Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Don't Know What Type Of Infection I Have


  • This topic is locked This topic is locked
11 replies to this topic

#1 andrewsaputo

andrewsaputo

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 19 August 2008 - 01:26 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:29 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\windows\system32\slserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\windows-kb890830-v2.1.exe
k:\55daa4c34ae7c261499248070f59\mrtstub.exe
C:\windows\system32\MRT.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\stinger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.34.213.167:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139871916234
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pshgmbdh - pshgmbdh.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11797 bytes

Thanks

BC AdBot (Login to Remove)

 


m

#2 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 20 August 2008 - 12:18 PM

I think i got the vundo virus but i'm not sure. Ad-aware came up with that. How that helps out. Thanks for your time
Andrew

#3 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 20 August 2008 - 12:24 PM

Here is my current Hijackthis log file. I scanned the computer a couple of time more and it picked things up. Just need help analyzing. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:32 AM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\windows\system32\slserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.34.213.167:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139871916234
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pshgmbdh - pshgmbdh.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11429 bytes

My computer seems to be running fine, but for some reason, if i let it sit there for longer than10 minutes, it logs me out and i have to put my password in to get back to my screen. I thought that was odd. Other than that, Everything is running smoothly, no pop ups, blue screens, or funky backgrounds. Hope this helps.
Andrew

#4 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 24 August 2008 - 02:26 PM

Any help please?

#5 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:25 PM

Posted 30 August 2008 - 05:57 PM

Hello and welcome to BC


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
    Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply please post back with the following reports:
  • RSIT log.txt
  • RSIT info.txt
  • Kaspersky report
Regards
SNOWHITE
Posted Image

#6 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 02 September 2008 - 02:01 PM

Here is the Log.txt

Logfile of random's system information tool (written by random/random)
Run by User at 2008-09-02 11:56:48
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 58 GB (38%) free of 153 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:35 AM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\windows\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\windows\system32\slserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\flashget.exe
C:\windows\system32\cidaemon.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.34.213.167:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139871916234
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pshgmbdh - pshgmbdh.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12142 bytes

Scheduled tasks folder

C:\windows\tasks\1-Click Maintenance.job
C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\CAAntiSpywareScan_Daily as User at 12 46 AM.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-13 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-15 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CA Toolbar Helper - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2008-06-23 275896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2008-06-23 275896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2005-08-02 7110656]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-08-19 181488]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-08-19 234736]
"cafw"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-08-19 771312]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-08-19 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-08-19 259312]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe [2008-08-19 14088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-13 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
C:\WINDOWS\System32\bridge.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Search.vbs]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\windows\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pshgmbdh]
pshgmbdh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-04-13 5104128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{B3ADDB7B-3DF5-4672-82DD-775FFF180134}"= []
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\aim\aim.exe"="C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\a.exe"="C:\WINDOWS\system32\a.exe:*:Disabled:a"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\aim\aim.exe"="C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95374d85-6198-11dc-873c-00038a000015}]
shell\AutoRun\command - I:\LaunchU3.exe -a


List of files/folders created in the last three months

2008-09-02 11:56:48 ----D---- C:\rsit
2008-08-31 23:58:10 ----D---- C:\Documents and Settings\User\Application Data\uTorrent
2008-08-21 21:51:10 ----D---- C:\windows\Prefetch
2008-08-21 12:46:30 ----D---- C:\windows\system32\scripting
2008-08-21 12:46:26 ----D---- C:\windows\l2schemas
2008-08-21 12:46:24 ----D---- C:\windows\system32\en
2008-08-21 12:32:32 ----D---- C:\windows\network diagnostic
2008-08-21 12:26:59 ----N---- C:\windows\system32\qmgr.dll
2008-08-21 12:26:51 ----N---- C:\windows\system32\xpsp2res.dll
2008-08-21 12:24:52 ----N---- C:\windows\system32\comctl32.dll
2008-08-21 12:24:52 ----N---- C:\windows\system32\cmd.exe
2008-08-21 12:24:52 ----N---- C:\windows\system32\cacls.exe
2008-08-21 12:24:52 ----N---- C:\windows\system32\autoconv.exe
2008-08-21 12:24:52 ----N---- C:\windows\system32\autochk.exe
2008-08-21 12:24:52 ----N---- C:\windows\system32\advapi32.dll
2008-08-21 12:24:51 ----N---- C:\windows\system32\locator.exe
2008-08-21 12:24:51 ----N---- C:\windows\system32\localspl.dll
2008-08-21 12:24:51 ----N---- C:\windows\system32\lmhsvc.dll
2008-08-21 12:24:51 ----N---- C:\windows\system32\kernel32.dll
2008-08-21 12:24:51 ----N---- C:\windows\system32\imagehlp.dll
2008-08-21 12:24:51 ----N---- C:\windows\system32\ftp.exe
2008-08-21 12:24:51 ----N---- C:\windows\system32\format.com
2008-08-21 12:24:51 ----N---- C:\windows\system32\csrsrv.dll
2008-08-21 12:24:51 ----N---- C:\windows\system32\comdlg32.dll
2008-08-21 12:24:51 ----A---- C:\windows\system32\dhcpcsvc.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\ntprint.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\ntlsapi.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\ntdll.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\nslookup.exe
2008-08-21 12:24:50 ----N---- C:\windows\system32\msv1_0.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\msgsvc.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\mgmtapi.dll
2008-08-21 12:24:50 ----N---- C:\windows\system32\lsasrv.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\rasdlg.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\rasauto.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\rasapi32.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\printui.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\perfctrs.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\olecnv32.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\oleaut32.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\nwprovau.dll
2008-08-21 12:24:49 ----N---- C:\windows\system32\ntvdm.exe
2008-08-21 12:24:48 ----N---- C:\windows\system32\sessmgr.exe
2008-08-21 12:24:48 ----N---- C:\windows\system32\services.exe
2008-08-21 12:24:48 ----N---- C:\windows\system32\schannel.dll
2008-08-21 12:24:48 ----N---- C:\windows\system32\scardsvr.exe
2008-08-21 12:24:48 ----N---- C:\windows\system32\savedump.exe
2008-08-21 12:24:48 ----N---- C:\windows\system32\samsrv.dll
2008-08-21 12:24:48 ----N---- C:\windows\system32\samlib.dll
2008-08-21 12:24:48 ----N---- C:\windows\system32\rshx32.dll
2008-08-21 12:24:48 ----N---- C:\windows\system32\rastapi.dll
2008-08-21 12:24:48 ----N---- C:\windows\system32\rasman.dll
2008-08-21 12:24:47 ----N---- C:\windows\system32\tcpmonui.dll
2008-08-21 12:24:47 ----N---- C:\windows\system32\syssetup.dll
2008-08-21 12:24:47 ----N---- C:\windows\system32\srvsvc.dll
2008-08-21 12:24:47 ----N---- C:\windows\system32\smss.exe
2008-08-21 12:24:47 ----N---- C:\windows\system32\setupapi.dll
2008-08-21 12:24:46 ----N---- C:\windows\system32\wkssvc.dll
2008-08-21 12:24:46 ----N---- C:\windows\system32\win32spl.dll
2008-08-21 12:24:46 ----N---- C:\windows\system32\userinit.exe
2008-08-21 12:24:46 ----N---- C:\windows\system32\untfs.dll
2008-08-21 12:24:46 ----N---- C:\windows\system32\ulib.dll
2008-08-21 12:24:37 ----N---- C:\windows\system32\ntkrnlpa.exe
2008-08-21 12:24:37 ----N---- C:\windows\system32\hal.dll
2008-08-21 12:24:36 ----N---- C:\windows\system32\ntoskrnl.exe
2008-08-21 06:17:29 ----N---- C:\windows\system32\SET170.tmp
2008-08-21 06:17:29 ----N---- C:\windows\system32\SET16F.tmp
2008-08-21 06:17:29 ----N---- C:\windows\system32\SET16E.tmp
2008-08-21 06:17:28 ----N---- C:\windows\system32\SETEEB.tmp
2008-08-21 06:17:28 ----N---- C:\windows\system32\SET171.tmp
2008-08-21 06:17:27 ----N---- C:\windows\system32\SET175.tmp
2008-08-21 06:17:27 ----N---- C:\windows\system32\SET173.tmp
2008-08-21 06:17:26 ----N---- C:\windows\system32\SETEEE.tmp
2008-08-21 06:17:26 ----N---- C:\windows\system32\SET180.tmp
2008-08-21 06:17:26 ----N---- C:\windows\system32\SET17D.tmp
2008-08-21 06:17:26 ----N---- C:\windows\system32\SET17C.tmp
2008-08-21 06:17:22 ----N---- C:\windows\system32\SET18E.tmp
2008-08-21 06:17:22 ----N---- C:\windows\system32\SET18B.tmp
2008-08-21 06:17:22 ----N---- C:\windows\system32\SET18A.tmp
2008-08-21 06:17:22 ----N---- C:\windows\system32\SET189.tmp
2008-08-21 06:17:21 ----N---- C:\windows\system32\SET198.tmp
2008-08-21 06:17:21 ----N---- C:\windows\system32\SET197.tmp
2008-08-21 06:17:21 ----N---- C:\windows\system32\SET196.tmp
2008-08-21 06:17:21 ----N---- C:\windows\system32\SET193.tmp
2008-08-21 06:17:21 ----N---- C:\windows\system32\SET192.tmp
2008-08-21 06:17:21 ----N---- C:\windows\system32\SET18F.tmp
2008-08-21 06:17:21 ----A---- C:\windows\system32\SET190.tmp
2008-08-21 06:17:20 ----N---- C:\windows\system32\SETEF3.tmp
2008-08-21 06:17:19 ----N---- C:\windows\system32\SET1A6.tmp
2008-08-21 06:17:19 ----A---- C:\windows\system32\SET1A5.tmp
2008-08-21 06:17:19 ----A---- C:\windows\system32\SET19E.tmp
2008-08-21 06:17:18 ----A---- C:\windows\system32\SET1A7.tmp
2008-08-21 06:17:16 ----N---- C:\windows\system32\SETEF7.tmp
2008-08-21 06:17:16 ----N---- C:\windows\system32\SET1AC.tmp
2008-08-21 06:17:16 ----N---- C:\windows\system32\SET1AA.tmp
2008-08-21 06:17:15 ----N---- C:\windows\system32\SET1AE.tmp
2008-08-21 06:17:14 ----N---- C:\windows\system32\SET1B7.tmp
2008-08-21 06:17:14 ----N---- C:\windows\system32\SET1B5.tmp
2008-08-21 06:17:13 ----N---- C:\windows\system32\SET1BB.tmp
2008-08-21 06:17:13 ----N---- C:\windows\system32\SET1B8.tmp
2008-08-21 06:17:13 ----A---- C:\windows\system32\SET1B9.tmp
2008-08-21 06:17:12 ----N---- C:\windows\system32\SET1C0.tmp
2008-08-21 06:17:10 ----N---- C:\windows\system32\SET1C3.tmp
2008-08-21 06:17:10 ----N---- C:\windows\system32\SET1C2.tmp
2008-08-21 06:17:10 ----N---- C:\windows\system32\SET1C1.tmp
2008-08-21 06:17:09 ----N---- C:\windows\system32\SET1C6.tmp
2008-08-21 06:17:08 ----N---- C:\windows\system32\SET1CC.tmp
2008-08-21 06:17:07 ----N---- C:\windows\system32\SET1D2.tmp
2008-08-21 06:17:06 ----N---- C:\windows\system32\SET1D6.tmp
2008-08-21 06:17:06 ----N---- C:\windows\system32\SET1D3.tmp
2008-08-21 06:17:05 ----N---- C:\windows\system32\SET1DA.tmp
2008-08-21 06:17:05 ----N---- C:\windows\system32\SET1D9.tmp
2008-08-21 06:17:04 ----A---- C:\windows\system32\SET1E1.tmp
2008-08-21 06:17:03 ----N---- C:\windows\system32\SETEFE.tmp
2008-08-21 06:17:03 ----N---- C:\windows\system32\SET1E9.tmp
2008-08-21 06:17:03 ----N---- C:\windows\system32\SET1E5.tmp
2008-08-21 06:17:03 ----A---- C:\windows\system32\SET1E2.tmp
2008-08-21 06:17:02 ----N---- C:\windows\system32\SET1F3.tmp
2008-08-21 06:17:02 ----N---- C:\windows\system32\SET1F2.tmp
2008-08-21 06:17:01 ----N---- C:\windows\system32\SET1F8.tmp
2008-08-21 06:17:01 ----N---- C:\windows\system32\SET1F6.tmp
2008-08-21 06:17:00 ----N---- C:\windows\system32\SET1FB.tmp
2008-08-21 06:17:00 ----N---- C:\windows\system32\SET1FA.tmp
2008-08-21 06:17:00 ----N---- C:\windows\system32\SET1F9.tmp
2008-08-21 06:16:59 ----N---- C:\windows\system32\SET1FD.tmp
2008-08-21 06:16:59 ----N---- C:\windows\system32\SET1FC.tmp
2008-08-21 06:16:54 ----N---- C:\windows\system32\SET211.tmp
2008-08-21 06:16:54 ----A---- C:\windows\system32\SET20D.tmp
2008-08-21 06:16:53 ----N---- C:\windows\system32\SET216.tmp
2008-08-21 06:16:53 ----N---- C:\windows\system32\SET214.tmp
2008-08-21 06:16:53 ----N---- C:\windows\system32\SET213.tmp
2008-08-21 06:16:53 ----A---- C:\windows\system32\SET212.tmp
2008-08-21 06:16:52 ----N---- C:\windows\system32\SET21C.tmp
2008-08-21 06:16:52 ----N---- C:\windows\system32\SET21B.tmp
2008-08-21 06:16:52 ----A---- C:\windows\system32\SET218.tmp
2008-08-21 06:16:52 ----A---- C:\windows\system32\SET217.tmp
2008-08-21 06:16:51 ----N---- C:\windows\system32\SET221.tmp
2008-08-21 06:16:51 ----N---- C:\windows\system32\SET220.tmp
2008-08-21 06:16:50 ----N---- C:\windows\system32\SET226.tmp
2008-08-21 06:16:50 ----N---- C:\windows\system32\SET225.tmp
2008-08-21 06:16:49 ----N---- C:\windows\system32\SET22E.tmp
2008-08-21 06:16:49 ----N---- C:\windows\system32\SET22D.tmp
2008-08-21 06:16:49 ----N---- C:\windows\system32\SET22C.tmp
2008-08-21 06:16:47 ----N---- C:\windows\system32\SET23C.tmp
2008-08-21 06:16:47 ----N---- C:\windows\system32\SET236.tmp
2008-08-21 06:16:46 ----N---- C:\windows\system32\SET240.tmp
2008-08-21 06:16:46 ----N---- C:\windows\system32\SET23D.tmp
2008-08-21 06:16:46 ----A---- C:\windows\system32\SET23E.tmp
2008-08-21 06:16:45 ----N---- C:\windows\system32\SET248.tmp
2008-08-21 06:16:45 ----N---- C:\windows\system32\SET242.tmp
2008-08-21 06:16:43 ----N---- C:\windows\system32\SET256.tmp
2008-08-21 06:16:43 ----N---- C:\windows\system32\SET254.tmp
2008-08-21 06:16:43 ----A---- C:\windows\system32\SET258.tmp
2008-08-21 06:16:42 ----N---- C:\windows\system32\SET25D.tmp
2008-08-21 06:16:42 ----N---- C:\windows\system32\SET259.tmp
2008-08-21 06:16:42 ----A---- C:\windows\system32\SET25A.tmp
2008-08-21 06:16:40 ----N---- C:\windows\system32\SET26B.tmp
2008-08-21 06:16:40 ----N---- C:\windows\system32\SET26A.tmp
2008-08-21 06:16:40 ----N---- C:\windows\system32\SET266.tmp
2008-08-21 06:16:39 ----N---- C:\windows\system32\SET270.tmp
2008-08-21 06:16:39 ----N---- C:\windows\system32\SET26E.tmp
2008-08-21 06:16:38 ----N---- C:\windows\system32\SET273.tmp
2008-08-21 06:16:37 ----N---- C:\windows\system32\SET27E.tmp
2008-08-21 06:16:37 ----N---- C:\windows\system32\SET27A.tmp
2008-08-21 06:16:33 ----N---- C:\windows\system32\SET288.tmp
2008-08-21 06:16:33 ----N---- C:\windows\system32\SET287.tmp
2008-08-21 06:16:32 ----N---- C:\windows\system32\SET290.tmp
2008-08-21 06:16:32 ----N---- C:\windows\system32\SET28F.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET29F.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET29E.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET29D.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET29B.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET29A.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET299.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET297.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET296.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET295.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET294.tmp
2008-08-21 06:16:31 ----N---- C:\windows\system32\SET293.tmp
2008-08-21 06:16:30 ----N---- C:\windows\system32\SET2A1.tmp
2008-08-21 06:16:28 ----N---- C:\windows\system32\SET2A4.tmp
2008-08-21 06:16:27 ----N---- C:\windows\system32\SET2AA.tmp
2008-08-21 06:16:27 ----N---- C:\windows\system32\SET2A9.tmp
2008-08-21 06:16:26 ----N---- C:\windows\system32\SET2AB.tmp
2008-08-21 06:16:24 ----N---- C:\windows\system32\SET2AF.tmp
2008-08-21 06:16:23 ----N---- C:\windows\system32\SET2B2.tmp
2008-08-21 06:16:23 ----N---- C:\windows\system32\SET2B1.tmp
2008-08-21 06:16:23 ----N---- C:\windows\system32\SET2B0.tmp
2008-08-21 06:16:22 ----N---- C:\windows\system32\SET2BA.tmp
2008-08-21 06:16:22 ----N---- C:\windows\system32\SET2B9.tmp
2008-08-21 06:16:22 ----N---- C:\windows\system32\SET2B7.tmp
2008-08-21 06:16:22 ----N---- C:\windows\system32\SET2B4.tmp
2008-08-21 06:16:21 ----N---- C:\windows\system32\SET2C1.tmp
2008-08-21 06:16:21 ----N---- C:\windows\system32\SET2BD.tmp
2008-08-21 06:16:21 ----A---- C:\windows\system32\SET2BE.tmp
2008-08-21 06:16:20 ----N---- C:\windows\system32\SET2C5.tmp
2008-08-21 06:16:20 ----N---- C:\windows\system32\SET2C4.tmp
2008-08-21 06:16:19 ----A---- C:\windows\system32\SET2CC.tmp
2008-08-21 06:16:18 ----A---- C:\windows\system32\SET2CE.tmp
2008-08-21 06:16:17 ----A---- C:\windows\system32\SET2D1.tmp
2008-08-21 06:16:16 ----N---- C:\windows\system32\SET2D8.tmp
2008-08-21 06:16:16 ----N---- C:\windows\system32\SET2D7.tmp
2008-08-21 06:16:16 ----N---- C:\windows\system32\SET2D5.tmp
2008-08-21 06:16:15 ----N---- C:\windows\system32\SET2DC.tmp
2008-08-21 06:16:14 ----N---- C:\windows\system32\SET2E2.tmp
2008-08-21 06:16:13 ----N---- C:\windows\system32\SET2E6.tmp
2008-08-21 06:16:13 ----N---- C:\windows\system32\SET2E5.tmp
2008-08-21 06:16:13 ----N---- C:\windows\system32\SET2E3.tmp
2008-08-21 06:16:08 ----N---- C:\windows\system32\SET2EC.tmp
2008-08-21 06:16:07 ----N---- C:\windows\system32\SET2F1.tmp
2008-08-21 06:16:07 ----N---- C:\windows\system32\SET2F0.tmp
2008-08-21 06:16:07 ----N---- C:\windows\system32\SET2EF.tmp
2008-08-21 06:16:07 ----N---- C:\windows\system32\SET2EE.tmp
2008-08-21 06:16:06 ----N---- C:\windows\system32\SET2F3.tmp
2008-08-21 06:16:06 ----A---- C:\windows\system32\SET2F5.tmp
2008-08-21 06:16:04 ----N---- C:\windows\system32\SET2F8.tmp
2008-08-21 06:16:02 ----N---- C:\windows\system32\SET303.tmp
2008-08-21 06:16:01 ----N---- C:\windows\system32\SETF22.tmp
2008-08-21 06:16:01 ----N---- C:\windows\system32\SET307.tmp
2008-08-21 06:16:01 ----N---- C:\windows\system32\SET306.tmp
2008-08-21 06:16:01 ----A---- C:\windows\system32\SET309.tmp
2008-08-21 06:16:00 ----N---- C:\windows\system32\SET30B.tmp
2008-08-21 06:15:58 ----N---- C:\windows\system32\SET313.tmp
2008-08-21 06:15:58 ----N---- C:\windows\system32\SET312.tmp
2008-08-21 06:15:58 ----N---- C:\windows\system32\SET310.tmp
2008-08-21 06:15:56 ----N---- C:\windows\system32\SET319.tmp
2008-08-21 06:15:54 ----N---- C:\windows\system32\SET324.tmp
2008-08-21 06:15:53 ----N---- C:\windows\system32\SET328.tmp
2008-08-21 06:15:52 ----N---- C:\windows\system32\SET32A.tmp
2008-08-21 06:15:52 ----N---- C:\windows\system32\SET329.tmp
2008-08-21 06:15:51 ----N---- C:\windows\system32\SET32D.tmp
2008-08-21 06:15:50 ----N---- C:\windows\system32\SET337.tmp
2008-08-21 06:15:50 ----N---- C:\windows\system32\SET335.tmp
2008-08-21 06:15:49 ----N---- C:\windows\system32\SET33E.tmp
2008-08-21 06:15:49 ----N---- C:\windows\system32\SET33C.tmp
2008-08-21 06:15:41 ----N---- C:\windows\system32\SET349.tmp
2008-08-21 06:15:41 ----N---- C:\windows\system32\SET347.tmp
2008-08-21 06:15:35 ----N---- C:\windows\system32\SET367.tmp
2008-08-21 06:15:35 ----N---- C:\windows\system32\SET363.tmp
2008-08-21 06:15:34 ----N---- C:\windows\system32\SET36B.tmp
2008-08-21 06:15:34 ----A---- C:\windows\system32\SET369.tmp
2008-08-21 06:15:33 ----N---- C:\windows\system32\SET375.tmp
2008-08-21 06:15:33 ----N---- C:\windows\system32\SET371.tmp
2008-08-21 06:15:29 ----N---- C:\windows\system32\SET386.tmp
2008-08-21 06:15:26 ----N---- C:\windows\system32\SETF41.tmp
2008-08-21 06:15:24 ----N---- C:\windows\system32\SET38F.tmp
2008-08-21 06:15:24 ----N---- C:\windows\system32\SET38E.tmp
2008-08-21 06:15:24 ----N---- C:\windows\system32\SET38C.tmp
2008-08-21 06:15:23 ----N---- C:\windows\system32\SET390.tmp
2008-08-21 06:15:22 ----N---- C:\windows\system32\SET396.tmp
2008-08-21 06:15:22 ----A---- C:\windows\system32\SET39A.tmp
2008-08-21 06:15:17 ----A---- C:\windows\005388_.tmp
2008-08-21 06:15:16 ----N---- C:\windows\system32\SET3A9.tmp
2008-08-21 06:15:16 ----A---- C:\windows\SET491.tmp
2008-08-21 06:15:15 ----N---- C:\windows\system32\SET3AD.tmp
2008-08-21 06:15:15 ----A---- C:\windows\system32\SET3AC.tmp
2008-08-21 06:15:15 ----A---- C:\windows\system32\SET3AB.tmp
2008-08-21 06:15:12 ----N---- C:\windows\system32\SET3B9.tmp
2008-08-21 06:15:11 ----N---- C:\windows\system32\SET3C4.tmp
2008-08-21 06:15:09 ----N---- C:\windows\system32\SET3D4.tmp
2008-08-21 06:15:09 ----A---- C:\windows\system32\SET3D5.tmp
2008-08-21 06:15:03 ----N---- C:\windows\system32\SET402.tmp
2008-08-21 06:15:02 ----N---- C:\windows\system32\SET40A.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET417.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET415.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET414.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET412.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET40F.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET40E.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET40D.tmp
2008-08-21 06:15:01 ----N---- C:\windows\system32\SET40B.tmp
2008-08-21 06:15:00 ----N---- C:\windows\system32\SET41C.tmp
2008-08-21 06:15:00 ----N---- C:\windows\system32\SET41A.tmp
2008-08-21 06:14:58 ----N---- C:\windows\system32\SET42A.tmp
2008-08-21 06:14:58 ----N---- C:\windows\system32\SET422.tmp
2008-08-21 06:14:58 ----N---- C:\windows\system32\SET421.tmp
2008-08-21 06:14:57 ----N---- C:\windows\system32\SET433.tmp
2008-08-21 06:14:57 ----N---- C:\windows\system32\SET431.tmp
2008-08-21 06:14:56 ----N---- C:\windows\system32\SET43B.tmp
2008-08-21 06:14:56 ----N---- C:\windows\system32\SET438.tmp
2008-08-21 06:14:55 ----N---- C:\windows\system32\SET440.tmp
2008-08-21 06:14:55 ----N---- C:\windows\system32\SET43E.tmp
2008-08-21 06:14:54 ----N---- C:\windows\system32\SET444.tmp
2008-08-21 06:14:53 ----N---- C:\windows\system32\SET448.tmp
2008-08-21 06:14:53 ----A---- C:\windows\system32\SET447.tmp
2008-08-21 06:14:52 ----N---- C:\windows\system32\SET44F.tmp
2008-08-21 06:14:52 ----N---- C:\windows\system32\SET44E.tmp
2008-08-21 06:14:52 ----N---- C:\windows\system32\SET44D.tmp
2008-08-21 06:14:51 ----N---- C:\windows\system32\SET458.tmp
2008-08-21 06:14:51 ----N---- C:\windows\system32\SET453.tmp
2008-08-21 06:14:51 ----N---- C:\windows\system32\SET452.tmp
2008-08-21 06:14:47 ----N---- C:\windows\system32\SET45A.tmp
2008-08-21 06:14:44 ----N---- C:\windows\system32\SET45D.tmp
2008-08-21 06:14:43 ----N---- C:\windows\system32\SET460.tmp
2008-08-21 06:14:39 ----N---- C:\windows\system32\SET468.tmp
2008-08-21 06:14:39 ----N---- C:\windows\system32\SET466.tmp
2008-08-21 06:14:39 ----N---- C:\windows\system32\SET464.tmp
2008-08-21 05:51:18 ----D---- C:\windows\system32\CatRoot_bak
2008-08-20 12:28:42 ----HDC---- C:\windows\$NtUninstallKB951376-v2$
2008-08-20 12:28:28 ----HDC---- C:\windows\$NtUninstallKB952954$
2008-08-20 12:28:07 ----HDC---- C:\windows\$NtUninstallKB950974$
2008-08-20 12:21:21 ----HDC---- C:\windows\$NtUninstallKB951698$
2008-08-20 12:15:15 ----HDC---- C:\windows\$NtUninstallKB950762$
2008-08-20 12:13:32 ----HDC---- C:\windows\$NtUninstallKB951072-v2$
2008-08-20 12:12:55 ----HDC---- C:\windows\$NtUninstallKB951066$
2008-08-20 12:09:03 ----HDC---- C:\windows\$NtUninstallKB951748$
2008-08-20 12:07:04 ----HDC---- C:\windows\$NtUninstallKB950749$
2008-08-20 12:03:15 ----HDC---- C:\windows\$NtUninstallKB932823-v3$
2008-08-20 12:02:59 ----HDC---- C:\windows\$NtUninstallKB944338-v2$
2008-08-19 12:23:41 ----HDC---- C:\windows\$NtUninstallKB946648$
2008-08-19 12:22:54 ----HDC---- C:\windows\$NtUninstallKB953839$
2008-08-19 12:14:31 ----HDC---- C:\windows\$NtUninstallKB952287$
2008-08-19 11:20:25 ----D---- C:\Program Files\Trend Micro
2008-08-19 11:16:13 ----D---- C:\Program Files\XMgr
2008-08-19 00:46:25 ----D---- C:\Documents and Settings\User\Application Data\CallingID
2008-08-19 00:45:46 ----D---- C:\Program Files\Common Files\Scanner
2008-08-19 00:45:44 ----HD---- C:\Config.msi
2008-08-19 00:45:42 ----A---- C:\windows\system32\vetredir.dll
2008-08-19 00:45:42 ----A---- C:\windows\system32\isafprod.dll
2008-08-19 00:45:42 ----A---- C:\windows\system32\isafeif.dll
2008-08-19 00:45:42 ----A---- C:\caavsetupLog.txt
2008-08-19 00:44:56 ----D---- C:\Program Files\CA
2008-08-18 21:56:37 ----A---- C:\CF23457.exe
2008-08-12 17:38:34 ----D---- C:\Program Files\Microsoft Silverlight
2008-07-28 18:05:34 ----D---- C:\Program Files\Bonjour
2008-07-25 01:36:00 ----A---- C:\windows\system32\DivXsm.exe
2008-07-25 01:34:54 ----A---- C:\windows\system32\dpl100.dll
2008-07-25 01:34:52 ----A---- C:\windows\system32\dtu100.dll
2008-07-25 01:34:50 ----A---- C:\windows\system32\dpuGUI10.dll
2008-07-25 01:34:46 ----A---- C:\windows\system32\dpv11.dll
2008-07-25 01:34:46 ----A---- C:\windows\system32\dpus11.dll
2008-07-25 01:34:46 ----A---- C:\windows\system32\dpuGUI11.dll
2008-07-25 01:34:46 ----A---- C:\windows\system32\dpu11.dll
2008-07-25 01:34:46 ----A---- C:\windows\system32\dpu10.dll
2008-07-25 01:34:42 ----A---- C:\windows\system32\divx_xx07.dll
2008-07-25 01:34:40 ----A---- C:\windows\system32\divx_xx11.dll
2008-07-25 01:34:40 ----A---- C:\windows\system32\divx_xx0c.dll
2008-07-25 01:34:40 ----A---- C:\windows\system32\divx_xx0a.dll
2008-07-25 01:34:36 ----A---- C:\windows\system32\DivX.dll
2008-07-25 01:34:30 ----A---- C:\windows\system32\DivXCodecVersionChecker.exe
2008-07-23 09:50:52 ----A---- C:\windows\system32\qt-dx331.dll
2008-07-23 09:48:40 ----A---- C:\windows\system32\ssldivx.dll
2008-07-23 09:48:40 ----A---- C:\windows\system32\libdivx.dll
2008-07-23 09:47:34 ----A---- C:\windows\system32\dtu100.dll.manifest
2008-07-23 09:47:34 ----A---- C:\windows\system32\dpl100.dll.manifest
2008-07-23 09:46:38 ----A---- C:\windows\system32\DivXWMPExtType.dll
2008-07-08 00:16:57 ----A---- C:\windows\iun6002.exe
2008-07-08 00:16:55 ----D---- C:\Program Files\No Trace
2008-06-24 19:10:46 ----A---- C:\windows\system32\UmxSbxw.dll
2008-06-24 19:10:44 ----A---- C:\windows\system32\UmxSbxExw.dll
2008-06-06 21:31:51 ----A---- C:\windows\avisplitter.INI
2008-06-06 21:27:44 ----A---- C:\windows\system32\unrar.dll
2008-06-06 21:27:41 ----A---- C:\windows\system32\yv12vfw.dll

List of drivers

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\windows\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 intelppm;Intel Processor Driver; C:\windows\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\windows\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 KmxAgent;KmxAgent; C:\windows\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\windows\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\windows\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 NPPTNT;NPPTNT; \??\C:\WINDOWS\System32\npptNT.sys []
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R1 VETEFILE;VET File Scan Engine; C:\windows\system32\drivers\VETEFILE.sys [2008-08-19 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\windows\system32\drivers\VETFDDNT.sys [2008-08-19 21488]
R1 VET-FILT;VET File System Filter; C:\windows\system32\drivers\VET-FILT.sys [2008-08-19 26352]
R1 VETMONNT;VET File Monitor; C:\windows\system32\drivers\VETMONNT.sys [2008-08-19 32240]
R1 VET-REC;VET File System Recognizer; C:\windows\system32\drivers\VET-REC.sys [2008-08-19 21104]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 KmxCF;KmxCF; C:\windows\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\windows\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\windows\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\windows\system32\DRIVERS\ctsfm2k.sys [2003-09-21 130192]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 KmxCfg;KmxCfg; C:\windows\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
R3 ossrv;Creative OS Services Driver; C:\windows\system32\DRIVERS\ctoss2k.sys [2003-09-21 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\windows\system32\drivers\P17.sys [2004-06-04 840960]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2004-03-10 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\windows\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 VETEBOOT;VET Boot Scan Engine; C:\windows\system32\drivers\VETEBOOT.sys [2008-08-19 108368]
R3 wanatw;WAN Miniport (ATW); C:\windows\System32\DRIVERS\wanatw4.sys [2001-09-27 28396]
S2 Nbf;NetBEUI Protocol; C:\windows\System32\DRIVERS\nbf.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\windows\system32\DRIVERS\nvtvsnd.sys [2003-12-02 23858]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller; C:\windows\System32\Drivers\ousbehci.sys [2003-10-15 41856]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\windows\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 motccgp;Motorola USB Composite Device Driver; C:\windows\system32\DRIVERS\motccgp.sys [2007-04-02 17920]
S3 motccgpfl;MotCcgpFlService; C:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\windows\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\windows\system32\DRIVERS\motmodem.sys [2007-04-02 21632]
S3 motport;Motorola USB Diagnostic Port; C:\windows\system32\DRIVERS\motport.sys [2007-04-02 21632]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtlmnt5;Mtlmnt5; C:\windows\System32\DRIVERS\Mtlmnt5.sys [2002-09-24 197152]
S3 Mtlstrm;Mtlstrm; C:\windows\System32\DRIVERS\Mtlstrm.sys [2002-07-02 1807568]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 NtMtlFax;NtMtlFax; C:\windows\System32\DRIVERS\NtMtlFax.sys [2002-07-02 161976]
S3 OM2800;Orange Micro iBOT2 USB 2.0 Camera; C:\windows\System32\Drivers\ovtcam2.sys [2002-09-20 260375]
S3 OVT511Plus;D-Link USB Digital Video Camera Plus; C:\windows\System32\Drivers\omcamvid.sys [2000-09-18 160073]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver; C:\windows\system32\DRIVERS\PRISMNDS.sys [2003-09-19 652288]
S3 PSSdk21;PSSdk21; \??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv []
S3 QCMerced;Logitech QuickCam Messenger; C:\windows\System32\DRIVERS\LVCM.sys [2003-06-26 472332]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Slntamr;SmartLink AMR_PCI Driver; C:\windows\System32\DRIVERS\slntamr.sys [2002-07-02 418720]
S3 SlNtHal;SlNtHal; C:\windows\System32\DRIVERS\Slnthal.sys [2002-07-02 84720]
S3 SlWdmSup;SlWdmSup; C:\windows\System32\DRIVERS\SlWdmSup.sys [2002-07-02 39348]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SUNPLUS;SightCAM PC-100p; C:\windows\System32\Drivers\SPIXNEW.SYS []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;Motorola USB Modem Driver; C:\windows\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\system32\DRIVERS\usbsermpt.sys [2007-05-10 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\windows\system32\DRIVERS\usbsermptxp.sys [2007-05-10 25600]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-08-19 144696]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-11-23 765952]
R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 SLService;SmartLinkService; C:\windows\system32\slserv.exe [2002-07-02 45056]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-06-24 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-06-24 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-09-05 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-08-19 251120]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-09-25 65536]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-08-19 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-19 185608]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-28 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2005-08-02 127043]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-10 118272]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-04 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []

-----------------EOF-----------------

and here is the info.txt

info.txt logfile of random's system information tool 2008-09-02 11:57:43

Uninstall list

-->"C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\setup\ccinstaller.exe" /u /silent /module="fw"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ActiveX Manager-->C:\PROGRA~1\XMgr\UNWISE.EXE C:\PROGRA~1\XMgr\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Advanced System Optimizer 2.01.4-->"C:\Program Files\Advanced System Optimizer\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CA Website Inspector-->C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\CAWebsiteInspector.exe /uninstall
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Diskeeper Professional Premier Edition-->MsiExec.exe /X{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
FlashGet 1.9.0.1012-->C:\Program Files\FlashGet\uninst.exe
Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.9.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.1.29527-->"C:\Program Files\Last.fm\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Quick StartUp 2.3-->"C:\Program Files\Quick StartUp\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows XP (KB941568)-->"C:\windows\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\windows\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\windows\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\windows\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\windows\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\windows\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\windows\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.5.2.20-->"C:\windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Update for Windows XP (KB932823-v3)-->"C:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\windows\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Xilisoft iPod Rip-->C:\Program Files\Xilisoft\iPod Rip\Uninstall.exe

Security center information

AV: CA Anti-Virus
FW: CA Personal Firewall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program;C:\Program Files\Diskeeper Corporation\Diskeeper;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


and the Kaspersky report i'll post when it finishes.. thanks!!

#7 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 03 September 2008 - 03:23 AM

i'm having some trouble with Kaspersky and the scanner is freezing.... I don't know if i can run this all the way.

#8 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 04 September 2008 - 12:41 PM

here is the Kaspersky Report:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 03, 2008 07:00:12
Records in database: 1185493
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 203635
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 24:59:58


File name / Threat name / Threats count
C:\QooBox\Quarantine\catchme2008-03-04_213549.46.zip Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.


Thanks for the help

#9 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:25 PM

Posted 06 September 2008 - 07:37 PM

Hello andrewsaputo,

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK


Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O20 - Winlogon Notify: pshgmbdh - pshgmbdh.dll (file missing)


Then close all windows except HijackThis and click Fix Checked.

Restart

Use Windows Explorer to find and delete this file:

C:\WINDOWS\System32\bridge.dll

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Download this program:

suspicious files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\windows\system32\SET1A5.tmp
C:\windows\system32\SET1AE.tmp
C:\windows\system32\SETEF3.tmp
C:\windows\005388_.tmp
C:\windows\SET491.tmp
C:\CF23457.exe


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

It will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to andrew.cab

Click on this link:
http://www.bleepingcomputer.com/submit-malware.php?channel=29

Browse to andrew.cab

Click on the Open button, then click on the Send File button.

Wait for message like "File was successfully submited" to show up.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

    Java™ 6 Update 3

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

Lets proceed with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


Let me know how is the computer running.

Regards
SNOWHITE
Posted Image

#10 andrewsaputo

andrewsaputo
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eugene Oregon
  • Local time:07:25 AM

Posted 07 September 2008 - 01:34 AM

ok, I had a few problems I though you should know about.
1. I couldn't find the bridge.dll file in the system32 folder to delete
2. There were 4 java programs listed in the add and remove program list that only one could be removed. It didn't give an option to remove or change the other 3. I didn't install the New java platform yet because of this.


Here is the new hijackthis.log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:03 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.34.213.167:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139871916234
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11756 bytes


Here is the combofix.txt:

ComboFix 08-09-05.02 - User 2008-09-06 23:08:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -7:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\BMa390bbee.txt
C:\windows\system32\_005749_.tmp.dll
C:\windows\system32\_005750_.tmp.dll
C:\windows\system32\_005751_.tmp.dll
C:\windows\system32\_005752_.tmp.dll
C:\windows\system32\_005759_.tmp.dll
C:\windows\system32\_005760_.tmp.dll
C:\windows\system32\_005761_.tmp.dll
C:\windows\system32\_005762_.tmp.dll
C:\windows\system32\_005764_.tmp.dll
C:\windows\system32\_005765_.tmp.dll
C:\windows\system32\_005768_.tmp.dll
C:\windows\system32\_005769_.tmp.dll
C:\windows\system32\_005771_.tmp.dll
C:\windows\system32\_005772_.tmp.dll
C:\windows\system32\_005773_.tmp.dll
C:\windows\system32\_005775_.tmp.dll
C:\windows\system32\_005778_.tmp.dll
C:\windows\system32\_005779_.tmp.dll
C:\windows\system32\_005783_.tmp.dll
C:\windows\system32\_005784_.tmp.dll
C:\windows\system32\_005786_.tmp.dll
C:\windows\system32\_005789_.tmp.dll
C:\windows\system32\_005791_.tmp.dll
C:\windows\system32\_005792_.tmp.dll
C:\windows\system32\_005793_.tmp.dll
C:\windows\system32\_005794_.tmp.dll
C:\windows\system32\_005795_.tmp.dll
C:\windows\system32\_005798_.tmp.dll
C:\windows\system32\_005799_.tmp.dll
C:\windows\system32\_005800_.tmp.dll
C:\windows\system32\_005801_.tmp.dll
C:\windows\system32\_005802_.tmp.dll
C:\windows\system32\_005807_.tmp.dll
C:\windows\system32\_005809_.tmp.dll
C:\windows\system32\_005810_.tmp.dll
C:\windows\system32\actskn43.ocx
C:\windows\system32\pshgmbdh.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-02 11:56 . 2008-09-02 11:57 <DIR> d-------- C:\rsit
2008-08-31 23:58 . 2008-09-04 18:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2008-08-21 12:46 . 2008-08-21 21:13 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-21 12:46 . 2008-08-21 21:13 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-21 12:46 . 2008-08-21 21:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-21 12:26 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-08-21 12:25 . 2007-10-25 20:36 8,454,656 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-21 12:24 . 2007-02-28 02:10 2,180,352 --------- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-21 06:17 . 2008-04-13 17:12 727,040 --------- C:\WINDOWS\system32\SET1B8.tmp
2008-08-21 06:16 . 2008-04-13 17:12 8,461,312 --a------ C:\WINDOWS\system32\SET217.tmp
2008-08-21 06:15 . 2008-04-13 17:11 1,267,200 --------- C:\WINDOWS\system32\SET41A.tmp
2008-08-21 06:14 . 2008-04-13 17:11 1,025,024 --a------ C:\WINDOWS\system32\SET447.tmp
2008-08-21 05:51 . 2008-09-06 19:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-20 12:44 . 2008-09-06 23:14 73,868 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-08-20 12:44 . 2008-09-06 23:14 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-08-19 11:20 . 2008-08-19 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-19 11:18 . 2008-05-01 07:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-19 11:16 . 2008-08-19 11:16 <DIR> d-------- C:\Program Files\XMgr
2008-08-19 00:49 . 2008-08-19 00:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CallingID
2008-08-19 00:49 . 2008-08-19 00:48 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-08-19 00:49 . 2008-08-19 00:48 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-08-19 00:46 . 2008-08-20 10:02 <DIR> d-------- C:\Documents and Settings\User\Application Data\CallingID
2008-08-19 00:45 . 2008-08-19 00:51 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-19 00:45 . 2007-09-17 21:35 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-08-19 00:45 . 2008-08-19 00:48 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-08-19 00:45 . 2008-08-19 00:48 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-08-19 00:45 . 2008-08-19 00:48 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-08-19 00:45 . 2008-08-19 00:48 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-08-19 00:45 . 2008-08-19 00:48 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-08-19 00:45 . 2008-08-19 00:48 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-08-19 00:45 . 2008-08-19 00:48 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-08-19 00:44 . 2008-08-19 00:45 <DIR> d-------- C:\Program Files\CA
2008-08-12 17:38 . 2008-08-12 17:38 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 01:20 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-09-02 19:03 --------- d-----w C:\Program Files\FlashGet
2008-08-29 18:00 3,264 ----a-w C:\drmHeader.bin
2008-08-24 20:11 --------- d-----w C:\Program Files\uTorrent
2008-08-22 17:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 19:46 --------- d-----w C:\Program Files\CCleaner
2008-08-19 09:21 --------- d-----w C:\Program Files\neXBC
2008-08-19 09:21 --------- d-----w C:\Program Files\Microsoft Works
2008-08-19 09:21 --------- d-----w C:\Program Files\Exact Audio Copy
2008-08-19 09:21 --------- d-----w C:\Program Files\EphPod
2008-08-19 09:21 --------- d-----w C:\Program Files\CompuServe 7.0
2008-08-19 09:21 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-08-19 09:21 --------- d-----w C:\Documents and Settings\User\Application Data\Azureus
2008-08-19 09:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Azureus
2008-08-19 09:21 --------- d-----w C:\Documents and Settings\Guest\Application Data\MailFrontier
2008-08-19 09:14 --------- d-----w C:\Program Files\No Trace
2008-08-19 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-08-19 07:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 04:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-18 18:53 --------- d-----w C:\Program Files\DivX
2008-08-17 21:32 --------- d-----w C:\Program Files\Lavasoft
2008-08-17 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-06 17:53 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 17:34 --------- d-----w C:\Program Files\iTunes
2008-08-06 17:33 --------- d-----w C:\Program Files\iPod
2008-07-29 01:05 --------- d-----w C:\Program Files\QuickTime
2008-07-29 01:05 --------- d-----w C:\Program Files\Bonjour
2008-07-08 07:16 737,280 ----a-w C:\windows\iun6002.exe
2008-01-12 00:36 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-11 06:03 24,192 ----a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-05-11 06:03 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys
2007-05-11 02:46 92,064 ----a-w C:\Documents and Settings\User\mqdmmdm.sys
2007-05-11 02:46 9,232 ----a-w C:\Documents and Settings\User\mqdmmdfl.sys
2007-05-11 02:46 79,328 ----a-w C:\Documents and Settings\User\mqdmserd.sys
2007-05-11 02:46 66,656 ----a-w C:\Documents and Settings\User\mqdmbus.sys
2007-05-11 02:46 6,208 ----a-w C:\Documents and Settings\User\mqdmcmnt.sys
2007-05-11 02:46 5,936 ----a-w C:\Documents and Settings\User\mqdmwhnt.sys
2007-05-11 02:46 4,048 ----a-w C:\Documents and Settings\User\mqdmcr.sys
2006-05-31 16:07 41,128 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2004-09-13 19:34 36,096 ----a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 17:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 05:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 05:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 21:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 16:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 16:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 11:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 11:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 10:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2005-04-19 10:31 56 --sh--r C:\windows\system32\807E69BBA3.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-08-19 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-19 234736]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-19 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-19 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-19 259312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.X264"= x264vfw.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Search.vbs]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"combofix"=C:\windows\system32\CF29371.exe /c C:\ComboFix\Combobatch.bat
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"HPDJ Taskbar Utility"=C:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"Deskup"=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
"NVCLOCK"=rundll32 nvclock.dll,fnNvclock
"ANIWZCSService"=C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"ADUserMon"=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"lphcpd5j0e7ag"=C:\windows\system32\lphcpd5j0e7ag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\aim\\aim.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

R0 d344bus;d344bus;C:\windows\system32\DRIVERS\d344bus.sys [2003-12-27 137216]
R0 d344prt;d344prt;C:\windows\system32\Drivers\d344prt.sys [2003-12-27 5248]
R0 KmxStart;KmxStart;C:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;C:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-21 4608]
R2 KmxCF;KmxCF;C:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-06-24 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-06-24 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;C:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-19 185608]
R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\windows\system32\DRIVERS\PRISMNDS.sys [2003-09-19 652288]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\windows\system32\DRIVERS\nvtvsnd.sys [2003-12-02 23858]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\windows\system32\Drivers\ousbehci.sys [2003-10-15 41856]
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys [2007-04-02 17920]
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;C:\windows\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 motport;Motorola USB Diagnostic Port;C:\windows\system32\DRIVERS\motport.sys [2007-04-02 21632]
S3 OM2800;Orange Micro iBOT2 USB 2.0 Camera;C:\windows\system32\Drivers\ovtcam2.sys [2002-09-20 260375]
S3 SUNPLUS;SightCAM PC-100p;C:\windows\system32\Drivers\SPIXNEW.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95374d85-6198-11dc-873c-00038a000015}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-RunDLL - C:\WINDOWS\System32\bridge.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eu1ghshl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 23:17:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-09-06 23:22:49 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-09-07 06:22:36
ComboFix2.txt 2008-03-05 05:42:45

Pre-Run: 59,917,930,496 bytes free
Post-Run: 59,148,128,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

314 --- E O F --- 2008-09-05 18:38:07


Thanks for the help again!!

#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:25 PM

Posted 14 September 2008 - 04:47 AM

Hello andrewsaputo,

1. I couldn't find the bridge.dll file in the system32 folder to delete


Don't worry about the bridge.dll, its already removed, only the registry leftover entry of it was present, but we dealt with that too in my previous instructions.

2. There were 4 java programs listed in the add and remove program list that only one could be removed. It didn't give an option to remove or change the other 3. I didn't install the New java platform yet because of this.


You will find below instructions for running a tool that will help you with removing of the old versions of Java :thumbsup:


Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/164157/i-dont-know-what-type-of-infection-i-have/

File::
C:\windows\005388_.tmp
C:\windows\system32\lphcpd5j0e7ag.exe

Suspect::[29]
C:\windows\system32\807E69BBA3.sys

Rootkit::
C:\WINDOWS\system32\Drivers\HNPsSdk.drv

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"lphcpd5j0e7ag"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]

Driver::
PSSdk21

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 7 following the instructions below:
  • Go to Java Runtime Environment (JRE) 6 Update 7 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation click on the link under it which says "jre-6u7-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop and follow the on-screen instructions.
  • Reboot your computer
Post back with combofix report, JavaRa log and new HijackThis log. Please let me know how is the computer running.

Best regards
SNOWHITE
Posted Image

#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:25 PM

Posted 04 October 2008 - 01:21 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users