Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo: Tried Alot Still Something Hanging Around!


  • Please log in to reply
11 replies to this topic

#1 kraze98nyc

kraze98nyc

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 28 September 2008 - 06:43 PM

I have tried multiple programs, some helped but there is still a piece left.
I've ran combofix, super anti-malware which detected a bunch but still left some on after restart.
Any help appreciated!

note: Just had a nod32 popup for

file:

c:\windows\system32\tdssserf1.dll

threat:

Win32/Agent.ODG trojan


Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:55 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212641234379
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212641322864
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 12636 bytes

BC AdBot (Login to Remove)

 


#2 kraze98nyc

kraze98nyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 03 October 2008 - 12:04 AM

Its been 5 days. Am I supposed to ask again? I'm not sure what to do... Thanks for any help!

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 03 October 2008 - 05:23 AM

Hello kraze98nyc

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 kraze98nyc

kraze98nyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 03 October 2008 - 07:18 AM

I set it to 1 month, which was default.

info.txt:

info.txt logfile of random's system information tool 1.04 2008-10-03 08:17:33

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1st Mass Mailer-->"C:\Program Files\1st Mass Mailer\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
abti uGuru-->C:\Program Files\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\setup.exe -runfromtemp -l0x0009 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Plan Pro 2007-->MsiExec.exe /X{20585CDC-114E-4372-986A-0686B1A37A30}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Delete Duplicates for Outlook 3.8-->"C:\Program Files\Delete Duplicates for Outlook\unins000.exe"
Fast Email Extractor-->MsiExec.exe /I{A84D0BEE-2422-4F50-9CC8-83B495A6370E}
febooti fileTweak-->MsiExec.exe /I{CBB86C4E-7233-435B-B24A-8BDCFA0FDA54}
FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Instant Invoice n CashBook 2007-->"C:\Program Files\EzySoft\InstInvoiceCashBook2007\unins000.exe"
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
KWorld TV713X BDA Driver-->C:\WINDOWS\p3xunist.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NYKO Gamepad Mapping Tools 2.0.0-->"C:\Program Files\NYKO\Gamepad Mapping Tools\unins000.exe"
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Palm Outlook Conduits Updater-->MsiExec.exe /I{616A66CD-D36D-4E24-8B67-33AFDFF48061}
Palm-->MsiExec.exe /X{A005B38F-D5AB-4E35-93DD-9886E449FAF1}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickInvoice Pro 2.63-->"C:\Program Files\QuickInvoice\SETUP\setup.exe" /u
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.8.4 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
Super DVD Creator 9.5-->"C:\Program Files\Super_DVD_Creator_9.5\unins000.exe"
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - ABIT (UGURU) System (3.0.2005.531 )-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\uguru_347F83755F38F1570B602823E659DC5335F5A948\uguru.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: ESET NOD32 antivirus system 2.70

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Robert at 2008-10-03 08:17:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 92 GB (60%) free of 153 GB
Total RAM: 3070 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:31 AM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Robert\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Robert.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212641234379
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212641322864
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 13153 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-06-20 2296832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-23 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-04 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-06-20 2296832]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-23 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-05 949376]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1957888]
"Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-09-25 2007088]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-23 68856]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-06-28 160592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-23 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Robert\Start Menu\Programs\Startup
NYKO Gamepad Mapping Tools.lnk - C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Steam\steamapps\robmurk\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\robmurk\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee35548-3293-11dd-b18c-806d6172696f}]
shell\AutoRun\command - H:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d23e79-822b-11dd-903c-00508dbbd7be}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-03 08:17:26 ----D---- C:\rsit
2008-10-02 14:18:21 ----D---- C:\Program Files\TI Education
2008-10-02 14:18:21 ----D---- C:\Program Files\Common Files\TI Shared
2008-10-01 17:22:54 ----D---- C:\Program Files\Winamp
2008-10-01 17:22:54 ----D---- C:\Documents and Settings\Robert\Application Data\Winamp
2008-09-30 15:56:19 ----D---- C:\Program Files\1st Mass Mailer
2008-09-30 15:35:45 ----D---- C:\Program Files\Lencom Software Inc
2008-09-30 15:35:45 ----D---- C:\Program Files\Common Files\LencomShare
2008-09-30 15:33:37 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-30 15:33:37 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-30 15:33:25 ----D---- C:\Program Files\MSBuild
2008-09-30 15:04:59 ----D---- C:\Program Files\Vuze
2008-09-30 14:05:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-30 14:05:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-30 14:05:54 ----A---- C:\WINDOWS\system32\java.exe
2008-09-30 14:05:35 ----D---- C:\Program Files\Common Files\Java
2008-09-30 03:08:47 ----SHD---- C:\RECYCLER
2008-09-28 23:21:38 ----A---- C:\ComboFix.txt
2008-09-28 23:19:41 ----D---- C:\ComboFix
2008-09-28 21:19:26 ----D---- C:\Documents and Settings\Robert\Application Data\HPAppData
2008-09-28 21:13:50 ----D---- C:\Program Files\Hewlett-Packard
2008-09-28 21:13:43 ----D---- C:\Program Files\Common Files\HP
2008-09-28 20:49:47 ----A---- C:\WINDOWS\system32\hppldcoi.dll
2008-09-28 20:49:47 ----A---- C:\WINDOWS\system32\hpowiax5.dll
2008-09-28 20:49:47 ----A---- C:\WINDOWS\system32\hpovst12.dll
2008-09-28 20:49:47 ----A---- C:\WINDOWS\system32\hpotiop5.dll
2008-09-28 20:49:47 ----A---- C:\WINDOWS\system32\difxapi.dll
2008-09-28 19:01:33 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 19:00:59 ----D---- C:\Program Files\SpywareBlaster
2008-09-28 18:49:39 ----D---- C:\WINDOWS\temp
2008-09-28 17:43:18 ----D---- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-09-28 17:43:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 17:43:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 16:57:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-28 16:48:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 16:33:53 ----D---- C:\VundoFix Backups
2008-09-28 16:33:53 ----A---- C:\VundoFix.txt
2008-09-28 16:23:40 ----SHD---- C:\WINDOWS\CSC
2008-09-28 16:00:25 ----D---- C:\Program Files\PokerStars
2008-09-28 14:55:37 ----D---- C:\Program Files\Diskeeper Corporation
2008-09-28 14:42:36 ----A---- C:\WINDOWS\system32\cb3d2209-.txt
2008-09-28 14:11:43 ----D---- C:\Program Files\Uniblue
2008-09-28 14:11:43 ----D---- C:\Documents and Settings\Robert\Application Data\Uniblue
2008-09-28 14:11:43 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-28 04:36:36 ----D---- C:\Program Files\IP Traffic Monitor
2008-09-28 03:27:39 ----D---- C:\Program Files\Trend Micro
2008-09-27 04:00:40 ----D---- C:\WINDOWS\pss
2008-09-27 01:48:01 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2008-09-27 01:47:59 ----D---- C:\Program Files\Realtek
2008-09-27 01:47:52 ----D---- C:\Documents and Settings\Robert\Application Data\InstallShield
2008-09-24 16:36:11 ----D---- C:\Documents and Settings\Robert\Application Data\TuneUp Software
2008-09-23 23:29:43 ----A---- C:\Documents and Settings\All Users\Application Data\xml37.tmp
2008-09-23 23:29:42 ----A---- C:\Documents and Settings\All Users\Application Data\xml35.tmp
2008-09-23 06:44:44 ----A---- C:\Documents and Settings\All Users\Application Data\xml2CA.tmp
2008-09-23 06:44:44 ----A---- C:\Documents and Settings\All Users\Application Data\xml2C8.tmp
2008-09-23 06:44:43 ----A---- C:\Documents and Settings\All Users\Application Data\xml2C6.tmp
2008-09-22 02:31:06 ----D---- C:\Program Files\Keyword Elite
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-09-21 18:09:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-09-21 18:09:27 ----N---- C:\WINDOWS\system32\px.dll
2008-09-20 03:49:37 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 03:49:31 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-09-19 03:46:01 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-19 03:46:01 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-19 03:46:00 ----D---- C:\Program Files\Real Alternative
2008-09-19 03:46:00 ----D---- C:\Documents and Settings\Robert\Application Data\Real
2008-09-19 03:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2008-09-19 03:46:00 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-19 03:46:00 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-09-16 14:28:23 ----D---- C:\Program Files\Palm Inc
2008-09-11 02:07:42 ----D---- C:\Documents and Settings\Robert\Application Data\Arcsoft
2008-09-11 02:05:35 ----A---- C:\additdiag.txt
2008-09-09 14:54:47 ----D---- C:\Documents and Settings\Robert\Application Data\Hamachi
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 00:02:38 ----D---- C:\WINDOWS\system32\Adobe

======List of files/folders modified in the last 1 months======

2008-10-03 08:17:20 ----D---- C:\WINDOWS\Prefetch
2008-10-03 08:14:31 ----SD---- C:\WINDOWS\Tasks
2008-10-03 01:19:12 ----D---- C:\Program Files\FlashGet
2008-10-03 01:08:16 ----D---- C:\Program Files\Steam
2008-10-03 01:08:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-03 01:01:53 ----D---- C:\WINDOWS
2008-10-02 14:56:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-02 14:20:27 ----D---- C:\WINDOWS\system32
2008-10-02 14:20:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-02 14:19:20 ----D---- C:\WINDOWS\system32\drivers
2008-10-02 14:18:49 ----HD---- C:\WINDOWS\inf
2008-10-02 14:18:42 ----SHD---- C:\WINDOWS\Installer
2008-10-02 14:18:30 ----HD---- C:\Config.Msi
2008-10-02 14:18:23 ----RSD---- C:\WINDOWS\Fonts
2008-10-02 14:18:22 ----D---- C:\WINDOWS\system
2008-10-02 14:18:21 ----D---- C:\Program Files\Common Files
2008-10-02 14:18:21 ----D---- C:\Program Files
2008-10-02 14:17:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 03:05:08 ----D---- C:\Program Files\Mozilla Firefox
2008-10-02 00:20:37 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-01 22:55:24 ----D---- C:\Downloads
2008-10-01 14:18:10 ----SD---- C:\Documents and Settings\Robert\Application Data\Microsoft
2008-10-01 14:18:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-30 22:06:26 ----D---- C:\Documents and Settings\Robert\Application Data\Azureus
2008-09-30 16:30:49 ----D---- C:\Program Files\QuickTime
2008-09-30 15:34:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-30 15:33:43 ----D---- C:\WINDOWS\SHELLNEW
2008-09-30 15:33:22 ----D---- C:\Program Files\Microsoft Works
2008-09-30 15:25:15 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-09-30 15:24:30 ----A---- C:\WINDOWS\win.ini
2008-09-30 15:24:28 ----D---- C:\Program Files\Common Files\System
2008-09-30 15:11:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-30 14:05:54 ----D---- C:\Program Files\Java
2008-09-29 05:01:16 ----D---- C:\Documents and Settings\Robert\Application Data\FileZilla
2008-09-28 23:21:38 ----D---- C:\QooBox
2008-09-28 23:21:12 ----A---- C:\WINDOWS\system.ini
2008-09-28 23:20:36 ----D---- C:\WINDOWS\AppPatch
2008-09-28 23:15:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-28 23:13:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-28 21:14:03 ----D---- C:\WINDOWS\WinSxS
2008-09-28 21:13:50 ----D---- C:\WINDOWS\twain_32
2008-09-28 20:49:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-28 19:01:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-28 18:39:46 ----D---- C:\WINDOWS\system32\config
2008-09-28 18:39:41 ----D---- C:\WINDOWS\erdnt
2008-09-28 18:28:23 ----D---- C:\Program Files\Belkin Bulldog Plus
2008-09-28 17:01:55 ----D---- C:\WINDOWS\Help
2008-09-28 16:54:12 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-28 14:15:53 ----D---- C:\WINDOWS\system32\Macromed
2008-09-28 14:15:53 ----D---- C:\WINDOWS\nview
2008-09-28 03:34:21 ----D---- C:\Program Files\HP
2008-09-28 03:26:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-27 07:12:08 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-09-27 06:54:52 ----RSD---- C:\WINDOWS\assembly
2008-09-27 06:53:59 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-27 04:04:53 ----D---- C:\Program Files\Orb Networks
2008-09-27 03:55:59 ----D---- C:\WINDOWS\security
2008-09-27 03:42:44 ----D---- C:\Program Files\Internet Explorer
2008-09-27 03:22:33 ----D---- C:\Program Files\Azureus
2008-09-27 02:11:21 ----D---- C:\Documents and Settings\Robert\Application Data\Adobe
2008-09-27 01:48:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-27 01:47:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-27 01:39:45 ----D---- C:\WINDOWS\Minidump
2008-09-27 01:39:45 ----D---- C:\WINDOWS\Debug
2008-09-27 00:45:26 ----D---- C:\Program Files\OCCT
2008-09-27 00:44:55 ----D---- C:\Program Files\ShellExView
2008-09-27 00:44:01 ----D---- C:\Program Files\Camfrog
2008-09-23 06:43:26 ----RASH---- C:\boot.ini
2008-09-22 20:44:47 ----D---- C:\Program Files\Common Files\Logishrd
2008-09-22 02:37:42 ----D---- C:\WINDOWS\Resources
2008-09-21 00:00:56 ----D---- C:\Documents and Settings\Robert\Application Data\skypePM
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-09-16 21:27:12 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-15 18:19:28 ----D---- C:\Program Files\palmOne
2008-09-11 02:03:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-11 01:05:25 ----D---- C:\Program Files\FileZilla FTP Client
2008-09-10 15:04:19 ----D---- C:\Program Files\Windows Desktop Search
2008-09-10 15:01:46 ----D---- C:\WINDOWS\system32\wbem
2008-09-10 15:01:46 ----D---- C:\WINDOWS\system32\en-us
2008-09-10 15:01:14 ----D---- C:\Program Files\PokerStars.NET
2008-09-10 15:01:05 ----D---- C:\Program Files\Movie Joiner
2008-09-08 21:48:43 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-07 22:49:31 ----D---- C:\Program Files\Wolfenstein - Enemy Territory
2008-09-06 00:40:58 ----D---- C:\Program Files\Messenger
2008-09-06 00:40:56 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-04 00:02:38 ----D---- C:\Program Files\Common Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-06-05 15424]
R1 UGURU;UGURU; C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 713xTVCard;SAA7131 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 277504]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-06-05 512096]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2008-02-25 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-02-25 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-02-25 524312]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2008-02-25 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2008-02-25 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-02-25 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-02-25 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-02-25 92696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-02-25 127000]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-07-17 109952]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-10-16 945920]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Cap713x;Philips Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-02-25 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-09 25280]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 Memctl;Memctl; \??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-09-11 16694]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys []
S3 radpms;Driver for RADPMS Device; C:\WINDOWS\system32\DRIVERS\radpms.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 Winflash;WINFLASH; \??\C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys []
S3 WinRing0_1_1_1;WinRing0_1_1_1; \??\C:\Documents and Settings\Robert\Desktop\RealTemp_2.70\WinRing0.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-02 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-23 137200]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-05 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-20 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-09 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-10 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 03 October 2008 - 10:26 AM

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

=======================================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 kraze98nyc

kraze98nyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 03 October 2008 - 01:22 PM

Combofix:

ComboFix 08-10-03.01 - Robert 2008-10-03 14:16:11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2438 [GMT -4:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Robert\Cookies\robert@revsci[3].txt

.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 08:17 . 2008-10-03 08:17 <DIR> d-------- C:\rsit
2008-10-02 14:18 . 2008-10-02 14:18 <DIR> d-------- C:\Program Files\TI Education
2008-10-02 14:18 . 2008-10-02 14:18 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2008-10-02 14:18 . 2004-02-04 10:27 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2008-10-02 14:18 . 2004-01-28 15:03 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
2008-10-01 17:22 . 2008-10-01 17:23 <DIR> d-------- C:\Program Files\Winamp
2008-10-01 17:22 . 2008-10-01 17:38 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Winamp
2008-09-30 15:56 . 2008-09-30 15:56 <DIR> d-------- C:\Program Files\1st Mass Mailer
2008-09-30 15:35 . 2008-09-30 15:35 <DIR> d-------- C:\Program Files\Lencom Software Inc
2008-09-30 15:35 . 2008-09-30 15:35 <DIR> d-------- C:\Program Files\Common Files\LencomShare
2008-09-30 15:33 . 2008-09-30 15:33 <DIR> d-------- C:\Program Files\MSBuild
2008-09-30 15:04 . 2008-09-30 15:05 <DIR> d-------- C:\Program Files\Vuze
2008-09-30 14:05 . 2008-09-30 14:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-30 14:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-30 01:12 . 2008-09-30 01:12 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-09-30 01:12 . 2008-09-30 01:12 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-09-30 01:12 . 2008-09-30 01:12 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-09-28 21:19 . 2008-10-03 12:59 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\HPAppData
2008-09-28 21:13 . 2008-09-28 21:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-09-28 21:13 . 2008-09-28 21:13 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-28 20:49 . 2007-11-01 22:28 970,752 --a------ C:\WINDOWS\system32\hpotiop5.dll
2008-09-28 20:49 . 2007-11-01 22:28 729,088 --a------ C:\WINDOWS\system32\hpowiax5.dll
2008-09-28 20:49 . 2007-11-01 22:28 364,544 --a------ C:\WINDOWS\system32\hppldcoi.dll
2008-09-28 20:49 . 2007-11-01 22:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2008-09-28 20:49 . 2007-11-01 22:28 303,104 --a------ C:\WINDOWS\system32\hpovst12.dll
2008-09-28 20:47 . 2008-09-28 21:19 164,949 --a------ C:\WINDOWS\hpoins21.dat
2008-09-28 20:47 . 2008-01-23 21:34 7,262 --------- C:\WINDOWS\hpomdl21.dat
2008-09-28 19:01 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 19:00 . 2008-09-30 15:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-28 17:43 . 2008-09-28 17:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 17:43 . 2008-09-28 17:43 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-09-28 17:43 . 2008-09-28 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 17:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 17:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 16:33 . 2008-09-28 16:33 <DIR> d-------- C:\VundoFix Backups
2008-09-28 16:24 . 2008-09-28 16:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-28 16:00 . 2008-09-28 16:01 <DIR> d-------- C:\Program Files\PokerStars
2008-09-28 14:55 . 2008-09-28 14:55 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-09-28 14:11 . 2008-09-28 14:51 <DIR> d-------- C:\Program Files\Uniblue
2008-09-28 14:11 . 2008-09-28 14:51 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Uniblue
2008-09-28 14:11 . 2008-09-28 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-28 04:36 . 2008-09-28 14:05 <DIR> d-------- C:\Program Files\IP Traffic Monitor
2008-09-28 03:27 . 2008-09-28 03:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 03:38 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-27 03:37 . 2008-04-13 14:31 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-27 03:36 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-27 03:35 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-27 03:33 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-09-27 03:32 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-09-27 01:48 . 2008-07-16 22:35 9,728 --a------ C:\WINDOWS\system32\RtNicProp32.dll
2008-09-27 01:47 . 2008-09-27 01:47 <DIR> d-------- C:\Program Files\Realtek
2008-09-27 01:47 . 2008-09-27 01:47 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\InstallShield
2008-09-24 16:36 . 2008-09-24 16:36 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\TuneUp Software
2008-09-22 02:31 . 2008-09-22 02:39 <DIR> d-------- C:\Program Files\Keyword Elite
2008-09-20 03:49 . 2008-09-26 00:10 138,280 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-20 03:49 . 2008-09-26 00:10 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 03:49 . 2008-09-20 03:49 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-19 03:46 . 2008-09-19 03:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-16 14:28 . 2008-09-16 14:28 <DIR> d-------- C:\Program Files\Palm Inc
2008-09-11 02:07 . 2008-09-11 02:07 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Arcsoft
2008-09-11 02:01 . 2008-09-11 02:00 16,694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-09-11 01:29 . 2008-09-11 01:29 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-09 14:54 . 2008-09-09 14:58 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Hamachi
2008-09-09 14:54 . 2008-09-09 14:54 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-05 23:30 . 2008-09-05 23:30 241,704 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 . 2008-09-05 23:29 917,032 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-04 00:08 . 2008-09-04 00:11 19,485 --a------ C:\WINDOWS\hpqins13.dat
2008-09-04 00:02 . 2008-09-04 00:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-03 17:33 . 2008-09-03 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-09-03 17:28 . 2008-09-03 17:28 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-03 17:27 . 2008-09-03 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-03 17:27 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-09-03 17:27 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-03 17:27 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-09-03 16:16 . 2008-09-03 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-09-03 16:13 . 2008-09-03 16:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-03 16:13 . 2008-09-03 16:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-09-03 16:13 . 2008-09-03 16:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-09-03 16:12 . 2008-09-22 20:44 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-09-03 16:08 . 2008-04-13 20:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-03 16:08 . 2008-04-13 20:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-03 16:08 . 2008-04-13 14:39 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-03 16:08 . 2008-04-13 14:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:09 --------- d-----w C:\Program Files\FlashGet
2008-10-03 18:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-03 05:08 --------- d-----w C:\Program Files\Steam
2008-10-02 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-02 18:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-01 02:06 --------- d-----w C:\Documents and Settings\Robert\Application Data\Azureus
2008-09-30 20:30 --------- d-----w C:\Program Files\QuickTime
2008-09-30 19:35 91,804 ----a-w C:\Program Files\Common Files\Engines.lnl
2008-09-30 19:33 --------- d-----w C:\Program Files\Microsoft Works
2008-09-30 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-30 18:05 --------- d-----w C:\Program Files\Java
2008-09-29 09:01 --------- d-----w C:\Documents and Settings\Robert\Application Data\FileZilla
2008-09-29 03:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-29 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-28 22:28 --------- d-----w C:\Program Files\Belkin Bulldog Plus
2008-09-28 07:34 --------- d-----w C:\Program Files\HP
2008-09-27 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-27 08:04 --------- d-----w C:\Program Files\Orb Networks
2008-09-27 07:22 --------- d-----w C:\Program Files\Azureus
2008-09-27 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 04:45 --------- d-----w C:\Program Files\OCCT
2008-09-27 04:44 --------- d-----w C:\Program Files\ShellExView
2008-09-27 04:44 --------- d-----w C:\Program Files\Camfrog
2008-09-21 04:00 --------- d-----w C:\Documents and Settings\Robert\Application Data\skypePM
2008-09-17 01:27 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-09-15 22:19 --------- d-----w C:\Program Files\palmOne
2008-09-11 05:05 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-09-10 19:04 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-10 19:01 --------- d-----w C:\Program Files\PokerStars.NET
2008-09-10 19:01 --------- d-----w C:\Program Files\Movie Joiner
2008-09-09 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-08 02:49 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-04 04:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-03 21:30 --------- d-----w C:\Documents and Settings\Robert\Application Data\HP
2008-08-15 20:58 --------- d-----w C:\Documents and Settings\Robert\Application Data\TeamViewer
2008-08-14 07:13 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-11 21:04 --------- d-----w C:\Documents and Settings\Robert\Application Data\Windows Search
2008-08-06 01:01 --------- d-----w C:\Documents and Settings\Robert\Application Data\Leadertech
2008-08-06 00:50 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-08-06 00:50 --------- d-----w C:\Documents and Settings\Robert\Application Data\HotSync
2008-08-06 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\HotSync
2008-07-23 19:45 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-07-20 00:18 90,112 -c--a-w C:\WINDOWS\DUMP3ce9.tmp
2008-07-20 00:17 90,112 ----a-w C:\WINDOWS\DUMP3b92.tmp
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 20:02 43,332 ----a-w C:\WINDOWS\system32\FlashMenu.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((( snapshot_2008-09-28_23.21.25.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-11 06:28:34 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-01 18:18:11 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-11 06:28:35 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-01 18:18:11 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-11 06:28:34 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-01 18:18:11 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-09-11 06:28:35 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-01 18:18:11 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-09-11 06:28:35 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-01 18:18:11 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-11 06:28:35 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-01 18:18:11 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-09-11 06:28:35 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-01 18:18:11 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-11 06:28:35 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-01 18:18:11 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-11 06:28:35 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-01 18:18:11 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-11 06:28:35 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-01 18:18:11 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-11 06:28:35 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-01 18:18:11 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-11 06:28:34 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-01 18:18:11 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-06-05 16:42:31 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-09-30 19:24:02 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2001-07-14 21:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2003-08-14 14:10:54 37,376 ----a-w C:\WINDOWS\system\lfbmp12n.dll
+ 2003-08-14 14:10:56 313,856 ----a-w C:\WINDOWS\system\LFCMP12n.DLL
+ 2003-08-14 14:10:56 78,336 ----a-w C:\WINDOWS\system\lffax12n.dll
+ 2003-08-14 14:10:56 109,568 ----a-w C:\WINDOWS\system\lfjbg12n.dll
+ 2003-08-14 14:10:56 32,256 ----a-w C:\WINDOWS\system\lflmb12n.dll
+ 2003-08-14 14:10:58 33,280 ----a-w C:\WINDOWS\system\lfpcx12n.dll
+ 2003-08-14 14:10:58 190,464 ----a-w C:\WINDOWS\system\lftif12n.dll
+ 2003-08-14 14:11:24 278,528 ----a-w C:\WINDOWS\system\LTDIS12n.dll
+ 2003-08-14 14:11:28 146,944 ----a-w C:\WINDOWS\system\ltfil12n.DLL
+ 2003-08-14 14:11:32 406,016 ----a-w C:\WINDOWS\system\ltkrn12n.dll
+ 2003-08-14 14:11:40 855,040 ----a-w C:\WINDOWS\system\Ltwvc12n.dll
- 2008-07-23 12:23:05 1,566,992 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-03 05:01:51 1,576,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2000-07-15 10:00:00 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2004-02-23 04:00:00 119,808 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
- 2008-09-27 07:43:09 64,576 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-02 18:20:27 64,576 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-27 07:43:09 409,562 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-02 18:20:27 409,562 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-28 160592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 1498032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-05 949376]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 1957888]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
"CTHelper"="CTHELPER.EXE" [2008-02-20 C:\WINDOWS\system32\CtHelper.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-28 160592]

C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
NYKO Gamepad Mapping Tools.lnk - C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe [2008-06-10 417280]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-23 17:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Steam\\steamapps\\robmurk\\counter-strike\\hl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592]
R2 713xTVCard;SAA7131 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 277504]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-10-16 945920]
S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080]
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 4047]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [ ]
S3 WinRing0_1_1_1;WinRing0_1_1_1;C:\Documents and Settings\Robert\Desktop\RealTemp_2.70\WinRing0.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee35548-3293-11dd-b18c-806d6172696f}]
\Shell\AutoRun\command - H:\Autorun.exe root.ini

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d23e79-822b-11dd-903c-00508dbbd7be}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\w8inbml2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 14:17:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-03 14:17:58
ComboFix-quarantined-files.txt 2008-10-03 18:17:50
ComboFix2.txt 2008-09-29 03:21:38
ComboFix3.txt 2008-09-28 22:49:38
ComboFix4.txt 2008-09-28 22:42:49
ComboFix5.txt 2008-10-03 18:15:56

Pre-Run: 96,209,014,784 bytes free
Post-Run: 96,296,464,384 bytes free

320 --- E O F --- 2008-10-02 16:50:31

Edited by kraze98nyc, 03 October 2008 - 01:25 PM.


#7 kraze98nyc

kraze98nyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 03 October 2008 - 01:24 PM

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:53 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212641234379
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212641322864
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 13082 bytes

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 03 October 2008 - 09:13 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
H:\Autorun.exe 

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee35548-3293-11dd-b18c-806d6172696f}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image [img]


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 kraze98nyc

kraze98nyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 04 October 2008 - 02:39 AM

ComboFix 08-10-03.01 - Robert 2008-10-04 3:35:30.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2544 [GMT -4:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
H:\Autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt
C:\Documents and Settings\Robert\Cookies\robert@content.clickbank[2].txt
C:\Documents and Settings\Robert\Cookies\robert@insightexpressai[2].txt
C:\Documents and Settings\Robert\Cookies\robert@revsci[3].txt
C:\Documents and Settings\Robert\Cookies\robert@turn[1].txt

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-03 08:17 . 2008-10-03 08:17 <DIR> d-------- C:\rsit
2008-10-02 14:18 . 2008-10-02 14:18 <DIR> d-------- C:\Program Files\TI Education
2008-10-02 14:18 . 2008-10-02 14:18 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2008-10-02 14:18 . 2004-02-04 10:27 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2008-10-02 14:18 . 2004-01-28 15:03 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
2008-10-01 17:22 . 2008-10-01 17:23 <DIR> d-------- C:\Program Files\Winamp
2008-10-01 17:22 . 2008-10-01 17:38 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Winamp
2008-09-30 15:56 . 2008-09-30 15:56 <DIR> d-------- C:\Program Files\1st Mass Mailer
2008-09-30 15:35 . 2008-09-30 15:35 <DIR> d-------- C:\Program Files\Lencom Software Inc
2008-09-30 15:35 . 2008-09-30 15:35 <DIR> d-------- C:\Program Files\Common Files\LencomShare
2008-09-30 15:33 . 2008-09-30 15:33 <DIR> d-------- C:\Program Files\MSBuild
2008-09-30 15:04 . 2008-09-30 15:05 <DIR> d-------- C:\Program Files\Vuze
2008-09-30 14:05 . 2008-09-30 14:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-30 14:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-30 01:12 . 2008-09-30 01:12 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-09-30 01:12 . 2008-09-30 01:12 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-09-30 01:12 . 2008-09-30 01:12 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-09-28 21:19 . 2008-10-04 03:34 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\HPAppData
2008-09-28 21:13 . 2008-09-28 21:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-09-28 21:13 . 2008-09-28 21:13 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-28 20:49 . 2007-11-01 22:28 970,752 --a------ C:\WINDOWS\system32\hpotiop5.dll
2008-09-28 20:49 . 2007-11-01 22:28 729,088 --a------ C:\WINDOWS\system32\hpowiax5.dll
2008-09-28 20:49 . 2007-11-01 22:28 364,544 --a------ C:\WINDOWS\system32\hppldcoi.dll
2008-09-28 20:49 . 2007-11-01 22:28 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
2008-09-28 20:49 . 2007-11-01 22:28 303,104 --a------ C:\WINDOWS\system32\hpovst12.dll
2008-09-28 20:47 . 2008-09-28 21:19 164,949 --a------ C:\WINDOWS\hpoins21.dat
2008-09-28 20:47 . 2008-01-23 21:34 7,262 --------- C:\WINDOWS\hpomdl21.dat
2008-09-28 19:01 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 19:00 . 2008-09-30 15:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-28 17:43 . 2008-09-28 17:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 17:43 . 2008-09-28 17:43 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-09-28 17:43 . 2008-09-28 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 17:43 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 17:43 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 16:33 . 2008-09-28 16:33 <DIR> d-------- C:\VundoFix Backups
2008-09-28 16:24 . 2008-09-28 16:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-28 16:00 . 2008-09-28 16:01 <DIR> d-------- C:\Program Files\PokerStars
2008-09-28 14:55 . 2008-09-28 14:55 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-09-28 14:11 . 2008-09-28 14:51 <DIR> d-------- C:\Program Files\Uniblue
2008-09-28 14:11 . 2008-09-28 14:51 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Uniblue
2008-09-28 14:11 . 2008-09-28 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-28 04:36 . 2008-09-28 14:05 <DIR> d-------- C:\Program Files\IP Traffic Monitor
2008-09-28 03:27 . 2008-09-28 03:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-27 03:38 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-27 03:37 . 2008-04-13 14:31 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-27 03:36 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-27 03:35 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-27 03:33 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-09-27 03:32 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-09-27 01:48 . 2008-07-16 22:35 9,728 --a------ C:\WINDOWS\system32\RtNicProp32.dll
2008-09-27 01:47 . 2008-09-27 01:47 <DIR> d-------- C:\Program Files\Realtek
2008-09-27 01:47 . 2008-09-27 01:47 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\InstallShield
2008-09-24 16:36 . 2008-09-24 16:36 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\TuneUp Software
2008-09-22 02:31 . 2008-09-22 02:39 <DIR> d-------- C:\Program Files\Keyword Elite
2008-09-20 03:49 . 2008-09-26 00:10 138,280 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-20 03:49 . 2008-09-26 00:10 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-09-20 03:49 . 2008-09-20 03:49 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-19 03:46 . 2008-09-19 03:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-16 14:28 . 2008-09-16 14:28 <DIR> d-------- C:\Program Files\Palm Inc
2008-09-11 02:07 . 2008-09-11 02:07 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Arcsoft
2008-09-11 02:01 . 2008-09-11 02:00 16,694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-09-11 01:29 . 2008-09-11 01:29 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-09 14:54 . 2008-09-09 14:58 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Hamachi
2008-09-09 14:54 . 2008-09-09 14:54 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-05 23:30 . 2008-09-05 23:30 241,704 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 . 2008-09-05 23:29 917,032 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-04 00:08 . 2008-09-04 00:11 19,485 --a------ C:\WINDOWS\hpqins13.dat
2008-09-04 00:02 . 2008-09-04 00:02 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 07:33 --------- d-----w C:\Program Files\FlashGet
2008-10-04 02:40 --------- d-----w C:\Program Files\Steam
2008-10-03 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-03 18:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 18:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-01 02:06 --------- d-----w C:\Documents and Settings\Robert\Application Data\Azureus
2008-09-30 20:30 --------- d-----w C:\Program Files\QuickTime
2008-09-30 19:35 91,804 ----a-w C:\Program Files\Common Files\Engines.lnl
2008-09-30 19:33 --------- d-----w C:\Program Files\Microsoft Works
2008-09-30 19:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-30 18:05 --------- d-----w C:\Program Files\Java
2008-09-29 09:01 --------- d-----w C:\Documents and Settings\Robert\Application Data\FileZilla
2008-09-29 03:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-29 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-28 22:28 --------- d-----w C:\Program Files\Belkin Bulldog Plus
2008-09-28 07:34 --------- d-----w C:\Program Files\HP
2008-09-27 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-27 08:04 --------- d-----w C:\Program Files\Orb Networks
2008-09-27 07:22 --------- d-----w C:\Program Files\Azureus
2008-09-27 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 04:45 --------- d-----w C:\Program Files\OCCT
2008-09-27 04:44 --------- d-----w C:\Program Files\ShellExView
2008-09-27 04:44 --------- d-----w C:\Program Files\Camfrog
2008-09-23 00:44 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-09-21 04:00 --------- d-----w C:\Documents and Settings\Robert\Application Data\skypePM
2008-09-17 01:27 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-09-15 22:19 --------- d-----w C:\Program Files\palmOne
2008-09-11 05:05 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-09-10 19:04 --------- d-----w C:\Program Files\Windows Desktop Search
2008-09-10 19:01 --------- d-----w C:\Program Files\PokerStars.NET
2008-09-10 19:01 --------- d-----w C:\Program Files\Movie Joiner
2008-09-09 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-08 02:49 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-04 04:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-03 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-09-03 21:30 --------- d-----w C:\Documents and Settings\Robert\Application Data\HP
2008-09-03 21:28 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-09-03 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-03 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-09-03 20:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-03 20:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-09-03 20:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-08-15 20:58 --------- d-----w C:\Documents and Settings\Robert\Application Data\TeamViewer
2008-08-14 07:13 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-11 21:04 --------- d-----w C:\Documents and Settings\Robert\Application Data\Windows Search
2008-08-06 01:01 --------- d-----w C:\Documents and Settings\Robert\Application Data\Leadertech
2008-08-06 00:50 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-08-06 00:50 --------- d-----w C:\Documents and Settings\Robert\Application Data\HotSync
2008-08-06 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\HotSync
2008-07-23 19:45 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-07-20 00:18 90,112 -c--a-w C:\WINDOWS\DUMP3ce9.tmp
2008-07-20 00:17 90,112 ----a-w C:\WINDOWS\DUMP3b92.tmp
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 20:02 43,332 ----a-w C:\WINDOWS\system32\FlashMenu.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-28 160592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 1498032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-05 949376]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 1957888]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
"CTHelper"="CTHELPER.EXE" [2008-02-20 C:\WINDOWS\system32\CtHelper.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-28 160592]

C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
NYKO Gamepad Mapping Tools.lnk - C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe [2008-06-10 417280]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-23 17:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"C:\\Program Files\\Steam\\steamapps\\robmurk\\counter-strike\\hl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592]
R2 713xTVCard;SAA7131 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 277504]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-10-16 945920]
S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080]
S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 4047]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [ ]
S3 WinRing0_1_1_1;WinRing0_1_1_1;C:\Documents and Settings\Robert\Desktop\RealTemp_2.70\WinRing0.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d23e79-822b-11dd-903c-00508dbbd7be}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 03:37:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-04 3:37:34
ComboFix-quarantined-files.txt 2008-10-04 07:37:23
ComboFix2.txt 2008-10-03 18:17:58
ComboFix3.txt 2008-09-29 03:21:38
ComboFix4.txt 2008-09-28 22:49:38
ComboFix5.txt 2008-10-04 07:35:11

Pre-Run: 93,976,780,800 bytes free
Post-Run: 94,013,624,320 bytes free

252 --- E O F --- 2008-10-02 16:50:31


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:08 AM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212641234379
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212641322864
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 12754 bytes

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 04 October 2008 - 08:41 AM

Looks good how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kraze98nyc

kraze98nyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 04 October 2008 - 10:20 PM

Seems to be running great. What did you find?

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:46 AM

Posted 05 October 2008 - 11:17 AM

Nothing really just some remnants of a flash drive infection or (removable drive) infection.

Your log is clean.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
Also delete\uninstall anything that we used that is left over.
===========================================
The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users