Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Winctrl32.dll


  • This topic is locked This topic is locked
11 replies to this topic

#1 TheHat

TheHat

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 16 June 2008 - 03:32 PM

Recently I was infected with the winctrl32.dll virus. I then did a massive scan of my computer using the following; Adaware, Spybot, AVG (Free), Nod32, Smitfraud fix, SDFix, and a couple of online scanners. It appeared I was infected with a few different trojans and various spyware which I belive has mainly been wiped. However I have still been left with the winctrl32.dll trojan. I have tried various methods of removal without any luck. I have followd the steps you have asked and post my log to see if you can help at all.

I have since only noticed one problem and thats when windows start, it seems to start a little different. Apart from that I have disconnected the internet and not really used it. This is being done on my laptop.




Regards

Gary

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1022.73 MiB / 582.88 MiB
Pagefile Memory (total/avail): 2463.53 MiB / 2194.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1871.41 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.46 GiB total, 13.4 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 279.47 GiB total, 38.98 GiB free.
G: is Fixed (NTFS) - 149.04 GiB total, 47.15 GiB free.
H: is CDROM (No Media)
I: is Fixed (NTFS) - 129.34 GiB total, 90.93 GiB free.
J: is Fixed (FAT32) - 19.7 GiB total, 19.7 GiB free.
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N - 149.05 GiB - 2 partitions
\PARTITION0 - Installable File System - 129.34 GiB - I:
\PARTITION1 - Unknown - 19.71 GiB - J:

\\.\PHYSICALDRIVE1 - WDC WD360GD-00FNA0 - 34.47 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 34.46 GiB - C:

\\.\PHYSICALDRIVE3 - Maxtor 6 B300S0 SCSI Disk Device - 279.47 GiB - 1 partition
\PARTITION0 - Installable File System - 279.47 GiB - F:

\\.\PHYSICALDRIVE2 - MAXTOR S TM3160215AS SCSI Disk Device - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gary Spires\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GARY-A9D9EADFC4
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gary Spires
LOGONSERVER=\\GARY-A9D9EADFC4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GARYSP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GARYSP~1\LOCALS~1\Temp
USERDOMAIN=GARY-A9D9EADFC4
USERNAME=Gary Spires
USERPROFILE=C:\Documents and Settings\Gary Spires
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Gary Spires (admin)
LogMeInRemoteUser (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Team vCardWizard --> MsiExec.exe /X{21CBDD75-9331-4128-89A1-E152DDBAFA5C}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Antares Microphone Modeler 1.02 DirectX --> C:\PROGRA~1\ANTARE~1\ANTARE~1\UNWISE.EXE C:\PROGRA~1\ANTARE~1\ANTARE~1\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audioactive Production Studio --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Telos Systems\Audioactive Production Studio 2.0.4\Uninst.isu"
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CoffeeCup Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Doodling --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9 /remove
Creative Live! Cam FX Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9 /remove
Creative Live! Cam Voice Driver (1.01.02.0410) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD1370.uns -unsext NT -plugin P1370Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
DVD Audio Extractor 4.3.0 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
FLAC 1.2.1b (remove only) --> C:\Program Files\FLAC\uninstall.exe
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 5100 --> msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LeechFTP --> C:\WINDOWS\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif"
Live 6.0.1 --> C:\PROGRA~1\Ableton\LIVE60~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE60~1.1\Install\INSTALL.LOG
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Mixed In Key 2.5 --> C:\Program Files\Mixed In Key\Uninstall.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Pinnacle Game Profiler --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Setup.exe" -l0x9
Platinum Notes 0.95 --> C:\Program Files\Platinum Notes\Uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Radio Toolbox --> C:\Program Files\Radio Toolbox\Uninstall.exe
Registry Clean Expert --> "C:\Program Files\Registry Clean Expert\unins000.exe"
rgcAudio z3ta Plus v1.40 --> C:\PROGRA~1\RGCAUD~1\Z3TA_~1\Z3TA_U~1\UNWISE.EXE C:\PROGRA~1\RGCAUD~1\Z3TA_~1\Z3TA_U~1\INSTALL.LOG
Series II MIDI --> C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SopCast 3.0.0 --> C:\Program Files\SopCast\uninst.exe
Sothink DHTML Menu 8 --> "C:\Program Files\SourceTec\Sothink DHTML Menu 8\unins000.exe"
Sound Solution 1.31b --> "C:\Program Files\Winamp\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Cubase SX v3.1.1.944 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg HALion v3.1.0.947 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\HALION~1\DOCUME~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\HALION~1\DOCUME~1\INSTALL.LOG
SyncBackSE --> "C:\Program Files\2BrightSparks\SyncBackSE\unins000.exe"
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Vanguard Demo 1.03 --> "C:\Program Files\Steinberg\VstPlugins\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual Audio Cable 4.8 --> C:\Program Files\Virtual Audio Cable\setup.exe -u
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Voxengo Voxformer VST v1.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\Voxengo\VOXFOR~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\Voxengo\VOXFOR~1\INSTALL.LOG
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1803 / Error
Event Submitted/Written: 06/11/2008 08:10:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.4.1.14, fault address 0x00151354.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1801 / Error
Event Submitted/Written: 06/11/2008 07:49:04 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module quicktime.qts, version 7.4.1.14, fault address 0x00151354.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1772 / Error
Event Submitted/Written: 06/08/2008 04:14:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.3.1938, faulting module ml_bookmarks.dll, version 0.0.0.0, fault address 0x0000125d.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type1771 / Error
Event Submitted/Written: 06/08/2008 04:12:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.3.1938, faulting module ml_bookmarks.dll, version 0.0.0.0, fault address 0x0000125d.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type1741 / Success
Event Submitted/Written: 06/07/2008 02:34:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8660 / Error
Event Submitted/Written: 06/16/2008 07:22:24 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type8657 / Warning
Event Submitted/Written: 06/16/2008 07:21:50 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0030BDBAA2A9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type8639 / Error
Event Submitted/Written: 06/16/2008 07:17:49 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type8636 / Warning
Event Submitted/Written: 06/16/2008 07:17:18 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0030BDBAA2A9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type8616 / Error
Event Submitted/Written: 06/16/2008 07:12:53 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-06-16 20:47:04 ------------



Deckard's System Scanner v20071014.68
Run by Gary Spires on 2008-06-16 21:28:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gary Spires.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:47, on 16/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gary Spires\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GARYSP~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7BF12E4B-498C-4978-B53B-7C5CBEFE0209} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9198DD47-72D4-447B-92ED-8801F85DA0E3} - (no file)
O2 - BHO: (no name) - {CF55DD2E-1E2C-44F7-8514-A94864AC2990} - (no file)
O3 - Toolbar: rtsplgob - {C075D7A0-956E-4AF8-B5EC-8FFA98C53940} - (no file)
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O20 - Winlogon Notify: urqQklLd - urqQklLd.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Security Center wscsvcEventSystem (wscsvcEventSystem) - Unknown owner - .exe (file missing)

--
End of file - 6736 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 21:19:13 0 d-------- C:\Program Files\Trend Micro
2008-06-16 17:44:24 0 d-------- C:\WINDOWS\pss
2008-06-16 17:19:53 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-13 23:19:27 0 d-------- C:\WINDOWS\ERUNT
2008-06-13 22:53:19 32 --a-s---- C:\WINDOWS\system32\1955306672.dat
2008-06-13 13:39:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-12 07:35:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-12 07:35:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-12 07:35:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-12 07:35:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-12 07:35:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-12 07:35:32 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-12 07:35:32 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-12 07:35:32 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-12 07:35:32 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-12 07:35:32 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-12 07:35:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-12 07:35:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-12 07:35:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-12 07:35:31 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-11 23:56:19 5828 --ahs---- C:\WINDOWS\system32\VxHjPqru.ini2
2008-06-11 20:29:20 2870 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 20:04:28 4725 --ahs---- C:\WINDOWS\system32\xycfOXbc.ini2
2008-06-11 19:59:29 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\TmpRecentIcons
2008-06-09 19:45:59 0 d-------- C:\Program Files\FLAC
2008-06-08 16:31:47 0 d-------- C:\Program Files\Antares Audio Technologies
2008-06-08 15:11:31 0 d-------- C:\Program Files\rgcaudio software
2008-06-08 13:58:30 0 d-------- C:\jingle
2008-06-08 13:56:39 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\Steinberg
2008-06-08 13:48:43 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-08 13:45:45 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-08 13:45:40 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\DAEMON Tools
2008-06-08 13:35:08 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2008-06-08 13:35:08 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2008-06-08 13:35:08 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-06-08 13:35:08 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2008-06-08 13:35:08 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2008-06-08 13:35:07 352768 --a------ C:\WINDOWS\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2008-06-08 13:35:07 131072 --a------ C:\WINDOWS\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2008-06-08 13:35:07 130560 --a------ C:\WINDOWS\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio™ Encoder (32-bit)>
2008-06-08 13:35:07 85504 --a------ C:\WINDOWS\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-06-08 13:35:07 61952 --a------ C:\WINDOWS\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-06-08 13:33:51 0 d-------- C:\Program Files\Steinberg
2008-06-08 13:30:41 33792 --a------ C:\WINDOWS\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
2008-06-08 13:30:27 16896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; Syncrosoft GmbH; USB protection device>
2008-06-08 13:30:25 45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; Syncrosoft Hard- und Software GmbH; Syncrosoft Synsopos>
2008-06-08 13:30:24 147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; Syncrosoft Hard- und Software GmbH; >
2008-06-08 13:30:24 704512 --a------ C:\WINDOWS\system32\SYNSOACC.dll <Not Verified; Syncrosoft Hard- und Software GmbH; SYNCROSOFT SYNSOACC>
2008-06-08 13:30:24 0 d-------- C:\Program Files\Syncrosoft
2008-05-29 23:40:22 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\KALiNKOsoft
2008-05-29 21:11:29 53248 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-05-29 21:11:29 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-05-29 21:11:29 36864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-05-29 21:11:29 57344 --a------ C:\WINDOWS\system32\ADsSecurity.dll <Not Verified; ; ADsSecurity Module>
2008-05-29 21:11:28 0 d-------- C:\Program Files\KALiNKOsoft
2008-05-29 20:49:41 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-05-29 20:40:49 0 d-------- C:\Program Files\XBox 360 Controller for Windows Software
2008-05-29 20:07:33 0 d-------- C:\Program Files\Steam
2008-05-23 22:12:09 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\PC Suite
2008-05-23 22:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-23 22:11:53 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\Nokia
2008-05-23 22:11:32 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 22:11:31 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-23 22:11:19 0 d-------- C:\Program Files\DIFX
2008-05-23 22:11:04 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-23 22:10:42 0 d-------- C:\Program Files\Nokia
2008-05-23 22:10:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-18 19:01:40 0 d-------- C:\Program Files\DVD Audio Extractor
2008-05-16 10:03:29 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Templates
2008-05-16 10:03:29 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Start Menu
2008-05-16 10:03:29 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\SendTo
2008-05-16 10:03:29 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Recent
2008-05-16 10:03:29 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\PrintHood
2008-05-16 10:03:29 229376 --a------ C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT
2008-05-16 10:03:29 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\NetHood
2008-05-16 10:03:29 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\My Documents
2008-05-16 10:03:29 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Local Settings
2008-05-16 10:03:29 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Favorites
2008-05-16 10:03:29 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Desktop
2008-05-16 10:03:29 0 d--hs---- C:\Documents and Settings\LogMeInRemoteUser\Cookies
2008-05-16 10:03:29 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data
2008-05-16 10:03:29 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2008-06-16 15:13:33 0 d-------- C:\Program Files\LogMeIn
2008-06-13 22:51:30 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\uTorrent
2008-06-13 20:45:16 0 d-------- C:\Program Files\Registry Clean Expert
2008-06-02 19:32:01 0 d-------- C:\Program Files\Winamp Remote
2008-05-29 21:11:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 12:35:33 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\Winamp
2008-05-24 11:40:17 22269 --a------ C:\Documents and Settings\Gary Spires\Application Data\Tab Separated Values (Windows).ADR
2008-05-24 11:02:52 22062 --a------ C:\Documents and Settings\Gary Spires\Application Data\Microsoft Excel.ADR
2008-05-23 22:11:32 0 d-------- C:\Program Files\Common Files
2008-05-15 22:01:39 0 d-------- C:\Program Files\LeechFTP
2008-05-15 22:01:39 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\Help
2008-05-07 11:50:49 0 d-------- C:\Program Files\Messenger
2008-05-07 11:50:24 0 d-------- C:\Program Files\Movie Maker
2008-05-07 11:47:13 0 d-------- C:\Program Files\Windows NT
2008-05-07 10:48:20 0 d-------- C:\Program Files\Winamp
2008-05-04 13:14:49 0 d-------- C:\Program Files\2BrightSparks
2008-04-30 23:01:59 0 d-------- C:\Program Files\StationPlaylist
2008-04-30 23:01:13 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-30 22:59:39 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-28 08:40:13 0 d-------- C:\Documents and Settings\Gary Spires\Application Data\Acronis
2008-04-27 18:33:48 0 d-------- C:\Program Files\MSXML 6.0
2008-03-28 18:38:30 2046 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BF12E4B-498C-4978-B53B-7C5CBEFE0209}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9198DD47-72D4-447B-92ED-8801F85DA0E3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF55DD2E-1E2C-44F7-8514-A94864AC2990}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [15/01/2003 12:41 C:\WINDOWS\system32\ptipbm.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [26/03/2003 08:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 02:41]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 02:41]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [29/05/2004 10:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 15:09]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [26/09/2007 18:05]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 00:00]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [13/03/2008 16:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 18:41]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [16/04/2008 12:53]
"Steam"="C:\Program Files\Steam\Steam.exe" [29/05/2008 20:07]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 10:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQklLd]
urqQklLd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 16/06/2008 21:15 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqPjHxV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsb74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-16 21:30:25 ------------

Edited by TheHat, 16 June 2008 - 03:37 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:20 AM

Posted 16 June 2008 - 04:23 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 June 2008 - 03:40 AM

Hi Sam, many thnaks for replying. I will be back home later and will do as requested and post the log.

Many Thanks

Gary

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:20 AM

Posted 17 June 2008 - 08:45 AM

Sounds good. I'll be around. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 17 June 2008 - 04:02 PM

Sam

Log as requested.

Cheers

Gary



ComboFix 08-06-16.5 - Gary Spires 2008-06-17 21:50:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.660 [GMT 1:00]
Running from: C:\Documents and Settings\Gary Spires\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gary Spires\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\Winsb74.sys
C:\WINDOWS\system32\gxcneujg.ini
C:\WINDOWS\system32\ibfvcold.ini
C:\WINDOWS\system32\VxHjPqru.ini
C:\WINDOWS\system32\VxHjPqru.ini2
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\xycfOXbc.ini
C:\WINDOWS\system32\xycfOXbc.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINSB74
-------\Service_Winsb74


((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 21:49 . 2008-06-17 21:49 268 --ah----- C:\sqmdata14.sqm
2008-06-17 21:49 . 2008-06-17 21:49 244 --ah----- C:\sqmnoopt14.sqm
2008-06-17 08:01 . 2008-06-17 08:01 268 --ah----- C:\sqmdata13.sqm
2008-06-17 08:01 . 2008-06-17 08:01 244 --ah----- C:\sqmnoopt13.sqm
2008-06-16 21:21 . 2008-06-16 21:21 268 --ah----- C:\sqmdata12.sqm
2008-06-16 21:21 . 2008-06-16 21:21 244 --ah----- C:\sqmnoopt12.sqm
2008-06-16 21:19 . 2008-06-16 21:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 20:54 . 2008-06-16 20:54 268 --ah----- C:\sqmdata11.sqm
2008-06-16 20:54 . 2008-06-16 20:54 244 --ah----- C:\sqmnoopt11.sqm
2008-06-16 20:45 . 2008-06-16 20:45 268 --ah----- C:\sqmdata10.sqm
2008-06-16 20:45 . 2008-06-16 20:45 244 --ah----- C:\sqmnoopt10.sqm
2008-06-16 20:43 . 2008-06-16 20:43 <DIR> d-------- C:\Deckard
2008-06-16 19:14 . 2008-06-16 19:14 268 --ah----- C:\sqmdata09.sqm
2008-06-16 19:14 . 2008-06-16 19:14 244 --ah----- C:\sqmnoopt09.sqm
2008-06-16 17:17 . 2008-06-16 17:17 268 --ah----- C:\sqmdata08.sqm
2008-06-16 17:17 . 2008-06-16 17:17 244 --ah----- C:\sqmnoopt08.sqm
2008-06-16 15:28 . 2008-06-16 15:28 268 --ah----- C:\sqmdata07.sqm
2008-06-16 15:28 . 2008-06-16 15:28 244 --ah----- C:\sqmnoopt07.sqm
2008-06-13 23:36 . 2008-06-13 23:36 743 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-13 23:19 . 2008-06-13 23:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-13 23:03 . 2008-06-16 15:44 <DIR> d-------- C:\SDFix
2008-06-13 22:53 . 2008-06-13 22:53 32 --a-s---- C:\WINDOWS\system32\1955306672.dat
2008-06-13 13:39 . 2008-06-13 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-12 07:35 . 2008-06-12 07:35 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 20:55 . 2008-06-11 23:45 251 --a------ C:\WINDOWS\wininit.ini
2008-06-11 20:29 . 2008-06-12 19:58 2,870 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 18:25 . 2008-04-14 13:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 18:25 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 19:45 . 2008-06-09 19:46 <DIR> d-------- C:\Program Files\FLAC
2008-06-08 16:31 . 2008-06-08 16:31 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-06-08 15:11 . 2008-06-08 15:11 <DIR> d-------- C:\Program Files\rgcaudio software
2008-06-08 13:58 . 2008-06-13 21:03 <DIR> d-------- C:\jingle
2008-06-08 13:56 . 2008-06-08 15:22 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\Steinberg
2008-06-08 13:48 . 2008-06-08 13:48 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-08 13:45 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\DAEMON Tools
2008-06-08 13:45 . 2008-06-08 13:45 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-08 13:33 . 2008-06-08 14:52 <DIR> d-------- C:\Program Files\Steinberg
2008-06-08 13:30 . 2008-06-08 13:30 <DIR> d-------- C:\Program Files\Syncrosoft
2008-06-08 13:30 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-06-08 13:30 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-06-08 13:30 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-06-08 13:30 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-06-08 13:30 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-06-08 13:30 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-06-08 13:30 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-06-08 13:30 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-30 00:14 . 2008-05-30 00:14 268 --ah----- C:\sqmdata06.sqm
2008-05-30 00:14 . 2008-05-30 00:14 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 23:40 . 2008-05-29 23:40 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\KALiNKOsoft
2008-05-29 21:11 . 2008-05-29 21:11 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-05-29 20:50 . 2008-05-29 20:50 280 --ah----- C:\sqmdata04.sqm
2008-05-29 20:50 . 2008-05-29 20:50 244 --ah----- C:\sqmnoopt04.sqm
2008-05-29 20:49 . 2008-05-29 20:49 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-05-29 20:49 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-05-29 20:49 . 2007-04-04 19:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-29 20:49 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2008-05-29 20:49 . 2008-05-29 20:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-05-29 20:40 . 2008-05-29 20:40 <DIR> d-------- C:\Program Files\XBox 360 Controller for Windows Software
2008-05-29 20:07 . 2008-06-17 21:56 <DIR> d-------- C:\Program Files\Steam
2008-05-23 22:14 . 2008-04-13 19:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-23 22:14 . 2008-04-13 19:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-23 22:14 . 2008-05-23 22:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-23 22:14 . 2008-05-23 22:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-23 22:12 . 2008-05-23 22:23 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\PC Suite
2008-05-23 22:12 . 2008-05-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\DIFX
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-23 22:11 . 2008-05-23 22:14 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\Nokia
2008-05-23 22:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-23 22:10 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\Nokia
2008-05-23 22:10 . 2008-05-23 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-23 22:10 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-23 22:10 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-23 22:10 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-23 22:10 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-05-23 22:10 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-23 22:10 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-05-18 19:01 . 2008-05-18 19:01 <DIR> d-------- C:\Program Files\DVD Audio Extractor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 06:36 --------- d-----w C:\Program Files\LogMeIn
2008-06-13 21:51 --------- d-----w C:\Documents and Settings\Gary Spires\Application Data\uTorrent
2008-06-13 19:45 --------- d-----w C:\Program Files\Registry Clean Expert
2008-06-02 18:32 --------- d-----w C:\Program Files\Winamp Remote
2008-05-29 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 11:35 --------- d-----w C:\Documents and Settings\Gary Spires\Application Data\Winamp
2008-05-15 21:01 --------- d-----w C:\Program Files\LeechFTP
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 09:48 --------- d-----w C:\Program Files\Winamp
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 12:14 --------- d-----w C:\Program Files\2BrightSparks
2008-04-30 22:01 --------- d-----w C:\Program Files\StationPlaylist
2008-04-30 22:01 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-30 21:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-28 07:40 --------- d-----w C:\Documents and Settings\Gary Spires\Application Data\Acronis
2008-04-28 07:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis
2008-04-28 07:32 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-04-28 07:32 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-28 07:32 368,544 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-04-28 07:32 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-04-28 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-04-27 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2008-04-27 17:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-19 13:47 167 ----a-w C:\Documents and Settings\Gary Spires\udownload.dat
2007-08-09 13:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 13:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-29 20:07 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 10:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 12:41 24576 C:\WINDOWS\system32\ptipbm.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 08:19 172032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2004-05-29 10:49 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQklLd]
urqQklLd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--------- 2006-10-19 20:44 20480 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-10-27 11:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
-ra------ 2002-12-17 12:40 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 16:35 1410344 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2008-02-19 01:26 604920 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 10:42 585728 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 17:28 790528 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\LeechFTP\\Leechftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Radio Toolbox\\rtb.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\garythehat_uk\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 BelkinNGservicename;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card;C:\WINDOWS\system32\DRIVERS\GigNIC.sys [2005-02-08 04:56]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-09-14 14:31]
R3 RDID1061;EDIROL UA-4FX;C:\WINDOWS\system32\Drivers\rdwm1061.sys [2005-07-26 02:22]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 17:20]
S3 P1370Aud;Creative WebCam Audio Control;C:\WINDOWS\system32\Drivers\P1370Aud.sys [2005-12-05 01:29]
S3 P1370Aul;PD1370 Lower Filter Driver;C:\WINDOWS\system32\Drivers\P1370Aul.sys [2005-12-06 01:58]
S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-04-10 11:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 11:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 21:54:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvcEventSystem]
"ImagePath"=" srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-06-17 21:57:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 20:57:42

Pre-Run: 14,311,571,456 bytes free
Post-Run: 14,227,779,584 bytes free

310 --- E O F --- 2008-06-13 22:37:05

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:20 AM

Posted 18 June 2008 - 03:55 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQklLd]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===============



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 25 June 2008 - 07:09 AM

Hi Kasperkey log below, I will post Combo Fix log ASAP.

Cheers

Gary

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 21, 2008 08:05:56
Records in database: 879863
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 161466
Threat name: 8
Infected objects: 9
Suspicious objects: 1
Duration of the scan: 05:50:05


File name / Threat name / Threats count
C:\Documents and Settings\Gary Spires\Desktop\KEY PEN\spyware + healthcheck tools\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Gary Spires\Desktop\KEY PEN\spyware + healthcheck tools\Vundo Remover\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.k 1
C:\Documents and Settings\Gary Spires\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABUVWX\x86__LogMeIn.dll[1].cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.f 1
C:\Program Files\LogMeIn\x86\LogMeIn.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Winsb74.sys.zip Infected: Trojan-Dropper.Win32.Agent.son 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.aea 1
C:\SDFix\backups_old\backups.zip Infected: Trojan-Downloader.Win32.Mutant.agh 1
F:\Programs\Ahead.Nero.v8.2.8.0.Incl.Keymaker-EMBRACE\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
I:\RECYCLER\S-1-5-21-2052111302-1770027372-1801674531-1003\Dh10.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

#8 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 25 June 2008 - 07:14 AM

ComboFix 08-06-16.5 - Gary Spires 2008-06-19 20:33:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.620 [GMT 1:00]
Running from: C:\Documents and Settings\Gary Spires\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gary Spires\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 18:47 . 2008-06-19 18:47 268 --ah----- C:\sqmdata18.sqm
2008-06-19 18:47 . 2008-06-19 18:47 244 --ah----- C:\sqmnoopt18.sqm
2008-06-18 22:33 . 2008-06-18 22:33 268 --ah----- C:\sqmdata17.sqm
2008-06-18 22:33 . 2008-06-18 22:33 244 --ah----- C:\sqmnoopt17.sqm
2008-06-18 12:14 . 2008-06-18 12:14 268 --ah----- C:\sqmdata16.sqm
2008-06-18 12:14 . 2008-06-18 12:14 244 --ah----- C:\sqmnoopt16.sqm
2008-06-17 23:29 . 2008-06-17 23:29 268 --ah----- C:\sqmdata15.sqm
2008-06-17 23:29 . 2008-06-17 23:29 244 --ah----- C:\sqmnoopt15.sqm
2008-06-17 21:49 . 2008-06-17 21:49 268 --ah----- C:\sqmdata14.sqm
2008-06-17 21:49 . 2008-06-17 21:49 244 --ah----- C:\sqmnoopt14.sqm
2008-06-17 08:01 . 2008-06-17 08:01 268 --ah----- C:\sqmdata13.sqm
2008-06-17 08:01 . 2008-06-17 08:01 244 --ah----- C:\sqmnoopt13.sqm
2008-06-16 21:21 . 2008-06-16 21:21 268 --ah----- C:\sqmdata12.sqm
2008-06-16 21:21 . 2008-06-16 21:21 244 --ah----- C:\sqmnoopt12.sqm
2008-06-16 21:19 . 2008-06-16 21:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 20:54 . 2008-06-16 20:54 268 --ah----- C:\sqmdata11.sqm
2008-06-16 20:54 . 2008-06-16 20:54 244 --ah----- C:\sqmnoopt11.sqm
2008-06-16 20:45 . 2008-06-16 20:45 268 --ah----- C:\sqmdata10.sqm
2008-06-16 20:45 . 2008-06-16 20:45 244 --ah----- C:\sqmnoopt10.sqm
2008-06-16 20:43 . 2008-06-16 20:43 <DIR> d-------- C:\Deckard
2008-06-16 19:14 . 2008-06-16 19:14 268 --ah----- C:\sqmdata09.sqm
2008-06-16 19:14 . 2008-06-16 19:14 244 --ah----- C:\sqmnoopt09.sqm
2008-06-16 17:17 . 2008-06-16 17:17 268 --ah----- C:\sqmdata08.sqm
2008-06-16 17:17 . 2008-06-16 17:17 244 --ah----- C:\sqmnoopt08.sqm
2008-06-16 15:28 . 2008-06-16 15:28 268 --ah----- C:\sqmdata07.sqm
2008-06-16 15:28 . 2008-06-16 15:28 244 --ah----- C:\sqmnoopt07.sqm
2008-06-13 23:36 . 2008-06-13 23:36 743 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-13 23:19 . 2008-06-13 23:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-13 23:03 . 2008-06-16 15:44 <DIR> d-------- C:\SDFix
2008-06-13 22:53 . 2008-06-13 22:53 32 --a-s---- C:\WINDOWS\system32\1955306672.dat
2008-06-13 13:39 . 2008-06-13 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-12 07:35 . 2008-06-12 07:35 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 20:55 . 2008-06-11 23:45 251 --a------ C:\WINDOWS\wininit.ini
2008-06-11 20:29 . 2008-06-12 19:58 2,870 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 18:25 . 2008-04-14 13:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 18:25 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 19:45 . 2008-06-09 19:46 <DIR> d-------- C:\Program Files\FLAC
2008-06-08 16:31 . 2008-06-08 16:31 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-06-08 15:11 . 2008-06-08 15:11 <DIR> d-------- C:\Program Files\rgcaudio software
2008-06-08 13:56 . 2008-06-08 15:22 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\Steinberg
2008-06-08 13:48 . 2008-06-08 13:48 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-08 13:45 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\DAEMON Tools
2008-06-08 13:45 . 2008-06-08 13:45 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-08 13:33 . 2008-06-08 14:52 <DIR> d-------- C:\Program Files\Steinberg
2008-06-08 13:30 . 2008-06-08 13:30 <DIR> d-------- C:\Program Files\Syncrosoft
2008-06-08 13:30 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-06-08 13:30 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-06-08 13:30 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-06-08 13:30 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-06-08 13:30 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-06-08 13:30 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-06-08 13:30 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-06-08 13:30 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-30 00:14 . 2008-05-30 00:14 268 --ah----- C:\sqmdata06.sqm
2008-05-30 00:14 . 2008-05-30 00:14 244 --ah----- C:\sqmnoopt06.sqm
2008-05-29 23:40 . 2008-05-29 23:40 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\KALiNKOsoft
2008-05-29 21:11 . 2008-05-29 21:11 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-05-29 20:50 . 2008-05-29 20:50 280 --ah----- C:\sqmdata04.sqm
2008-05-29 20:50 . 2008-05-29 20:50 244 --ah----- C:\sqmnoopt04.sqm
2008-05-29 20:49 . 2008-05-29 20:49 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-05-29 20:49 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-05-29 20:49 . 2007-04-04 19:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-29 20:49 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2008-05-29 20:49 . 2008-05-29 20:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-05-29 20:40 . 2008-05-29 20:40 <DIR> d-------- C:\Program Files\XBox 360 Controller for Windows Software
2008-05-29 20:07 . 2008-06-19 20:24 <DIR> d-------- C:\Program Files\Steam
2008-05-23 22:14 . 2008-04-13 19:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-23 22:14 . 2008-04-13 19:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-23 22:14 . 2008-05-23 22:14 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-23 22:14 . 2008-05-23 22:14 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-23 22:12 . 2008-05-23 22:23 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\PC Suite
2008-05-23 22:12 . 2008-05-23 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\DIFX
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 22:11 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-23 22:11 . 2008-05-23 22:14 <DIR> d-------- C:\Documents and Settings\Gary Spires\Application Data\Nokia
2008-05-23 22:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-23 22:10 . 2008-05-23 22:11 <DIR> d-------- C:\Program Files\Nokia
2008-05-23 22:10 . 2008-05-23 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-23 22:10 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-23 22:10 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-23 22:10 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-23 22:10 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-05-23 22:10 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-23 22:10 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 17:44 --------- d-----w C:\Program Files\LogMeIn
2008-06-18 20:14 58,291 ----a-w C:\WINDOWS\sfshell.tmp
2008-06-13 21:51 --------- d-----w C:\Documents and Settings\Gary Spires\Application Data\uTorrent
2008-06-13 19:45 --------- d-----w C:\Program Files\Registry Clean Expert
2008-06-02 18:32 --------- d-----w C:\Program Files\Winamp Remote
2008-05-29 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 11:35 --------- d-----w C:\Documents and Settings\Gary Spires\Application Data\Winamp
2008-05-18 18:01 --------- d-----w C:\Program Files\DVD Audio Extractor
2008-05-15 21:01 --------- d-----w C:\Program Files\LeechFTP
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 09:48 --------- d-----w C:\Program Files\Winamp
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 12:14 --------- d-----w C:\Program Files\2BrightSparks
2008-04-30 22:01 --------- d-----w C:\Program Files\StationPlaylist
2008-04-30 22:01 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-30 21:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-28 07:40 --------- d-----w C:\Documents and Settings\Gary Spires\Application Data\Acronis
2008-04-28 07:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis
2008-04-28 07:32 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-04-28 07:32 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-28 07:32 368,544 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-04-28 07:32 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-04-28 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-04-27 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
2008-04-27 17:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-19 13:47 167 ----a-w C:\Documents and Settings\Gary Spires\udownload.dat
2007-08-09 13:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 13:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_21.57.29.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 20:54:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 19:23:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-29 20:07 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 10:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 12:41 24576 C:\WINDOWS\system32\ptipbm.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 08:19 172032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2004-05-29 10:49 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--------- 2006-10-19 20:44 20480 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-10-27 11:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
-ra------ 2002-12-17 12:40 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 16:35 1410344 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2008-02-19 01:26 604920 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 10:42 585728 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 17:28 790528 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 14:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\LeechFTP\\Leechftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Radio Toolbox\\rtb.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\garythehat_uk\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 BelkinNGservicename;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card;C:\WINDOWS\system32\DRIVERS\GigNIC.sys [2005-02-08 04:56]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-09-14 14:31]
R3 RDID1061;EDIROL UA-4FX;C:\WINDOWS\system32\Drivers\rdwm1061.sys [2005-07-26 02:22]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2007-11-14 17:20]
S3 P1370Aud;Creative WebCam Audio Control;C:\WINDOWS\system32\Drivers\P1370Aud.sys [2005-12-05 01:29]
S3 P1370Aul;PD1370 Lower Filter Driver;C:\WINDOWS\system32\Drivers\P1370Aul.sys [2005-12-06 01:58]
S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-04-10 11:08]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 11:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:35:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvcEventSystem]
"ImagePath"=" srv"
.
Completion time: 2008-06-19 20:36:34
ComboFix-quarantined-files.txt 2008-06-19 19:36:06
ComboFix2.txt 2008-06-17 20:57:47

Pre-Run: 14,205,353,984 bytes free
Post-Run: 14,190,030,848 bytes free

291 --- E O F --- 2008-06-13 22:37:05

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:20 AM

Posted 25 June 2008 - 09:15 AM

I would delete these files that Kaspersky picked up.

F:\Programs\Ahead.Nero.v8.2.8.0.Incl.Keymaker-EMBRACE\Nero-8.2.8.0_eng_trial.exe
I:\RECYCLER\S-1-5-21-2052111302-1770027372-1801674531-1003\Dh10.pst



Aside from that, your log is looking pretty good.
How are things on your end?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 TheHat

TheHat
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 25 June 2008 - 12:54 PM

Yeah it seems to be running ok, I'm doing a regular spyware/antivirus check every few days to see if anything reoccurs, but it seems fine. It teaches you a bit when you get affected.
I really appreciate all your help you have given me.

Gary

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:20 AM

Posted 25 June 2008 - 01:24 PM

Happy to help out! :)

Just a few last things and you should be good to go! :thumbup2:


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :spacer:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:20 AM

Posted 09 July 2008 - 10:42 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users