Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log...pleeeeease Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 rubo123

rubo123

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 27 August 2008 - 05:43 PM

Hi

well it started when i downloaded a video of some website and i got hit with that rogue antivirus program- Antivirus XP 2008, so i whent and looked around and found that there is allot people with that same rogue antivirus program, so i got a program called Spy hunter and it found allot off crap on my computer so i whent and deleted it, and im pretty sure that Antivirus XP 2008 is now gone but my computer still is not running properly. some other stuff that the Spy hunter found was; Web Hancer, and Playmp3z, and i whent to the location and deleted them.

But these are the problems i am still having

-My computer is much slower than normal
-my internet is much slower
-my computer will randomly switch off occasionally, and when it does it goes to some blue screen saying- panik_stack_switch or Sysinternal_great_site or Bogus_driver...it just keeps turning off then tries to turn back on but then goes back to the blue screen and keeps saying these weird things?
-if i search in google and then click on a result it takes me to a random site
-i cant visit many sites that i could before i got the virus
-the sites that i can go to (very few) are usually all stuffed up and the text is all over the place.

Here is my Hijackthis Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:25 AM, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4FF5548D-4794-4380-A202-C75EB64940BF} - C:\WINDOWS\system32\cnvfa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: cpmsky browser optimizer - {938d79ae-0635-15fd-513e-d6969d900db5} - C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{15d4b5df-3d9b-d7cd-f7a8-1bc59bd814c6}.dll" DllInit
O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE
O4 - HKLM\..\Run: [{380bba57-4bbe-9a8e-a532-b09f891aead5}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll" DllStart
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SMrhc1kjj0etfg] C:\Program Files\rhc1kjj0etfg\rhc1kjj0etfg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 7020 bytes

thanks in advance for any help

BC AdBot (Login to Remove)

 


#2 rubo123

rubo123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 09 September 2008 - 04:55 PM

i still have the virus

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 10 September 2008 - 12:23 AM

Hi ,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

please refrain from making any changes to your system as it might prolong handling your log and make the job for both of us more difficult.

To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1:The logs will be created in this folder: C:\rsit
Note 2:The tool takes not more than one minute to scan the system. If you have difficulty running it tell me about it and copy/paste a fresh Hijackthis instead.

#4 rubo123

rubo123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 10 September 2008 - 01:19 AM

Hi Farbar, Thanks in advance for your help

Here is my info file-

info.txt logfile of random's system information tool 2008-09-10 16:15:32

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Affiliate Video Brander Version 3.0-->"C:\Program Files\Affiliate Video Brander\unins000.exe"
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5-->MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Core FTP LE 2.0-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Directory Dominator-->"C:\Program Files\Directory Dominator\unins000.exe"
Enhancement Browser Tools Cpmsky-->C:\WINDOWS\system32\sapfocnkuqtlzaaat.exe
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OptiTools-->C:\PROGRA~1\Java\JRE16~1.0_0\bin\javaw.exe -cp C:\PROGRA~1\Java\JRE16~1.0_0\JEXPRE~1.JAR com.denova.JExpress.Uninstaller.JUninstall C:\PROGRA~1\OPTITO~1\JExpress\UNINST~1
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
The Logo Creator v5.2-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Security center information

AV: ESET NOD32 antivirus system 2.70 (outdated)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------



AND HERE IS MY LOG FILE



Logfile of random's system information tool (written by random/random)
Run by Nicole at 2008-09-10 16:15:20
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (47%) free of 38 GB
Total RAM: 735 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:27 PM, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Nicole\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4FF5548D-4794-4380-A202-C75EB64940BF} - C:\WINDOWS\system32\cnvfa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: cpmsky browser optimizer - {938d79ae-0635-15fd-513e-d6969d900db5} - C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{15d4b5df-3d9b-d7cd-f7a8-1bc59bd814c6}.dll" DllInit
O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5741 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FF5548D-4794-4380-A202-C75EB64940BF}]
C:\WINDOWS\system32\cnvfa.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{938d79ae-0635-15fd-513e-d6969d900db5}]
cpmsky browser optimizer - C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-02-26 949376]
"spa_start"=C:\WINDOWS\system32\{15d4b5df-3d9b-d7cd-f7a8-1bc59bd814c6}.dll DllInit []
"AutoTBar"=AUTOTBAR.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNP]
C:\Program Files\Desktop Notepad\Desktop Notepad.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My App]
C:\Program Files\Desktop Clock\Desktop Clock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc1kjj0etfg]
C:\Program Files\rhc1kjj0etfg\rhc1kjj0etfg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{380bba57-4bbe-9a8e-a532-b09f891aead5}]
C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll DllStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
C:\PROGRA~1\SOUTHP~1\SOUTHP~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2iwk6m26fyp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crcyphsf6hs.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xb1hofnhvwj.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\2iwk6m26fyp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\crcyphsf6hs.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xb1hofnhvwj.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=1
"NoDispScrSavPage"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\a.exe"="C:\WINDOWS\system32\a.exe:*:Disabled:a"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

File associations

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

List of files/folders created in the last three months

2008-09-10 16:15:20 ----D---- C:\rsit
2008-08-27 15:51:27 ----D---- C:\Program Files\Trend Micro
2008-08-27 13:51:55 ----D---- C:\Program Files\Enigma Software Group
2008-08-26 19:36:06 ----A---- C:\temp.tmp
2008-08-26 14:02:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57:53 ----A---- C:\WINDOWS\brwmark.ini
2008-08-21 19:36:56 ----D---- C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg
2008-08-21 19:28:56 ----A---- C:\WINDOWS\system32\a.exe
2008-08-20 14:11:55 ----A---- C:\WINDOWS\WORDPAD.INI
2008-08-14 07:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 07:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 07:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 07:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 07:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 07:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-08 12:28:53 ----HD---- C:\Program Files\Give4Free Plugin
2008-08-08 12:28:15 ----D---- C:\Program Files\Common Files\SWF Studio
2008-08-08 08:17:11 ----D---- C:\Program Files\TGTSoft
2008-08-04 10:31:00 ----D---- C:\WINDOWS\Minidump
2008-07-31 20:01:57 ----D---- C:\Program Files\Common Files\SourceTec
2008-07-31 20:01:54 ----D---- C:\Program Files\SourceTec
2008-07-30 18:51:31 ----D---- C:\etax2008
2008-07-30 14:48:21 ----D---- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-07-30 14:47:40 ----D---- C:\Program Files\WinRAR
2008-07-30 13:21:18 ----D---- C:\Program Files\Total Video Converter
2008-07-09 20:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-03 07:53:46 ----A---- C:\WINDOWS\system32\sapfocnkuqtlzaaat.exe
2008-06-23 08:01:10 ----D---- C:\Documents and Settings\Nicole\Application Data\SoftLogica
2008-06-23 08:00:29 ----D---- C:\Program Files\SoftLogica
2008-06-21 09:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-20 07:51:13 ----D---- C:\Program Files\The Logo Creator v5
2008-06-19 17:05:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-06-16 20:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-16 20:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-16 20:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-16 20:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-16 20:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-16 13:05:27 ----D---- C:\WINDOWS\system32\NtmsData
2008-06-16 12:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-16 11:03:44 ----D---- C:\Program Files\ADOBE.ILLUSTRATOR.CS3.ISO-LZ0
2008-06-16 10:53:47 ----D---- C:\Program Files\Adobe Photoshop CS3 Extended Final

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\system32\drivers\nod32drv.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 2iwk6m26fyp.sys;2iwk6m26fyp.sys; \??\C:\WINDOWS\system32\drivers\2iwk6m26fyp.sys []
R2 AMON;AMON; C:\WINDOWS\system32\system32\drivers\amon.sys []
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-29 231552]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\alifir.sys [2001-08-17 26624]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S2 crcyphsf6hs.sys;crcyphsf6hs.sys; \??\C:\WINDOWS\system32\drivers\crcyphsf6hs.sys []
S2 xb1hofnhvwj.sys;xb1hofnhvwj.sys; \??\C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys []
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-02-26 552064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-19 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-05 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 10 September 2008 - 05:27 AM

Hi again rubo123,
  • Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

  • Please run RSIT and post a fresh log. The tool makes this time just the one log (log.txt).


#6 rubo123

rubo123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 11 September 2008 - 01:46 AM

Hi thanks again for all your help

Here is my MBAM File

There where some files that could not be deleted so i rebooted as requested, and i assume that they where deleted then.



Malwarebytes' Anti-Malware 1.28
Database version: 1137
Windows 5.1.2600 Service Pack 2

11/09/2008 4:37:14 PM
mbam-log-2008-09-11 (16-37-14).txt

Scan type: Quick Scan
Objects scanned: 50112
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpmsky (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{938d79ae-0635-15fd-513e-d6969d900db5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938d79ae-0635-15fd-513e-d6969d900db5} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\rhc1kjj0etfg\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blphc5kjj0etfg.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sapfocnkuqtlzaaat.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-329068152-746137067-1060284298-1003\Dc3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\{15d4b5df-3d9b-d7cd-f7a8-1bc59bd814c6}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5kjj0etfg.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.


AND HERES MY RSIT LOG FILE




Logfile of random's system information tool (written by random/random)
Run by Nicole at 2008-09-11 16:41:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (47%) free of 38 GB
Total RAM: 735 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:55 PM, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nicole\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4FF5548D-4794-4380-A202-C75EB64940BF} - C:\WINDOWS\system32\cnvfa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5467 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FF5548D-4794-4380-A202-C75EB64940BF}]
C:\WINDOWS\system32\cnvfa.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-02-26 949376]
"AutoTBar"=AUTOTBAR.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNP]
C:\Program Files\Desktop Notepad\Desktop Notepad.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My App]
C:\Program Files\Desktop Clock\Desktop Clock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc1kjj0etfg]
C:\Program Files\rhc1kjj0etfg\rhc1kjj0etfg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{380bba57-4bbe-9a8e-a532-b09f891aead5}]
C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll DllStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
C:\PROGRA~1\SOUTHP~1\SOUTHP~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2iwk6m26fyp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crcyphsf6hs.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\n3xeqdednlu.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfchmwr2ipr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xb1hofnhvwj.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\2iwk6m26fyp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\crcyphsf6hs.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\n3xeqdednlu.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdssserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wfchmwr2ipr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xb1hofnhvwj.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\a.exe"="C:\WINDOWS\system32\a.exe:*:Disabled:a"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

File associations

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

List of files/folders created in the last three months

2008-09-11 16:24:03 ----D---- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-09-11 16:23:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 16:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 16:15:20 ----D---- C:\rsit
2008-08-27 15:51:27 ----D---- C:\Program Files\Trend Micro
2008-08-27 13:51:55 ----D---- C:\Program Files\Enigma Software Group
2008-08-26 19:36:06 ----A---- C:\temp.tmp
2008-08-26 14:02:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57:53 ----A---- C:\WINDOWS\brwmark.ini
2008-08-21 19:28:56 ----A---- C:\WINDOWS\system32\a.exe
2008-08-20 14:11:55 ----A---- C:\WINDOWS\WORDPAD.INI
2008-08-14 07:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 07:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 07:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 07:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 07:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 07:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-08 12:28:53 ----HD---- C:\Program Files\Give4Free Plugin
2008-08-08 12:28:15 ----D---- C:\Program Files\Common Files\SWF Studio
2008-08-08 08:17:11 ----D---- C:\Program Files\TGTSoft
2008-08-04 10:31:00 ----D---- C:\WINDOWS\Minidump
2008-07-31 20:01:57 ----D---- C:\Program Files\Common Files\SourceTec
2008-07-31 20:01:54 ----D---- C:\Program Files\SourceTec
2008-07-30 18:51:31 ----D---- C:\etax2008
2008-07-30 14:48:21 ----D---- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-07-30 14:47:40 ----D---- C:\Program Files\WinRAR
2008-07-30 13:21:18 ----D---- C:\Program Files\Total Video Converter
2008-07-09 20:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-23 08:01:10 ----D---- C:\Documents and Settings\Nicole\Application Data\SoftLogica
2008-06-23 08:00:29 ----D---- C:\Program Files\SoftLogica
2008-06-21 09:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-20 07:51:13 ----D---- C:\Program Files\The Logo Creator v5
2008-06-19 17:05:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-06-16 20:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-16 20:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-16 20:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-16 20:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-16 20:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-16 13:05:27 ----D---- C:\WINDOWS\system32\NtmsData
2008-06-16 12:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-16 11:03:44 ----D---- C:\Program Files\ADOBE.ILLUSTRATOR.CS3.ISO-LZ0
2008-06-16 10:53:47 ----D---- C:\Program Files\Adobe Photoshop CS3 Extended Final

List of drivers

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\system32\drivers\nod32drv.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 AMON;AMON; C:\WINDOWS\system32\system32\drivers\amon.sys []
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 crcyphsf6hs.sys;crcyphsf6hs.sys; \??\C:\WINDOWS\system32\drivers\crcyphsf6hs.sys []
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-29 231552]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\alifir.sys [2001-08-17 26624]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S2 2iwk6m26fyp.sys;2iwk6m26fyp.sys; \??\C:\WINDOWS\system32\drivers\2iwk6m26fyp.sys []
S2 n3xeqdednlu.sys;n3xeqdednlu.sys; \??\C:\WINDOWS\system32\drivers\n3xeqdednlu.sys []
S2 wfchmwr2ipr.sys;wfchmwr2ipr.sys; \??\C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys []
S2 xb1hofnhvwj.sys;xb1hofnhvwj.sys; \??\C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys []
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-02-26 552064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-19 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-05 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 11 September 2008 - 01:02 PM

Well done.
  • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question (in your case .js).
    • Click the Fix button.
  • I see on the log your NOD32 antivirus is outdated. It means you are not protected any more.

    You need to install an antivirus program as soon as you can. Besides the paid antivirus programs there are also some free antivirus programs:Install and update an antivirus. Run a full/complete scan, let removed/quarantined what it finds and copy and paste the report to your reply.

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully.

    You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Instruction to install Recovery Console :

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.


    Posted Image


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      Posted Image
    • When the tool is finished, it will produce a report for you.
    Please copy and paste the content of C:\ComboFix.txt for further review.

  • Please first remove C:\rsit\info.txt then run RSIT and copy/psate both the logs to your reply.

Please post in your next reply:
  • The log of your Antivirus.
  • The Combofix log.
  • Both RSIT logs.


#8 rubo123

rubo123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 11 September 2008 - 08:22 PM

HI Farbar

i renewed my nod32, so it is all running again, here is the log file


Scan Log
Version of virus signature database: 3373 (20080821)
Date: 12/09/2008 Time: 8:21:33 AM
Scanned disks, folders and files: C:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Nicole\ntuser.dat - error opening [4]
C:\Documents and Settings\Nicole\NTUSER.DAT.LOG - error opening [4]
C:\Documents and Settings\Nicole\Application Data\Mozilla\Firefox\Profiles\v4n5o15e.default\extensions\stompertools@stompernet.com\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Application Data\Mozilla\Firefox\Profiles\v4n5o15e.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\FrontPage pro 2003+cd key (by mpampis2)\Φάκελος\YS561401.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\Key Word Elite\Are You Prepared To Profit From Instant Web Traffic.mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\Key Word Elite\KE_setup13155.exe » NSIS » data0.pack » ZIP » recepten.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\Key Word Elite\KE_setup13155.exe » NSIS » data0.pack » ZIP » recetas.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\Key Word Elite\KE_setup13155.exe » NSIS » data0.pack » ZIP » x-mas.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\12jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\12jan1 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\13jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\13jan1 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\15jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\15jan1 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\15jan2 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\16jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\17jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\18jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\19jan » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\attachments\19jan1 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_1 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_2 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_3 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_4 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_5 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_6 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_7 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\attachments.zip » ZIP » noname_8 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\stompernet.zip » ZIP » noname » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\stompernet.zip » ZIP » noname_1 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\internet business\stompernet\zips\stompernet.zip » ZIP » noname_2 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10ptn.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/cobo____.pfb - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10pbi.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10pti.pfm - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/tahoma.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/FRS45__C.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10pbi.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/courbd.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10ptb.pfm - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10pti.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/FRS65__C.PFM - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10ptn.pfm - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COB_____.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COBO____.PFM - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/cour.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COM_____.PFM - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COUR@C.TTF - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/CECOURBD.TTF - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/FRS65__C.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10ptn.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10ptb.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/courer.fon - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COM_____.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/tahomabd.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/FRS45__C.PFM - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COB_____.PFM - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/couri.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/COO_____.PFM - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10pbi.pfm - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/coo_____.pfb - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10ptb.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/courbi.ttf - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/fonts/Cur10pti.PFB - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/loading.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/0_home.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/2_soft.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/3_products.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/4_partners.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/5_contacts.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/psd/1_corp.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/flash/colorado13.fla - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/flash/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/windows/3.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/windows/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/windows/1.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/windows/2.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/3.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/6.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/5.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/10.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/13.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/7.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/15.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/12.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/16.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/8.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/1.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/2.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/18.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/20.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/9.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/14.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/17.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/11.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/19.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/logos/4.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/3.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/6.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/index.html - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/5.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/10.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/7.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/8.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/1.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/2.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/9.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/11.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/buttons/4.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/misc.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/all_arrows.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/all_icons.psd - error - password-protected file
C:\Documents and Settings\Nicole\Desktop\template_5156_ob4aarrvvLLooddBB33J\sources_271lt7EOT3.zip » ZIP » sources/clipart_library/all_bullets.psd - error - password-protected file
C:\Documents and Settings\Nicole\Local Settings\Application Data\Identities\{804E8066-5E77-4DA8-B2FF-D5D68CF9DB12}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Nicole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Nicole\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Nicole\Local Settings\Temp\.tt9A.tmp.vbs - Win32/Adware.XPAntivirus application - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Nicole\Local Settings\Temp\s16k » NSIS » ıª€ - probably a variant of Win32/Adware.GooochiBiz application - was a part of the deleted object
C:\Documents and Settings\Nicole\Local Settings\Temp\s19o » NSIS » gzmrt.dll - probably a variant of Win32/Adware.GooochiBiz application - was a part of the deleted object
C:\Documents and Settings\Nicole\Local Settings\Temp\s1m4 » NSIS » gzmrt.dll - probably a variant of Win32/Adware.GooochiBiz application - was a part of the deleted object
C:\Documents and Settings\Nicole\Local Settings\Temp\s258 » NSIS » ıª€ - probably a variant of Win32/Adware.GooochiBiz application - was a part of the deleted object
C:\Documents and Settings\Nicole\Local Settings\Temp\s3ls » NSIS » gzmrt.dll - a variant of Win32/Adware.GooochiBiz application - was a part of the deleted object
C:\Documents and Settings\Nicole\Local Settings\Temp\s8c » NSIS » ı§€ - a variant of Win32/Adware.GooochiBiz application - was a part of the deleted object
C:\Documents and Settings\Nicole\Local Settings\Temp\sc8.2.exe » NSIS » iebrowserc.dll - probably a variant of Win32/TrojanClicker.Agent trojan - was a part of the deleted object
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561405.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S2.CAB » CAB » IENT_2.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S3.CAB » CAB » IENT_3.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S4.CAB » CAB » IENT_4.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IENT_S5.CAB » CAB » IENT_5.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IE_S2.CAB » CAB » IE_2.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IE_S3.CAB » CAB » IE_3.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » FILES/OSP/1033/IE5/EN/IE_S4.CAB » CAB » IE_4.CAB » CAB - file is not an archive
C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip » ZIP » OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Keyword Elite\dictionary\data0.pack » ZIP » recepten.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Keyword Elite\dictionary\data0.pack » ZIP » recetas.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Keyword Elite\dictionary\data0.pack » ZIP » x-mas.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf - error opening [4]
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Nvu\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IENT_S2.CAB » CAB » IENT_2.CAB » CAB - file is not an archive
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IENT_S3.CAB » CAB » IENT_3.CAB » CAB - file is not an archive
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IENT_S4.CAB » CAB » IENT_4.CAB » CAB - file is not an archive
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IENT_S5.CAB » CAB » IENT_5.CAB » CAB - file is not an archive
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IE_S2.CAB » CAB » IE_2.CAB » CAB - file is not an archive
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IE_S3.CAB » CAB » IE_3.CAB » CAB - file is not an archive
C:\WINDOWS\FILES\OSP\1033\IE5\EN\IE_S4.CAB » CAB » IE_4.CAB » CAB - file is not an archive
C:\WINDOWS\system32\gzmrt.dll - probably a variant of Win32/Adware.GooochiBiz application - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
C:\WINDOWS\system32\drivers\n3xeqdednlu.sys - error opening [4]
C:\WINDOWS\Temp\exp53.tmp » RAR » expdate.txt - archive damaged
C:\WINDOWS\xp\OFFICE1.CAB » CAB » VIDEO.MHT » MIME - is OK (internal scanning not performed)
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTMLED.DLL - next archive volume not found
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IENT_S2.CAB » CAB » IENT_2.CAB » CAB - file is not an archive
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IENT_S3.CAB » CAB » IENT_3.CAB » CAB - file is not an archive
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IENT_S4.CAB » CAB » IENT_4.CAB » CAB - file is not an archive
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IENT_S5.CAB » CAB » IENT_5.CAB » CAB - file is not an archive
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IE_S1.CAB » CAB » IE_1.CAB » CAB » SHDOCVW.DLL - next archive volume not found
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IE_S2.CAB » CAB » IE_2.CAB » CAB - file is not an archive
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IE_S3.CAB » CAB » IE_3.CAB » CAB - file is not an archive
C:\WINDOWS\xp\FILES\OSP\1033\IE5\EN\IE_S4.CAB » CAB » IE_4.CAB » CAB - file is not an archive
Number of scanned objects: 509953
Number of threats found: 9
Number of cleaned objects: 9
Time of completion: 10:36:31 AM Total scanning time: 8098 sec (02:14:58)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

Here is my Combofix log

ComboFix 08-09-10.04 - Nicole 2008-09-12 11:11:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT 10:00]
Running from: C:\Documents and Settings\Nicole\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicole\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-11 17:22 . 2008-09-11 17:53 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\uTorrent
2008-09-11 16:41 . 2008-09-11 16:41 86,528 --a------ C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys
2008-09-11 16:26 . 2008-09-12 10:52 86,528 --a------ C:\WINDOWS\system32\drivers\n3xeqdednlu.sys
2008-09-11 16:24 . 2008-09-11 16:24 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-09-11 16:23 . 2008-09-11 16:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 16:23 . 2008-09-11 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 16:23 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 16:23 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 16:15 . 2008-09-10 16:15 <DIR> d-------- C:\rsit
2008-08-27 15:51 . 2008-08-27 15:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-27 13:51 . 2008-08-27 13:51 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-26 19:36 . 2008-08-27 08:52 86,528 --a------ C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys
2008-08-26 19:36 . 2008-08-27 14:46 3 --a------ C:\temp.tmp
2008-08-26 14:02 . 2008-08-27 12:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57 . 2008-08-24 17:19 410 --a------ C:\WINDOWS\brwmark.ini
2008-08-20 14:11 . 2008-08-20 14:11 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-20 10:33 . 2008-08-20 10:33 244 --ah----- C:\sqmnoopt01.sqm
2008-08-20 10:33 . 2008-08-20 10:33 232 --ah----- C:\sqmdata01.sqm
2008-08-18 20:16 . 2008-08-18 20:59 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{EF1E5D6E-3F0D-4C14-8934-F3FFF99A1F91}
2008-08-18 13:27 . 2008-08-18 13:27 71,688 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2008-08-18 13:27 . 2008-08-18 13:27 54,280 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-08-18 13:27 . 2008-08-18 13:27 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2008-08-18 13:19 . 2008-08-18 13:19 53,256 --a------ C:\WINDOWS\systema32\drivers\easdrv.sys
2008-08-18 13:18 . 2008-08-18 13:18 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-08-13 11:18 . 2008-05-02 00:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 22:20 --------- d-----w C:\Program Files\ESET
2008-09-11 08:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 23:14 --------- d-----w C:\Documents and Settings\Nicole\Application Data\CoreFTP
2008-08-24 21:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 21:47 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-08-14 10:16 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Apple Computer
2008-08-08 02:46 --------- d--h--w C:\Program Files\Give4Free Plugin
2008-08-08 02:28 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 22:17 --------- d-----w C:\Program Files\TGTSoft
2008-08-04 03:59 --------- d-----w C:\Program Files\The Logo Creator v5
2008-08-01 03:32 --------- d-----w C:\Program Files\Total Video Converter
2008-07-31 10:01 --------- d-----w C:\Program Files\SourceTec
2008-07-22 22:21 --------- d-----w C:\Program Files\SoftLogica
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-13 00:14 123,368,360 ----a-w C:\Program Files\Office2003SP3-KB923618-FullFile-ENU.exe
2008-03-05 08:04 38,344 ------w C:\Documents and Settings\Nicole\Application Data\GDIPFONTCACHEV1.DAT
2008-01-29 00:24 414,281,551 ----a-w C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip
2008-01-13 22:14 15,452,536 ------w C:\Documents and Settings\Nicole\IE7-WindowsXP-x86-enu.exe
2008-01-11 11:47 4,494,664 ------w C:\Documents and Settings\Nicole\LimeWireWin.exe
2007-05-24 04:58 249,856 ----a-w C:\WINDOWS\inf\WG511v2\InsDrv2k.exe
2006-12-04 01:38 53,248 ----a-w C:\WINDOWS\inf\WG511v2\snetcfg .exe
2006-12-04 01:38 265,984 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2XP.sys
2006-12-04 01:38 249,856 ----a-w C:\WINDOWS\inf\WG511v2\InsDrvlh.exe
2006-12-04 01:38 212,992 ----a-w C:\WINDOWS\inf\WG511v2\CopyWHQLDriver.exe
2006-12-04 01:38 21,376 ----a-w C:\WINDOWS\inf\WG511v2\wlndis51.sys
.
<pre>
----a-w			53,248 2006-12-04 01:38:30  C:\WINDOWS\inf\WG511v2\snetcfg .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 335872]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"AutoTBar"="AUTOTBAR.EXE" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2iwk6m26fyp.sys]
@="\??\C:\WINDOWS\system32\drivers\2iwk6m26fyp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crcyphsf6hs.sys]
@="\??\C:\WINDOWS\system32\drivers\crcyphsf6hs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\n3xeqdednlu.sys]
@="\??\C:\WINDOWS\system32\drivers\n3xeqdednlu.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfchmwr2ipr.sys]
@="\??\C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xb1hofnhvwj.sys]
@="\??\C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\South Park Desktop Friends.lnk
backup=C:\WINDOWS\pss\South Park Desktop Friends.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNP]
C:\Program Files\Desktop Notepad\Desktop Notepad.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 07:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My App]
C:\Program Files\Desktop Clock\Desktop Clock.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc1kjj0etfg]
C:\Program Files\rhc1kjj0etfg\rhc1kjj0etfg.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 16:48 851968 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-10 11:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{380bba57-4bbe-9a8e-a532-b09f891aead5}]
C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 n3xeqdednlu.sys;n3xeqdednlu.sys;C:\WINDOWS\system32\drivers\n3xeqdednlu.sys [2008-09-12 86528]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 26624]
S2 2iwk6m26fyp.sys;2iwk6m26fyp.sys;C:\WINDOWS\system32\drivers\2iwk6m26fyp.sys [ ]
S2 crcyphsf6hs.sys;crcyphsf6hs.sys;C:\WINDOWS\system32\drivers\crcyphsf6hs.sys [ ]
S2 wfchmwr2ipr.sys;wfchmwr2ipr.sys;C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys [2008-09-11 86528]
S2 xb1hofnhvwj.sys;xb1hofnhvwj.sys;C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys [2008-08-27 86528]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nicole\Application Data\Mozilla\Firefox\Profiles\v4n5o15e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 11:12:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Nicole\LOCALS~1\Temp\RGIBD.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-09-12 11:15:36
ComboFix-quarantined-files.txt 2008-09-12 01:15:03

Pre-Run: 20,184,604,672 bytes free
Post-Run: 20,154,019,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

202 --- E O F --- 2008-09-11 10:24:51


And here is my RSIT Log and INFO files


Logfile of random's system information tool (written by random/random)
Run by Nicole at 2008-09-12 11:17:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (50%) free of 38 GB
Total RAM: 735 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:25 AM, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicole\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5533 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"AutoTBar"=AUTOTBAR.EXE []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-08-18 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNP]
C:\Program Files\Desktop Notepad\Desktop Notepad.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My App]
C:\Program Files\Desktop Clock\Desktop Clock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc1kjj0etfg]
C:\Program Files\rhc1kjj0etfg\rhc1kjj0etfg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{380bba57-4bbe-9a8e-a532-b09f891aead5}]
C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll DllStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
C:\PROGRA~1\SOUTHP~1\SOUTHP~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\2iwk6m26fyp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\crcyphsf6hs.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\n3xeqdednlu.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wfchmwr2ipr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xb1hofnhvwj.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\2iwk6m26fyp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\crcyphsf6hs.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\n3xeqdednlu.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wfchmwr2ipr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xb1hofnhvwj.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

List of files/folders created in the last three months

2008-09-12 11:17:13 ----SHD---- C:\RECYCLER
2008-09-12 11:15:38 ----A---- C:\ComboFix.txt
2008-09-12 11:11:00 ----A---- C:\Boot.bak
2008-09-12 11:10:52 ----D---- C:\cmdcons
2008-09-12 10:42:47 ----D---- C:\WINDOWS\erdnt
2008-09-12 10:41:55 ----D---- C:\QooBox
2008-09-12 10:41:51 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\zip.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\swreg.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\sed.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\grep.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\fdsv.exe
2008-09-12 10:41:49 ----A---- C:\WINDOWS\VFind.exe
2008-09-12 10:41:48 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-12 10:41:48 ----A---- C:\WINDOWS\swsc.exe
2008-09-11 17:22:57 ----D---- C:\Documents and Settings\Nicole\Application Data\uTorrent
2008-09-11 16:24:03 ----D---- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-09-11 16:23:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 16:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 16:15:20 ----D---- C:\rsit
2008-08-27 15:51:27 ----D---- C:\Program Files\Trend Micro
2008-08-27 13:51:55 ----D---- C:\Program Files\Enigma Software Group
2008-08-26 19:36:06 ----A---- C:\temp.tmp
2008-08-26 14:02:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57:53 ----A---- C:\WINDOWS\brwmark.ini
2008-08-20 14:11:55 ----A---- C:\WINDOWS\WORDPAD.INI
2008-08-14 07:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 07:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 07:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 07:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 07:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 07:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-08 12:28:53 ----HD---- C:\Program Files\Give4Free Plugin
2008-08-08 12:28:15 ----D---- C:\Program Files\Common Files\SWF Studio
2008-08-08 08:17:11 ----D---- C:\Program Files\TGTSoft
2008-08-04 10:31:00 ----D---- C:\WINDOWS\Minidump
2008-07-31 20:01:57 ----D---- C:\Program Files\Common Files\SourceTec
2008-07-31 20:01:54 ----D---- C:\Program Files\SourceTec
2008-07-30 18:51:31 ----D---- C:\etax2008
2008-07-30 14:48:21 ----D---- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-07-30 14:47:40 ----D---- C:\Program Files\WinRAR
2008-07-30 13:21:18 ----D---- C:\Program Files\Total Video Converter
2008-07-09 20:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-23 08:01:10 ----D---- C:\Documents and Settings\Nicole\Application Data\SoftLogica
2008-06-23 08:00:29 ----D---- C:\Program Files\SoftLogica
2008-06-21 09:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-20 07:51:13 ----D---- C:\Program Files\The Logo Creator v5
2008-06-19 17:05:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-06-16 20:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-16 20:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-16 20:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-16 20:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-16 20:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-16 13:05:27 ----D---- C:\WINDOWS\system32\NtmsData
2008-06-16 12:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-16 11:03:44 ----D---- C:\Program Files\ADOBE.ILLUSTRATOR.CS3.ISO-LZ0
2008-06-16 10:53:47 ----D---- C:\Program Files\Adobe Photoshop CS3 Extended Final

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-08-18 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-08-18 71688]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 n3xeqdednlu.sys;n3xeqdednlu.sys; \??\C:\WINDOWS\system32\drivers\n3xeqdednlu.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-29 231552]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\alifir.sys [2001-08-17 26624]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-08-18 30728]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S2 2iwk6m26fyp.sys;2iwk6m26fyp.sys; \??\C:\WINDOWS\system32\drivers\2iwk6m26fyp.sys []
S2 crcyphsf6hs.sys;crcyphsf6hs.sys; \??\C:\WINDOWS\system32\drivers\crcyphsf6hs.sys []
S2 wfchmwr2ipr.sys;wfchmwr2ipr.sys; \??\C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys []
S2 xb1hofnhvwj.sys;xb1hofnhvwj.sys; \??\C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys []
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-08-18 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-19 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-05 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


INFO

info.txt logfile of random's system information tool 2008-09-12 11:17:28

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Affiliate Video Brander Version 3.0-->"C:\Program Files\Affiliate Video Brander\unins000.exe"
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5-->MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Core FTP LE 2.0-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Directory Dominator-->"C:\Program Files\Directory Dominator\unins000.exe"
ESET Smart Security-->MsiExec.exe /I{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OptiTools-->C:\PROGRA~1\Java\JRE16~1.0_0\bin\javaw.exe -cp C:\PROGRA~1\Java\JRE16~1.0_0\JEXPRE~1.JAR com.denova.JExpress.Uninstaller.JUninstall C:\PROGRA~1\OPTITO~1\JExpress\UNINST~1
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
The Logo Creator v5.2-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Security center information

AV: ESET Smart Security 3.0 (disabled)
FW: ESET Personal firewall (disabled)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------



Thanks again!

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 12 September 2008 - 01:26 AM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Removal Instructions
  • Empty all p2p (Bitlord, uTorrent, etc...) download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • It seems Combofix is run twice. I need to see the ComboFix.txt from the first run. Please copy/paste the combofix.txt from the the first run located at C:\Qoobox\.

  • Close any open browsers.

    Open notepad and copy/paste the text in the code box below into it:

    Driver::
    n3xeqdednlu.sys
    2iwk6m26fyp.sys
    crcyphsf6hs.sys
    wfchmwr2ipr.sys
    xb1hofnhvwj.sys
    
    Rootkit::
    C:\WINDOWS\system32\drivers\n3xeqdednlu.sys
    C:\WINDOWS\system32\drivers\xb1hofnhvwj.sys
    C:\WINDOWS\system32\drivers\2iwk6m26fyp.sys
    C:\WINDOWS\system32\drivers\crcyphsf6hs.sys
    C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys
    C:\WINDOWS\system32\zevzjxhnmbpziuqxa.dll
    
    Folder::
    C:\Program Files\rhc1kjj0etfg
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc1kjj0etfg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{380bba57-4bbe-9a8e-a532-b09f891aead5}]
    
    RenV::
    C:\WINDOWS\inf\WG511v2\snetcfg .exe

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Please run RSIT and copy/paste the content of log.txt to your reply.
Please post in your next reply:
  • The Combofix logs from the first run and the current run.
  • The RSIT log.txt.


#10 rubo123

rubo123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 16 September 2008 - 02:13 AM

Hi Farbar

I have removed utorrent.

The reason i ran 2 combofix logs was because when i ran the first one i forgot to download the recovery console.

so i let it run, then when it was finished i downloaded the recovery console and before i ran it again i deleted the log file thinking that i needed to in order to run another combofix.

Very sorry about that, and yes i emptied my recycle bin after i deleted it so i cannot recover it.

Here is my new combo fix log


aComboFix 08-09-10.04 - Nicole 2008-09-16 16:15:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446 [GMT 10:00]
Running from: C:\Documents and Settings\Nicole\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicole\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\n3xeqdednlu.sys
C:\WINDOWS\system32\drivers\wfchmwr2ipr.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_2IWK6M26FYP.SYS
-------\Legacy_CRCYPHSF6HS.SYS
-------\Legacy_N3XEQDEDNLU.SYS
-------\Legacy_XB1HOFNHVWJ.SYS
-------\Service_2iwk6m26fyp.sys
-------\Service_crcyphsf6hs.sys
-------\Service_n3xeqdednlu.sys
-------\Service_wfchmwr2ipr.sys
-------\Service_xb1hofnhvwj.sys


((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-15 17:53 . 2008-09-15 17:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-15 17:50 . 2008-09-15 17:51 <DIR> d-------- C:\Program Files\iTunes
2008-09-15 17:50 . 2008-09-15 17:50 <DIR> d-------- C:\Program Files\iPod
2008-09-15 17:50 . 2008-09-15 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-11 17:22 . 2008-09-11 17:53 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\uTorrent
2008-09-11 16:24 . 2008-09-11 16:24 <DIR> d-------- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-09-11 16:23 . 2008-09-11 16:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 16:23 . 2008-09-11 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 16:23 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 16:23 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 16:15 . 2008-09-12 11:17 <DIR> d-------- C:\rsit
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-27 15:51 . 2008-08-27 15:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-27 13:51 . 2008-08-27 13:51 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-26 19:36 . 2008-08-27 14:46 3 --a------ C:\temp.tmp
2008-08-26 14:02 . 2008-08-27 12:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57 . 2008-08-24 17:19 410 --a------ C:\WINDOWS\brwmark.ini
2008-08-20 14:11 . 2008-08-20 14:11 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-20 10:33 . 2008-08-20 10:33 244 --ah----- C:\sqmnoopt01.sqm
2008-08-20 10:33 . 2008-08-20 10:33 232 --ah----- C:\sqmdata01.sqm
2008-08-18 20:16 . 2008-08-18 20:59 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{EF1E5D6E-3F0D-4C14-8934-F3FFF99A1F91}
2008-08-18 13:27 . 2008-08-18 13:27 71,688 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2008-08-18 13:27 . 2008-08-18 13:27 54,280 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-08-18 13:27 . 2008-08-18 13:27 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2008-08-18 13:19 . 2008-08-18 13:19 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 13:18 . 2008-08-18 13:18 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 07:46 --------- d-----w C:\Program Files\Bonjour
2008-09-15 07:45 --------- d-----w C:\Program Files\QuickTime
2008-09-15 07:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-11 22:20 --------- d-----w C:\Program Files\ESET
2008-09-11 08:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 23:14 --------- d-----w C:\Documents and Settings\Nicole\Application Data\CoreFTP
2008-08-24 21:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 21:47 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-08-14 10:16 --------- d-----w C:\Documents and Settings\Nicole\Application Data\Apple Computer
2008-08-08 02:46 --------- d--h--w C:\Program Files\Give4Free Plugin
2008-08-08 02:28 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 22:17 --------- d-----w C:\Program Files\TGTSoft
2008-08-04 03:59 --------- d-----w C:\Program Files\The Logo Creator v5
2008-08-01 03:32 --------- d-----w C:\Program Files\Total Video Converter
2008-07-31 10:01 --------- d-----w C:\Program Files\SourceTec
2008-07-22 22:21 --------- d-----w C:\Program Files\SoftLogica
2008-03-13 00:14 123,368,360 ----a-w C:\Program Files\Office2003SP3-KB923618-FullFile-ENU.exe
2008-03-05 08:04 38,344 ------w C:\Documents and Settings\Nicole\Application Data\GDIPFONTCACHEV1.DAT
2008-01-29 00:24 414,281,551 ----a-w C:\Program Files\2006 Microsoft Office XP PRO (Word, Excel, Powerpoint, Outlook, Access, Frontpage).zip
2008-01-13 22:14 15,452,536 ------w C:\Documents and Settings\Nicole\IE7-WindowsXP-x86-enu.exe
2008-01-11 11:47 4,494,664 ------w C:\Documents and Settings\Nicole\LimeWireWin.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-12_11.03.03.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll
+ 2006-12-04 01:38:30 53,248 ----a-w C:\WINDOWS\inf\WG511v2\snetcfg.exe
+ 2008-09-15 07:52:09 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-09-15 07:54:01 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-15 07:46:59 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2008-09-15 06:30:51 12,288 ----a-r C:\WINDOWS\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-15 06:30:51 282,624 ----a-r C:\WINDOWS\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2008-09-15 06:30:51 135,168 ----a-r C:\WINDOWS\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-15 06:30:51 27,136 ----a-r C:\WINDOWS\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-15 06:30:51 4,096 ----a-r C:\WINDOWS\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-01-29 02:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 03:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 03:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 03:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-09-10 06:45:18 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
- 2008-01-29 02:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-04-17 03:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2008-08-05 01:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-09-16 06:23:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7d0.dat
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 335872]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe [2007-06-26 1499136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\South Park Desktop Friends.lnk
backup=C:\WINDOWS\pss\South Park Desktop Friends.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 07:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 16:48 851968 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-10 11:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\services.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 26624]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AutoTBar - AUTOTBAR.EXE
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-DNP - C:\Program Files\Desktop Notepad\Desktop Notepad.exe
MSConfigStartUp-My App - C:\Program Files\Desktop Clock\Desktop Clock.exe
MSConfigStartUp-nmapp - C:\Program Files\Pure Networks\Network Magic\nmapp.exe
MSConfigStartUp-STYLEXP - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 16:34:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-16 16:44:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-16 06:44:21
ComboFix2.txt 2008-09-12 01:15:38

Pre-Run: 19,572,678,656 bytes free
Post-Run: 19,650,535,424 bytes free

203 --- E O F --- 2008-09-12 05:52:07


And here is my RSIT log

Logfile of random's system information tool (written by random/random)
Run by Nicole at 2008-09-16 16:58:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (49%) free of 38 GB
Total RAM: 735 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:57 PM, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nicole\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5566 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-08-18 1447168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
C:\PROGRA~1\SOUTHP~1\SOUTHP~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:enable"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

List of files/folders created in the last three months

2008-09-16 16:44:49 ----A---- C:\ComboFix.txt
2008-09-15 17:53:51 ----D---- C:\Program Files\Apple Software Update
2008-09-15 17:50:13 ----D---- C:\Program Files\iPod
2008-09-15 17:50:00 ----D---- C:\Program Files\iTunes
2008-09-15 17:50:00 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 15:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-12 11:11:00 ----A---- C:\Boot.bak
2008-09-12 11:10:52 ----D---- C:\cmdcons
2008-09-12 10:42:47 ----D---- C:\WINDOWS\erdnt
2008-09-12 10:41:55 ----D---- C:\QooBox
2008-09-12 10:41:51 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\zip.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\swreg.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\sed.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\grep.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\fdsv.exe
2008-09-12 10:41:49 ----A---- C:\WINDOWS\VFind.exe
2008-09-12 10:41:48 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-12 10:41:48 ----A---- C:\WINDOWS\swsc.exe
2008-09-11 17:22:57 ----D---- C:\Documents and Settings\Nicole\Application Data\uTorrent
2008-09-11 16:24:03 ----D---- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-09-11 16:23:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 16:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 16:15:20 ----D---- C:\rsit
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-27 15:51:27 ----D---- C:\Program Files\Trend Micro
2008-08-27 13:51:55 ----D---- C:\Program Files\Enigma Software Group
2008-08-26 19:36:06 ----A---- C:\temp.tmp
2008-08-26 14:02:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57:53 ----A---- C:\WINDOWS\brwmark.ini
2008-08-20 14:11:55 ----A---- C:\WINDOWS\WORDPAD.INI
2008-08-14 07:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 07:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 07:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 07:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 07:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 07:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-08 12:28:53 ----HD---- C:\Program Files\Give4Free Plugin
2008-08-08 12:28:15 ----D---- C:\Program Files\Common Files\SWF Studio
2008-08-08 08:17:11 ----D---- C:\Program Files\TGTSoft
2008-08-04 10:31:00 ----D---- C:\WINDOWS\Minidump
2008-07-31 20:01:57 ----D---- C:\Program Files\Common Files\SourceTec
2008-07-31 20:01:54 ----D---- C:\Program Files\SourceTec
2008-07-30 18:51:31 ----D---- C:\etax2008
2008-07-30 14:48:21 ----D---- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-07-30 14:47:40 ----D---- C:\Program Files\WinRAR
2008-07-30 13:21:18 ----D---- C:\Program Files\Total Video Converter
2008-07-09 20:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-23 08:01:10 ----D---- C:\Documents and Settings\Nicole\Application Data\SoftLogica
2008-06-23 08:00:29 ----D---- C:\Program Files\SoftLogica
2008-06-21 09:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-20 07:51:13 ----D---- C:\Program Files\The Logo Creator v5
2008-06-19 17:05:33 ----D---- C:\Program Files\Common Files\Macrovision Shared

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-08-18 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-08-18 71688]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-29 231552]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\alifir.sys [2001-08-17 26624]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-08-18 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-08-18 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-19 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-05 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 16 September 2008 - 02:45 AM

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 update 7 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • Please run RSIT and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • Tell me how is your computer running.


#12 rubo123

rubo123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 16 September 2008 - 03:20 AM

Hi Farbar,

I did the java task succesfully.


My computer seems to be running great, as far as i can tell the virus is completely gone.

but hey i dont know to much, how does it look to you??

ps- where bouts you live


heres my RSIT Log



Logfile of random's system information tool (written by random/random)
Run by Nicole at 2008-09-16 18:17:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (49%) free of 38 GB
Total RAM: 735 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:15 PM, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicole\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicole.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG511v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG511v2\WG511v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5613 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 335872]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-08-18 1447168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 851968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
C:\PROGRA~1\SOUTHP~1\SOUTHP~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG511v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG511v2\WG511v2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:enable"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

List of files/folders created in the last three months

2008-09-16 18:15:38 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-16 18:15:38 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-16 18:15:38 ----A---- C:\WINDOWS\system32\java.exe
2008-09-16 18:14:29 ----D---- C:\Program Files\Common Files\Java
2008-09-16 17:38:39 ----D---- C:\Documents and Settings\Nicole\Application Data\FileZilla
2008-09-16 17:38:06 ----D---- C:\Program Files\FileZilla FTP Client
2008-09-16 17:02:00 ----SHD---- C:\RECYCLER
2008-09-16 16:44:49 ----A---- C:\ComboFix.txt
2008-09-15 17:53:51 ----D---- C:\Program Files\Apple Software Update
2008-09-15 17:50:13 ----D---- C:\Program Files\iPod
2008-09-15 17:50:00 ----D---- C:\Program Files\iTunes
2008-09-15 17:50:00 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 15:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-12 11:11:00 ----A---- C:\Boot.bak
2008-09-12 11:10:52 ----D---- C:\cmdcons
2008-09-12 10:42:47 ----D---- C:\WINDOWS\erdnt
2008-09-12 10:41:55 ----D---- C:\QooBox
2008-09-12 10:41:51 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\zip.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\swreg.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\sed.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\grep.exe
2008-09-12 10:41:50 ----A---- C:\WINDOWS\fdsv.exe
2008-09-12 10:41:49 ----A---- C:\WINDOWS\VFind.exe
2008-09-12 10:41:48 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-12 10:41:48 ----A---- C:\WINDOWS\swsc.exe
2008-09-11 17:22:57 ----D---- C:\Documents and Settings\Nicole\Application Data\uTorrent
2008-09-11 16:24:03 ----D---- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
2008-09-11 16:23:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 16:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 16:15:20 ----D---- C:\rsit
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-27 15:51:27 ----D---- C:\Program Files\Trend Micro
2008-08-27 13:51:55 ----D---- C:\Program Files\Enigma Software Group
2008-08-26 19:36:06 ----A---- C:\temp.tmp
2008-08-26 14:02:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-23 19:57:53 ----A---- C:\WINDOWS\brwmark.ini
2008-08-20 14:11:55 ----A---- C:\WINDOWS\WORDPAD.INI
2008-08-14 07:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 07:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 07:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 07:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 07:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 07:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-08 12:28:53 ----HD---- C:\Program Files\Give4Free Plugin
2008-08-08 12:28:15 ----D---- C:\Program Files\Common Files\SWF Studio
2008-08-08 08:17:11 ----D---- C:\Program Files\TGTSoft
2008-08-04 10:31:00 ----D---- C:\WINDOWS\Minidump
2008-07-31 20:01:57 ----D---- C:\Program Files\Common Files\SourceTec
2008-07-31 20:01:54 ----D---- C:\Program Files\SourceTec
2008-07-30 18:51:31 ----D---- C:\etax2008
2008-07-30 14:48:21 ----D---- C:\Documents and Settings\Nicole\Application Data\WinRAR
2008-07-30 14:47:40 ----D---- C:\Program Files\WinRAR
2008-07-30 13:21:18 ----D---- C:\Program Files\Total Video Converter
2008-07-09 20:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-23 08:01:10 ----D---- C:\Documents and Settings\Nicole\Application Data\SoftLogica
2008-06-23 08:00:29 ----D---- C:\Program Files\SoftLogica
2008-06-21 09:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-20 07:51:13 ----D---- C:\Program Files\The Logo Creator v5
2008-06-19 17:05:33 ----D---- C:\Program Files\Common Files\Macrovision Shared

List of drivers

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-08-18 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-08-18 71688]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-29 231552]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\alifir.sys [2001-08-17 26624]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-08-18 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2XP.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-08-18 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-19 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-05 138168]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 16 September 2008 - 01:10 PM

ps- where bouts you live


If you mean where I live, I live in Amsterdam.


Your log looks clean.

:)
Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


:thumbsup:
Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.


In order to reduce the possible infection in the future, you may follow the following steps:
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.
  • Sometimes the Privacy, Security and other settings are altered by the malware. Check and if needed reset them to default:
    • Open Internet explorer > Tools menu > Internet options.
    • Under privacy tab press default.
    • Under security tab press default.
    • Under General tab press Delete... then Delete All Check Also delete files and settings stored by Add-ons click Yes.
  • Use a firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:
    Sunbelt-Kerio
    Comodo Firewall Pro
    Online Armor Free edition

  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has recently released Service Pack 3 which has more features and is more secure than Service Pack 2. You may update your Windows via Windows update.

    You can update by going to start > All Programs > Windows update > click on Custom button.

  • Besides your Antivirus make use of Antispyware programs. You may keep MBAM. I recommend you one of the following antispyware programs to protect yourself against spyware, make sure you only use one real-time antispyware protection program besides your antivirus teal-time protection as running more than one real-time antispyware program may cause compatibility problems and effect the performance of your system negatively:
    SUPERAntiSpyware
    Spybot - Search and Destroy

  • Install Javacools© SpywareBlaster -
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. You can find more information and a download link here.

Enjoy surfing!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:29 PM

Posted 21 September 2008 - 04:00 PM

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you.
Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users