WINDOWS\system32\ubuntu.exe
C:\WINDOWS\system32\REN13B.tmp
C:\WINDOWS\system32\REN13A.tmp
C:\WINDOWS\system32\REN13C.tmp
C:\WINDOWS\system32\REN139.tmp
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\e2a258.tmp
C:\WINDOWS\system32\fc325A.tmp
C:\WINDOWS\system32\2ad257.sys
C:\WINDOWS\system32\windrv.sys
C:\WINDOWS\system32\drivers\atksgt.sys
C:\DOCUME~1\Cole\LOCALS~1\Temp\ZCVJRXH.exe

Dirlook::
C:\WINDOWS\r007
C:\_Backup
C:\WINDOWS\system32\Sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{YCDFF4C4-C8BC-3DDE-FCA7-D3844714F2F8}]
[-HKEY_CLASSES_ROOT\CLSID\{YCDFF4C4-C8BC-3DDE-FCA7-D3844714F2F8}]

ADS::
C:\WINDOWS\system32


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#6 Gideon25

Gideon25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 02 December 2007 - 02:25 PM

Scriptfile was used. Zipfile was submitted. New combofix log:

ComboFix 07-12-01.2 - Cole 2007-12-02 13:10:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1371 [GMT -6:00]
Running from: C:\Documents and Settings\Cole\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cole\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-11-24 17:18 . 2007-11-24 17:18 103 --a------ C:\WINDOWS\pro.INI
2007-11-24 16:50 . 2007-11-26 00:34 <DIR> d-------- C:\ProcessExplorer
2007-11-24 15:29 . 2007-11-24 17:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-24 15:29 . 2007-11-24 15:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-24 04:20 . 2007-11-24 14:59 <DIR> d-------- C:\Program Files\Error Repair Professional
2007-11-24 04:18 . 2007-11-24 04:18 <DIR> d-------- C:\Program Files\ElcomSoft
2007-11-24 04:18 . 2007-11-24 04:19 789 --a------ C:\WINDOWS\ARPR.INI
2007-11-24 02:58 . 2007-11-24 02:59 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-24 02:57 . 2007-11-24 02:57 <DIR> d--h----- C:\Documents and Settings\Cole\InstallAnywhere
2007-11-24 02:42 . 2007-11-24 02:42 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2007-11-24 02:42 . 2007-11-24 02:42 3,365 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-11-24 02:39 . 2007-11-24 02:39 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2007-11-24 02:39 . 2007-11-24 02:39 8,457 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2007-11-24 02:37 . 2007-11-24 02:37 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\AccurateRip
2007-11-22 22:53 . 2007-11-26 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-22 20:08 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\mIRC
2007-11-22 20:08 . 2007-11-26 00:34 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\mIRC
2007-11-22 03:53 . 2007-11-22 03:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Bitdefender
2007-11-22 02:15 . 2007-11-22 02:15 <DIR> d-------- C:\temp\2PU0ON1A
2007-11-22 02:15 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-11-22 02:11 . 2007-11-26 02:37 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-22 02:11 . 2000-09-07 15:06 1,441,792 --a------ C:\WINDOWS\system32\nspw7.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,429,504 --a------ C:\WINDOWS\system32\nspa6.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,404,928 --a------ C:\WINDOWS\system32\nspm6.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,335,296 --a------ C:\WINDOWS\system32\nspm5.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,318,912 --a------ C:\WINDOWS\system32\nspp6.dll
2007-11-22 02:11 . 2000-09-07 15:05 1,306,624 --a------ C:\WINDOWS\system32\nsppx.dll
2007-11-22 02:11 . 2000-09-07 15:04 114,688 --a------ C:\WINDOWS\system32\nsp.dll
2007-11-22 00:39 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-22 00:39 . 2007-11-22 00:39 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\PC Tools
2007-11-22 00:39 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-22 00:39 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-22 00:39 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-22 00:39 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-22 00:38 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-21 23:49 . 2007-11-21 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2007-11-21 23:49 . 2007-11-21 23:56 16,384 --a------ C:\WINDOWS\system32\ubuntu.exe
2007-11-21 20:29 . 2007-11-21 20:29 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Avanquest
2007-11-21 20:29 . 2007-11-21 20:29 <DIR> d--h----- C:\_Backup
2007-11-21 20:28 . 2007-11-21 20:28 <DIR> d-------- C:\Program Files\Avanquest
2007-11-21 20:17 . 2007-11-21 20:17 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-11-21 19:18 . 2007-11-21 21:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-21 19:18 . 2007-11-21 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-21 18:43 . 2007-12-02 13:11 121 --a------ C:\WINDOWS\bdagent.INI
2007-11-21 18:37 . 2007-11-21 18:37 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Bitdefender
2007-11-21 18:36 . 2007-11-21 19:18 <DIR> d-------- C:\Program Files\BitDefender
2007-11-21 18:29 . 2007-12-01 02:29 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-11-21 18:29 . 2007-12-01 02:29 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-11-21 18:25 . 2007-12-01 02:29 64,900 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 18:25 . 2007-12-01 02:29 54,692 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 18:25 . 2007-12-01 02:29 54,692 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 17:43 . 2007-11-21 17:43 <DIR> d-------- C:\Program Files\Java
2007-11-21 17:43 . 2007-11-21 17:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 17:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-21 17:25 . 2006-12-15 03:09 127,078 --a------ C:\WINDOWS\system32\REN13B.tmp
2007-11-21 17:25 . 2006-12-15 01:31 53,346 --a------ C:\WINDOWS\system32\REN13A.tmp
2007-11-21 17:25 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\REN13C.tmp
2007-11-21 17:25 . 2006-12-15 01:30 49,248 --a------ C:\WINDOWS\system32\REN139.tmp
2007-11-21 15:03 . 2007-11-26 00:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-21 13:51 . 2007-11-21 13:51 37 --a------ C:\WINDOWS\r007
2007-11-21 13:07 . 2007-11-21 13:07 <DIR> d-------- C:\Program Files\Panda Software
2007-11-20 23:40 . 2007-11-11 05:39 223 --ah----- C:\boot.ini.SAB
2007-11-20 23:27 . 2007-11-26 00:34 <DIR> d--hs---- C:\WINDOWS\system32\Sys
2007-11-20 19:52 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-20 19:21 . 2007-11-20 19:21 353,055 --a------ C:\HostsXpert.zip
2007-11-20 19:19 . 2007-11-20 19:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-20 19:19 . 2007-11-20 19:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-20 19:08 . 2007-11-20 19:09 3,014 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-20 18:07 . 2007-11-20 18:07 2,335,270 --a------ C:\WINDOWS\system32\4f1256.mht
2007-11-20 18:07 . 2007-02-28 03:08 2,136,064 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-20 18:07 . 2004-08-03 16:56 708,096 -ra------ C:\WINDOWS\system32\e2a258.tmp
2007-11-20 18:07 . 2004-08-03 15:14 182,912 -ra------ C:\WINDOWS\system32\fc325A.tmp
2007-11-20 18:07 . 2007-11-20 18:07 54,624 --a------ C:\WINDOWS\system32\2ad257.sys
2007-11-20 17:56 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\Multi-ZIP-licity 2.0
2007-11-20 17:56 . 2007-11-20 18:03 676 --a------ C:\WINDOWS\multiziplicity20.ini
2007-11-20 17:45 . 2007-09-21 10:07 317,952 --a------ C:\WINDOWS\Rar.exe
2007-11-20 16:48 . 2007-11-20 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IK Multimedia
2007-11-20 15:03 . 2007-11-20 20:00 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Uniblue
2007-11-20 15:03 . 2007-11-20 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-20 04:20 . 2007-11-20 04:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-20 03:58 . 2007-11-21 17:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 03:42 . 2007-11-20 03:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-20 03:36 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\123
2007-11-20 01:12 . 2007-11-20 23:33 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-20 01:12 . 2007-09-06 05:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-20 01:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-20 01:12 . 2007-09-06 05:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-20 00:16 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-20 00:07 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-20 00:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 00:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 00:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 00:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-20 00:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 23:48 . 2007-11-19 23:48 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-19 23:48 . 2007-11-19 23:48 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-19 23:26 . 2007-11-19 23:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 22:49 . 2007-11-21 18:25 413,696 --a------ C:\WINDOWS\system32\wrap_oal.new
2007-11-19 22:49 . 2007-11-21 18:25 86,016 --a------ C:\WINDOWS\system32\OpenAL32.new
2007-11-19 20:33 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\EMI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 18:13 --------- d-----w C:\Program Files\FlashFXP
2007-12-02 08:27 --------- d-----w C:\Documents and Settings\Cole\Application Data\Newsbin
2007-12-02 06:53 --------- d-----w C:\Program Files\WinTV
2007-11-29 15:43 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-11-28 11:35 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-26 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 08:38 --------- d-----w C:\Program Files\Steinberg
2007-11-26 06:34 --------- d-----w C:\Program Files\XML Notepad 2007
2007-11-26 06:34 --------- d-----w C:\Program Files\XML Notepad 2006
2007-11-26 06:34 --------- d-----w C:\Program Files\WMR11
2007-11-26 06:34 --------- d-----w C:\Program Files\WinMX
2007-11-26 06:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-26 06:34 --------- d-----w C:\Program Files\viewsonic
2007-11-26 06:34 --------- d-----w C:\Program Files\UPHClean
2007-11-26 06:34 --------- d-----w C:\Program Files\Trainer Maker Kit
2007-11-26 06:34 --------- d-----w C:\Program Files\Trainer Creation Kit
2007-11-26 06:34 --------- d-----w C:\Program Files\Sudoku 9981
2007-11-26 06:34 --------- d-----w C:\Program Files\Slingo Quest
2007-11-26 06:34 --------- d-----w C:\Program Files\Slingo
2007-11-26 06:34 --------- d-----w C:\Program Files\Rising Software
2007-11-26 06:34 --------- d-----w C:\Program Files\RADVideo
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickTime
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickSFV
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickPar
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickNFO
2007-11-26 06:34 --------- d-----w C:\Program Files\Playtonium Jigsaw Enchanted Forest
2007-11-26 06:34 --------- d-----w C:\Program Files\Oasis
2007-11-26 06:34 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2007-11-26 06:34 --------- d-----w C:\Program Files\MRConverter
2007-11-26 06:34 --------- d-----w C:\Program Files\Motherboard Monitor 5
2007-11-26 06:34 --------- d-----w C:\Program Files\MKVtoolnix
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft Money 2006
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-26 06:34 --------- d-----w C:\Program Files\Managed DirectX (0900)
2007-11-26 06:34 --------- d-----w C:\Program Files\LimeWire
2007-11-26 06:34 --------- d-----w C:\Program Files\KeyChanger Windows Edition
2007-11-26 06:34 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-26 06:34 --------- d-----w C:\Program Files\Jigsaw365
2007-11-26 06:34 --------- d-----w C:\Program Files\Giganews Accelerator
2007-11-26 06:34 --------- d-----w C:\Program Files\FileZilla
2007-11-26 06:34 --------- d-----w C:\Program Files\Family Tree SuperTools
2007-11-26 06:34 --------- d-----w C:\Program Files\Family Feud
2007-11-26 06:34 --------- d-----w C:\Program Files\Easy Computing
2007-11-26 06:34 --------- d-----w C:\Program Files\EarMaster School 5
2007-11-26 06:34 --------- d-----w C:\Program Files\Dungeon Scroll Gold Edition
2007-11-26 06:34 --------- d-----w C:\Program Files\Direct MP3 Joiner
2007-11-26 06:34 --------- d-----w C:\Program Files\Diner Dash
2007-11-26 06:34 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-11-26 06:34 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-11-26 06:34 --------- d-----w C:\Program Files\CureROM
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-11-26 06:34 --------- d-----w C:\Program Files\Cheat Engine53
2007-11-26 06:34 --------- d-----w C:\Program Files\BPFTP Server
2007-11-26 06:34 --------- d-----w C:\Program Files\BitComet
2007-11-26 06:34 --------- d-----w C:\Program Files\Bistro Stars
2007-11-26 06:34 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-26 06:34 --------- d-----w C:\Program Files\ArtMoney
2007-11-26 06:34 --------- d-----w C:\Program Files\AoA Audio Extractor
2007-11-26 06:34 --------- d-----w C:\Program Files\allTunes
2007-11-26 06:34 --------- d-----w C:\Program Files\Absolute MP3 Splitter
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\uqm
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Media Player Classic
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\GameHouse
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\DAEMON Tools Pro
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Canon
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Bioshock
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Ahead
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\AdobeUM
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\ACD Systems
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-24 23:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-22 08:16 --------- d-----w C:\Documents and Settings\Cole\Application Data\Steinberg
2007-11-22 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-22 02:17 --------- d--h--w C:\Program Files\Creative Installation Information
2007-11-22 02:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-11-22 00:28 --------- d-----w C:\Program Files\Creative
2007-11-21 02:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-21 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-20 07:39 --------- d-----w C:\Program Files\Full Speed
2007-11-18 06:31 23,504 ----a-w C:\Documents and Settings\Cole\Application Data\GDIPFONTCACHEV1.DAT
2007-11-16 12:48 102 ----a-w C:\WINDOWS\Fonts\arialhz.ttf
2007-11-11 11:42 --------- d-----w C:\Program Files\Ray Adams
2007-11-06 03:53 --------- d-----w C:\Program Files\Common Files\element5 Shared
2007-11-06 00:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-06 00:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 09:13 --------- d-----w C:\Documents and Settings\Cole\Application Data\Line 6
2007-11-05 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Line 6
2007-11-03 03:53 --------- d-----w C:\Program Files\Raxco
2007-10-31 05:45 278,984 ----a-r C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-29 19:32 685,816 ----a-r C:\WINDOWS\system32\drivers\sptd.sys
2007-10-29 18:04 --------- d-----w C:\Program Files\Logitech
2007-10-29 18:04 --------- d-----w C:\Program Files\Common Files\Logishrd
2007-10-29 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\_Backup ----

2007-12-01 02:15 1566 --a------ C:\_Backup\Fix-It.Log
2007-11-21 20:29 1032 --a------ C:\_Backup\IMAGES\IMAGE.1

---- Directory of C:\WINDOWS\r007 ----

C:\WINDOWS\r007\

---- Directory of C:\WINDOWS\system32\Sys ----

2007-11-21 13:56 6737 --a------ C:\WINDOWS\system32\Sys\panda-db.002
2007-11-21 13:56 3810 --a------ C:\WINDOWS\system32\Sys\panda-db.001


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-11-28 05:35 86016]

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apc Powerchute"="C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe" [2005-12-12 14:03]
"XFI Volume Panel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 01:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 16:39 C:\WINDOWS\KHALMNPR.Exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-28 05:35]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-08-28 11:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 17:13:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\Amanda\EuShlExt.dll [2005-11-14 15:15 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional XL.lnk]
backup=C:\WINDOWS\pss\PlexTools Professional XL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cole^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2007-10-09 15:46 61440 --a------ C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2006-11-09 10:19 204800 --------- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe /r

R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
R1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
R3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;C:\WINDOWS\system32\drivers\HCWUSB2AV.sys
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys
S3 2ad257;2ad257;\??\C:\WINDOWS\system32\2ad257.sys
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys
S3 L6TPortB;Service - Line 6 TonePort UX2;C:\WINDOWS\system32\Drivers\L6TPortB.sys
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 RDID1029;Roland Digital Piano;C:\WINDOWS\system32\Drivers\rdwm1029.sys
S4 Fix-It Task Manager;Fix-It Task Manager;C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe -Service
S4 ZCVJRXH;ZCVJRXH;C:\DOCUME~1\Cole\LOCALS~1\Temp\ZCVJRXH.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

*Newly Created Service* - SYSMONLOG
.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 01:59:29 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-20 22:23:19 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 13:11:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-02 13:11:47
C:\ComboFix2.txt ... 2007-12-01 01:46
.
--- E O F ---




New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:33 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [Apc Powerchute] C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
O4 - HKCU\..\Run: [XFI Volume Panel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://H:\setup\RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194768985890
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6816 bytes

Thanks!

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:54 PM

Posted 03 December 2007 - 12:51 PM

I am not seeing anything that looks like malware here. I scanned all your submitted files and they seem legit. Did you recently run McAfee's rootkit detective program? My guess are your problems are Windows/Driver related and not malware related. After this, I will probably have to refer you to the Windows XP forum.


* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::

Folder::
C:\WINDOWS\system32\2ad257.sys
C:\DOCUME~1\Cole\LOCALS~1\Temp\ZCVJRXH.exe

Driver::
ZCVJRXH
2ad257


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#8 Gideon25

Gideon25
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 04 December 2007 - 09:17 AM

Ok, Combofixlog:

ComboFix 07-12-01.2 - Cole 2007-12-04 8:11:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1555 [GMT -6:00]
Running from: C:\Documents and Settings\Cole\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cole\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\2ad257.sys\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_2AD257
-------\LEGACY_ZCVJRXH
-------\2ad257
-------\ZCVJRXH


((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 16:03 . 2007-12-03 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 16:03 . 2007-12-03 16:03 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-24 17:18 . 2007-11-24 17:18 103 --a------ C:\WINDOWS\pro.INI
2007-11-24 16:50 . 2007-11-26 00:34 <DIR> d-------- C:\ProcessExplorer
2007-11-24 04:20 . 2007-11-24 14:59 <DIR> d-------- C:\Program Files\Error Repair Professional
2007-11-24 04:18 . 2007-11-24 04:18 <DIR> d-------- C:\Program Files\ElcomSoft
2007-11-24 04:18 . 2007-11-24 04:19 789 --a------ C:\WINDOWS\ARPR.INI
2007-11-24 02:58 . 2007-11-24 02:59 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-24 02:57 . 2007-11-24 02:57 <DIR> d--h----- C:\Documents and Settings\Cole\InstallAnywhere
2007-11-24 02:42 . 2007-11-24 02:42 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2007-11-24 02:42 . 2007-11-24 02:42 3,365 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2007-11-24 02:39 . 2007-11-24 02:39 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2007-11-24 02:39 . 2007-11-24 02:39 8,457 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2007-11-24 02:37 . 2007-11-24 02:37 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\AccurateRip
2007-11-22 22:53 . 2007-11-26 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-22 20:08 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\mIRC
2007-11-22 20:08 . 2007-11-26 00:34 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\mIRC
2007-11-22 03:53 . 2007-11-22 03:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Bitdefender
2007-11-22 02:15 . 2007-11-22 02:15 <DIR> d-------- C:\temp\2PU0ON1A
2007-11-22 02:15 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-11-22 02:11 . 2007-11-26 02:37 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-22 02:11 . 2000-09-07 15:06 1,441,792 --a------ C:\WINDOWS\system32\nspw7.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,429,504 --a------ C:\WINDOWS\system32\nspa6.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,404,928 --a------ C:\WINDOWS\system32\nspm6.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,335,296 --a------ C:\WINDOWS\system32\nspm5.dll
2007-11-22 02:11 . 2000-09-07 15:06 1,318,912 --a------ C:\WINDOWS\system32\nspp6.dll
2007-11-22 02:11 . 2000-09-07 15:05 1,306,624 --a------ C:\WINDOWS\system32\nsppx.dll
2007-11-22 02:11 . 2000-09-07 15:04 114,688 --a------ C:\WINDOWS\system32\nsp.dll
2007-11-22 00:39 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-22 00:39 . 2007-11-22 00:39 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\PC Tools
2007-11-22 00:39 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-22 00:39 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-22 00:39 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-22 00:39 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-22 00:38 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-21 23:49 . 2007-11-21 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2007-11-21 23:49 . 2007-11-21 23:56 16,384 --a------ C:\WINDOWS\system32\ubuntu.exe
2007-11-21 20:29 . 2007-11-21 20:29 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Avanquest
2007-11-21 20:29 . 2007-11-21 20:29 <DIR> d--h----- C:\_Backup
2007-11-21 20:28 . 2007-11-21 20:28 <DIR> d-------- C:\Program Files\Avanquest
2007-11-21 20:17 . 2007-11-21 20:17 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-11-21 19:18 . 2007-11-21 21:22 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-21 19:18 . 2007-11-21 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-21 18:43 . 2007-12-04 08:13 121 --a------ C:\WINDOWS\bdagent.INI
2007-11-21 18:37 . 2007-11-21 18:37 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Bitdefender
2007-11-21 18:36 . 2007-11-21 19:18 <DIR> d-------- C:\Program Files\BitDefender
2007-11-21 18:29 . 2007-12-04 08:13 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-11-21 18:29 . 2007-12-04 08:13 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2007-11-21 18:25 . 2007-12-04 08:13 64,900 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 18:25 . 2007-12-04 08:13 54,692 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 18:25 . 2007-12-04 08:13 54,692 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx
2007-11-21 17:43 . 2007-11-21 17:43 <DIR> d-------- C:\Program Files\Java
2007-11-21 17:43 . 2007-11-21 17:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-21 17:43 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-21 17:25 . 2006-12-15 03:09 127,078 --a------ C:\WINDOWS\system32\REN13B.tmp
2007-11-21 17:25 . 2006-12-15 01:31 53,346 --a------ C:\WINDOWS\system32\REN13A.tmp
2007-11-21 17:25 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\REN13C.tmp
2007-11-21 17:25 . 2006-12-15 01:30 49,248 --a------ C:\WINDOWS\system32\REN139.tmp
2007-11-21 15:03 . 2007-11-26 00:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-21 13:51 . 2007-11-21 13:51 37 --a------ C:\WINDOWS\r007
2007-11-21 13:07 . 2007-11-21 13:07 <DIR> d-------- C:\Program Files\Panda Software
2007-11-20 23:40 . 2007-11-11 05:39 223 --ah----- C:\boot.ini.SAB
2007-11-20 23:27 . 2007-11-26 00:34 <DIR> d--hs---- C:\WINDOWS\system32\Sys
2007-11-20 19:52 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-20 19:21 . 2007-11-20 19:21 353,055 --a------ C:\HostsXpert.zip
2007-11-20 19:19 . 2007-11-20 19:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-20 19:19 . 2007-11-20 19:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-20 19:08 . 2007-11-20 19:09 3,014 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-20 18:07 . 2007-11-20 18:07 2,335,270 --a------ C:\WINDOWS\system32\4f1256.mht
2007-11-20 18:07 . 2007-02-28 03:08 2,136,064 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-20 18:07 . 2004-08-03 16:56 708,096 -ra------ C:\WINDOWS\system32\e2a258.tmp
2007-11-20 18:07 . 2004-08-03 15:14 182,912 -ra------ C:\WINDOWS\system32\fc325A.tmp
2007-11-20 18:07 . 2007-11-20 18:07 54,624 --a------ C:\WINDOWS\system32\2ad257.sys
2007-11-20 17:56 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\Multi-ZIP-licity 2.0
2007-11-20 17:56 . 2007-11-20 18:03 676 --a------ C:\WINDOWS\multiziplicity20.ini
2007-11-20 17:45 . 2007-09-21 10:07 317,952 --a------ C:\WINDOWS\Rar.exe
2007-11-20 16:48 . 2007-11-20 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IK Multimedia
2007-11-20 15:03 . 2007-11-20 20:00 <DIR> d-------- C:\Documents and Settings\Cole\Application Data\Uniblue
2007-11-20 15:03 . 2007-11-20 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-20 04:20 . 2007-11-20 04:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-20 03:58 . 2007-11-21 17:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 03:42 . 2007-11-20 03:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-20 03:36 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\123
2007-11-20 01:12 . 2007-11-20 23:33 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-20 01:12 . 2007-09-06 05:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-20 01:12 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-20 01:12 . 2007-09-06 05:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-20 00:16 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-20 00:07 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-20 00:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-20 00:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-20 00:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 00:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-20 00:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 23:48 . 2007-11-19 23:48 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-19 23:48 . 2007-11-19 23:48 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-11-19 23:26 . 2007-11-19 23:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-19 22:49 . 2007-11-21 18:25 413,696 --a------ C:\WINDOWS\system32\wrap_oal.new
2007-11-19 22:49 . 2007-11-21 18:25 86,016 --a------ C:\WINDOWS\system32\OpenAL32.new
2007-11-19 20:33 . 2007-11-26 00:34 <DIR> d-------- C:\Program Files\EMI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 14:09 --------- d-----w C:\Documents and Settings\Cole\Application Data\Newsbin
2007-12-03 16:34 --------- d-----w C:\Program Files\FlashFXP
2007-12-03 04:30 --------- d-----w C:\Documents and Settings\Cole\Application Data\Canon
2007-12-03 03:32 --------- d-----w C:\Program Files\WinTV
2007-11-28 11:35 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-26 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 08:38 --------- d-----w C:\Program Files\Steinberg
2007-11-26 06:34 --------- d-----w C:\Program Files\XML Notepad 2007
2007-11-26 06:34 --------- d-----w C:\Program Files\XML Notepad 2006
2007-11-26 06:34 --------- d-----w C:\Program Files\WMR11
2007-11-26 06:34 --------- d-----w C:\Program Files\WinMX
2007-11-26 06:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-26 06:34 --------- d-----w C:\Program Files\viewsonic
2007-11-26 06:34 --------- d-----w C:\Program Files\UPHClean
2007-11-26 06:34 --------- d-----w C:\Program Files\Trainer Maker Kit
2007-11-26 06:34 --------- d-----w C:\Program Files\Trainer Creation Kit
2007-11-26 06:34 --------- d-----w C:\Program Files\Sudoku 9981
2007-11-26 06:34 --------- d-----w C:\Program Files\Slingo Quest
2007-11-26 06:34 --------- d-----w C:\Program Files\Slingo
2007-11-26 06:34 --------- d-----w C:\Program Files\Rising Software
2007-11-26 06:34 --------- d-----w C:\Program Files\RADVideo
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickTime
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickSFV
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickPar
2007-11-26 06:34 --------- d-----w C:\Program Files\QuickNFO
2007-11-26 06:34 --------- d-----w C:\Program Files\Playtonium Jigsaw Enchanted Forest
2007-11-26 06:34 --------- d-----w C:\Program Files\Oasis
2007-11-26 06:34 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2007-11-26 06:34 --------- d-----w C:\Program Files\MRConverter
2007-11-26 06:34 --------- d-----w C:\Program Files\Motherboard Monitor 5
2007-11-26 06:34 --------- d-----w C:\Program Files\MKVtoolnix
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft Money 2006
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-11-26 06:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-26 06:34 --------- d-----w C:\Program Files\Managed DirectX (0900)
2007-11-26 06:34 --------- d-----w C:\Program Files\LimeWire
2007-11-26 06:34 --------- d-----w C:\Program Files\KeyChanger Windows Edition
2007-11-26 06:34 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-26 06:34 --------- d-----w C:\Program Files\Jigsaw365
2007-11-26 06:34 --------- d-----w C:\Program Files\Giganews Accelerator
2007-11-26 06:34 --------- d-----w C:\Program Files\FileZilla
2007-11-26 06:34 --------- d-----w C:\Program Files\Family Tree SuperTools
2007-11-26 06:34 --------- d-----w C:\Program Files\Family Feud
2007-11-26 06:34 --------- d-----w C:\Program Files\Easy Computing
2007-11-26 06:34 --------- d-----w C:\Program Files\EarMaster School 5
2007-11-26 06:34 --------- d-----w C:\Program Files\Dungeon Scroll Gold Edition
2007-11-26 06:34 --------- d-----w C:\Program Files\Direct MP3 Joiner
2007-11-26 06:34 --------- d-----w C:\Program Files\Diner Dash
2007-11-26 06:34 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-11-26 06:34 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-11-26 06:34 --------- d-----w C:\Program Files\CureROM
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Raxco
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\EasyInfo
2007-11-26 06:34 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-11-26 06:34 --------- d-----w C:\Program Files\Cheat Engine53
2007-11-26 06:34 --------- d-----w C:\Program Files\BPFTP Server
2007-11-26 06:34 --------- d-----w C:\Program Files\BitComet
2007-11-26 06:34 --------- d-----w C:\Program Files\Bistro Stars
2007-11-26 06:34 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-26 06:34 --------- d-----w C:\Program Files\ArtMoney
2007-11-26 06:34 --------- d-----w C:\Program Files\AoA Audio Extractor
2007-11-26 06:34 --------- d-----w C:\Program Files\allTunes
2007-11-26 06:34 --------- d-----w C:\Program Files\Absolute MP3 Splitter
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\uqm
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Media Player Classic
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\GameHouse
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\DAEMON Tools Pro
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Bioshock
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\Ahead
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\AdobeUM
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\Cole\Application Data\ACD Systems
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-11-26 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-24 23:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-22 08:16 --------- d-----w C:\Documents and Settings\Cole\Application Data\Steinberg
2007-11-22 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-22 02:17 --------- d--h--w C:\Program Files\Creative Installation Information
2007-11-22 02:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-11-22 00:28 --------- d-----w C:\Program Files\Creative
2007-11-21 02:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-21 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-20 07:39 --------- d-----w C:\Program Files\Full Speed
2007-11-18 06:31 23,504 ----a-w C:\Documents and Settings\Cole\Application Data\GDIPFONTCACHEV1.DAT
2007-11-16 12:48 102 ----a-w C:\WINDOWS\Fonts\arialhz.ttf
2007-11-11 11:42 --------- d-----w C:\Program Files\Ray Adams
2007-11-06 03:53 --------- d-----w C:\Program Files\Common Files\element5 Shared
2007-11-06 00:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-06 00:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 09:13 --------- d-----w C:\Documents and Settings\Cole\Application Data\Line 6
2007-11-05 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Line 6
2007-11-03 03:53 --------- d-----w C:\Program Files\Raxco
2007-10-31 05:45 278,984 ----a-r C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-29 19:32 685,816 ----a-r C:\WINDOWS\system32\drivers\sptd.sys
2007-10-29 18:04 --------- d-----w C:\Program Files\Logitech
2007-10-29 18:04 --------- d-----w C:\Program Files\Common Files\Logishrd
2007-10-29 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-11-28 05:35 86016]

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apc Powerchute"="C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe" [2005-12-12 14:03]
"XFI Volume Panel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-11-05 01:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 16:39 C:\WINDOWS\KHALMNPR.Exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 17:25]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-11-28 05:35]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-08-28 11:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 17:13:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\Amanda\EuShlExt.dll [2005-11-14 15:15 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional XL.lnk]
backup=C:\WINDOWS\pss\PlexTools Professional XL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cole^Start Menu^Programs^Startup^ATI Tray Tools.lnk]
backup=C:\WINDOWS\pss\ATI Tray Tools.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2007-10-09 15:46 61440 --a------ C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2006-11-09 10:19 204800 --------- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe /r

R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
R1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
R3 BDSelfPr;BDSelfPr;\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;C:\WINDOWS\system32\drivers\HCWUSB2AV.sys
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys
S3 L6TPortB;Service - Line 6 TonePort UX2;C:\WINDOWS\system32\Drivers\L6TPortB.sys
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 RDID1029;Roland Digital Piano;C:\WINDOWS\system32\Drivers\rdwm1029.sys
S4 Fix-It Task Manager;Fix-It Task Manager;C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe -Service

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 01:59:29 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-11-20 22:23:19 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 08:14:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-04 8:15:41 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-02 13:11
C:\ComboFix3.txt ... 2007-12-01 01:46
.
--- E O F ---


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:12 AM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [Apc Powerchute] C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
O4 - HKCU\..\Run: [XFI Volume Panel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://H:\setup\RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194768985890
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6833 bytes

Thanks!

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:54 PM

Posted 04 December 2007 - 11:58 AM

At this point I do not see anything at all wrong with your logs. If you are still having problems I would suggest you update your drivers and also post your problem in the Windows XP Forum.

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users